Smitfraud Is Ruining My Life

[Uptothehilt]

I installed Spybot a few months ago in order to fix some issues I've been having with my computer, and I thought that it was doing its job. However, I found that Smitfraud C Generic just wouldn't be removed, even when I tried to remove it as an administrator, nothing happened. I've been having so many redirection issues, improper shutdowns, etc, and I need help before my computer goes kaput.

Here's my log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Kittyface at 15:04:28 on 2012-07-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.592 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
C:\Windows\TEMP\0_2u_l.exe
C:\Windows\TEMP\0_3u_l.exe
C:\Windows\TEMP\azmsjrllndsbpr.exe
C:\Windows\system32\taskeng.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\ProgramData\GmBQcg3q.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\GmBQcg3q.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\TEMP\0_1u_l.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CodecC Class: {523f1dff-2417-4466-8329-91877ff40ef5} - C:\ProgramData\CodecC\bhoclass.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Azkiy] C:\Users\Kittyface\AppData\Roaming\Piuvbe\ilaqb.exe
uRunOnce: [SpybotDeletingB7069] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD9149] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce: [SpybotDeletingA761] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC2679] cmd.exe /c del "C:\Windows\svchost.exe_old"
dRun: [AMService] C:\Windows\TEMP\lzfbotyonkroojyvfr.exe
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kittyface\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\KITTYF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\L'OPEN~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\dplaysvr.lnk - C:\Users\Kittyface\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\035324430313936303839363 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\63A5949523 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\649676575696275646F602E45647 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{1516C063-D74F-4909-851F-5D5CDD82432E}\D4244514F575966496F534162703234383F524F687D2038383 : DhcpNameServer = 192.168.100.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CodecC Class: {523F1DFF-2417-4466-8329-91877FF40EF5} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~2\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce-x64: [SpybotDeletingA761] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC2679] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kittyface\AppData\Roaming\Mozilla\Firefox\Profiles\498s56h0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111002&q=
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-30 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AMService;AMService;C:\Windows\TEMP\0_2u_l.exe run --> C:\Windows\TEMP\0_2u_l.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy2\SDWinSec.exe [2012-4-20 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-22 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-07 19:04:33 86016 ----a-w- C:\ProgramData\GmBQcg3q.exe
2012-07-07 00:52:53 86016 ----a-w- C:\ProgramData\GmBQcg3q.exe_
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Reib
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Piuvbe
2012-07-07 00:52:46 -------- d-----w- C:\Users\Kittyface\AppData\Roaming\Izhif
2012-06-29 02:00:28 -------- d-----w- C:\Program Files (x86)\Audacity
2012-06-23 03:10:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-09 15:39:15 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6D85C7-F179-4706-A398-2219386DFF76}\mpengine.dll
.
==================== Find3M ====================
.
2012-06-23 03:10:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 15:07:06.25 ===============

If someone can help me I will have their baby.

[maxi]

Welcome to Safer Networking. I am maxi, and I will be helping you out with your malware problems.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Forum Rules.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• If you have any doubts or problems during the fix, please stop and ask.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

Note:
As I am currently still in training, everything that I post to you must be first checked by my teacher. This may add a tiny delay between replies so please be patient

Could you please post the attach.txt, You may have to run DDS again to get this if you have not saved it.

Regards maxi

[Uptothehilt]

Thanks for posting so quickly.
Here's the .txt file. I happened to save it.

[maxi]

Hi Uptothehilt

I'm sorry to tell you that I have bad news for you. You are infected with a Rootkit called Zeroaccess, this infection can prove difficult to remove. We can attempt to fix it but depending on how much damage has already been done, you may have no other choice other than to reformat.You can read more below.

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers until it is cleaned.
• Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
• From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

Regards maxi

[Uptothehilt]

Thanks Maxi,
I knew it wasn't going to be good news, but I was hoping for an easier fix than this.
I'm going to back up my files and do everything you suggested in regard to switching passwords.
I'd like to try and clean up the machine first before resorting to more drastic measures. If you could assist me with this I would greatly appreciate it.

[maxi]

Hi Uptothehilt,

Its 100% that your problems arose from not having an Antivirus program coupled with the fact that you are using P2P programs (Utorrent)

Create a System Restore Point

• Right-click on the Computer icon and select Properties.
• In the left pane under Tasks ... click on System protection.
  If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
• Select the System Protection tab ...then choose Create.
• In the System Restore dialog box, type a description for the restore point ... click Create, again.
  A window will pop up with "The Restore Point was created successfully" confirmation message.
• Click OK ...then close the System Restore dialog.

Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.


Step 1
No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.

• avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
• Microsoft Security Essentials - Free and provides real-time protection for your home PC.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Step 2
Remove P2P Programs

• I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  

  µTorrent

• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
• Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  
  
• Click on Start > All programs > Accessories > Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
• Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Step 3
Download and Run ComboFix

1. Please download ComboFix from the following link.
   
   Here
   
   
   **IMPORTANT !!! Save ComboFix.exe to your Desktop**
   
2. Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
3. Double click on ComboFix.exe and follow the prompts.
4. When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.

In your next reply please include
The ComboFix logfile.
Note down anything that avast flags and post in your next reply.
Any problems you had with my instructions.

Regards maxi

[Uptothehilt]

Thanks Maxi, I'll try doing that and let you know how it turns out.
I did actually have Avast installed previously, but it didn't seem to be very effective and I believe the virus occured while I had it.
It was most likely the Utorrent that caused the problem. The more pressing issue was that I needed to attend to the viruses and now I know exactly what to do.

[Uptothehilt]

Update: I tried running Combofix a couple of times but each trial only resulted in being blue screened.

[Uptothehilt]

I've now had an even more serious problem. All of my programs have disappeared. I backed up my important files so that's not a huge concern, but I can't seem to get the operating system to reset.

[maxi]

Hi Uptothehilt

Ok you need to slow down and not make any changes to your system until I ask you to.

Did you manage to create a Restore Point ?, Install an Antivirus ?, Remove Utorrent ?

Did you receive any errors from ComboFix or from the Bluescreen ? How far did it get ? Was a log produced ? If it was produced it would be located at C:\ComboFix.txt

I've now had an even more serious problem. All of my programs have disappeared. I backed up my important files so that's not a huge concern, but I can't seem to get the operating system to reset.

When did this happen ? What was going on at the time ? Is it the same user account you were using before ? Are the programs missing from the "start menu" or Control Panels installed programs list.

What do you mean by "system to reset" ?


Step 1
Please download Unhide.exe and save it to your Desktop.

• Right-click on the Unhide.exe and select " Run as administrator " to run it.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.
• Please note that this will unhide files that are purposely hidden.
• When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.

Step 2
Please download and run the following program, install it and run it. Then try to run Combofix straight after its finished.

• Please download RogueKiller by Tigzy and save it to your desktop.
• Allow the download if prompted by your security software and please close all your programs.
• Right click on RogueKiller.exe and select " Run as administrator " to run it.
• If it does not run, please try a few times.
• Wait for PreScan to finish, then click on Scan.
• Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
• Please copy and paste the contents of that log in your next reply.

If Combofix still does not run you can try to run it from Safemode: Here's how

Boot into Safe Mode
Reboot your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe mode.
6. Login on your usual account.
7. Then try to run ComboFix again.

In your next reply please include:
The Unhide.exe log.
The Roguekiller log.
The ComboFix log.
The Answer to my questions.
A detailed list of any errors you receive.

Regards maxi