Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Antivirus 7 Removal  (Read 5326 times)

0 Members and 1 Guest are viewing this topic.

artbuc

    Topic Starter


    Apprentice

    Antivirus 7 Removal
    « on: March 28, 2010, 08:20:42 AM »
    Yesterday I installed/ran Malwarebytes to remove AV7. Now I have completed the suggested steps and am posting the logs from SuperAntispyware, Malwarebytes and HijackThis. My computer seems to be working fine but I want to be sure AV7 is completely gone and confirm that everything else is ok. Thanks.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/28/2010 at 08:04 AM

    Application Version : 4.34.1000

    Core Rules Database Version : 4741
    Trace Rules Database Version: 2553

    Scan type       : Complete Scan
    Total Scan Time : 00:53:13

    Memory items scanned      : 466
    Memory threats detected   : 0
    Registry items scanned    : 5883
    Registry threats detected : 0
    File items scanned        : 62558
    File threats detected     : 27

    Adware.Tracking Cookie
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    Malwarebytes' Anti-Malware 1.44
    Database version: 3923
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    3/28/2010 9:59:00 AM
    mbam-log-2010-03-28 (09-59-00).txt

    Scan type: Quick Scan
    Objects scanned: 133655
    Time elapsed: 7 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:14:47 AM, on 3/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: hpzrcv01.LNK = ?
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

    --
    End of file - 10834 bytes

    artbuc

      Topic Starter


      Apprentice

      Re: Antivirus 7 Removal
      « Reply #1 on: March 30, 2010, 02:37:55 AM »
      Will someone please look at the logs I posted above and tell me if I need to do anything further? Thanks.

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 996
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Antivirus 7 Removal
      « Reply #2 on: March 30, 2010, 01:31:30 PM »
      Your log shows that you have two Anti-Virus programs running on your computer; Authentium and MicroSoft Security Essentials. One will have to go as this can cause all kinds of problems while your computer is running. I would suggest you keep MSE and uninstall Authentium.
      ====================================
      Please go to Jotti's malware scan
      (If more than one file needs scanned they must be done separately and logs posted for each one)

      * Copy the file path in the below Code box:

      Code: [Select]
      C:\WINDOWS\system32\dllhost.exe
      * At the upload site, click once inside the window next to Browse.
      * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      * Next click Submit file
      * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      * This will perform a scan across multiple different virus scanning engines.
      * Important: Wait for all of the scanning engines to complete.
      * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

      ==============================================

      Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

      Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

      Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

      Exit out of MessengerDisable then delete the two files that were put on the desktop.

      ====================================

      Open HijackThis and select Do a system scan only

      Place a check mark next to the following entries: (if there)

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
      O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)


      Important: Close all open windows except for HijackThis and then click Fix checked.

      Once completed, exit HijackThis.

      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      artbuc

        Topic Starter


        Apprentice

        Re: Antivirus 7 Removal
        « Reply #3 on: March 30, 2010, 03:53:41 PM »
        Thanks. I will follow your instructions but I am confused. Where the heck did Authentium come from? I only installed what was specified in the Computer Hope instructions: MS Essentials, Online Armor, SuperAntispyware and Malwarebytes.

        Here is the link to the Jotti scan:
        http://virusscan.jotti.org/en/scanresult/f9bce034f09be1b2e20512d77a427738df47ea6d/ddc60ba647
        c78f98a38206f9997a3bdb16642875

        I don't know if I did it right. When I clicked on Browse and tried to press Ctrl+V nothing happened so I just did a cut/paste to add the file path.

        PS I think Authentium on part of the Verizon FiOS security software. I deleted it.
        « Last Edit: March 31, 2010, 11:58:08 AM by SuperDave »

        artbuc

          Topic Starter


          Apprentice

          Re: Antivirus 7 Removal
          « Reply #4 on: March 30, 2010, 04:57:23 PM »
          One last question. I had to reboot to delete the Verizon Security Suite. When the PC came back I had a message from Online Armour asking me what I wanted to do about this file: 1HU1.tmp.exe Install Helper. I didn't know what to do so I allowed it. Should I delete this file? Thanks for all your help. You have been tremendous.

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 996
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Antivirus 7 Removal
          « Reply #5 on: March 31, 2010, 12:02:13 PM »
          Quote
          had to reboot to delete the Verizon Security Suite. When the PC came back I had a message from Online Armour asking me what I wanted to do about this file: 1HU1.tmp.exe Install Helper. I didn't know what to do so I allowed it. Should I delete this file? Thanks for all your help.
          You're welcome. Let's see if that file shows up in this scan.

          Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

          link # 1
          link #2

          Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

          Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

          Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

          Double-click combofix.exe and follow the prompts.
          When finished, ComboFix will produce a log for you.
          Post the ComboFix log and a new HijackThis log in your next reply.

          NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

          Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

          If you have problems with ComboFix usage, see How to use ComboFix
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender