Hello, I appreciate whatever help can be given. I am being harassed by malware that no amount of scans seems to get rid of.
I have attached the OTL file.
Here is the aswMBR file
Please let me know if anything else is needed.
Let me add that I’m sure more information will be needed. But I’ve spent quite a bit of time working with my computer and my brain hurts… as well as my eyes. 
I’m on my laptop at the moment, I’ve unhooked my desktop from network connection.
So when ever someone can get to it I will be very grateful. Hopefully I can get this problem resolved.
It looks like I’m not the only one with this problem. I’m not sure where it came from I wasn’t on any shady website. As long as I have internet access to my PC I’m continuously alerted to the same infections. Avast seems to be able to catch the infected files but I’m not sure what’s causing the continuous attacks in the first place.
Hi awesomemansikes, welcome to the forum.
To make cleaning this machine easier
[*]Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
[*]Please do not run any scans other than those requested
[*]Please follow all instructions in the order posted
[*]All logs/reports, etc… must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
[*]Do not attach any logs/reports, etc… unless specifically requested to do so.
[*]If you have problems with or do not understand the instructions, Please ask before continuing.
[*]Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
There are quite a few services missing. We’ll worry about them after we get this cleaned up a bit.
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
[*]Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. If after running combofix you recieve an message “Illegal operation attempted on a registery key that has been marked for deletion” or similar reboot the computer.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty [u]and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the combofix log.
Thanks
Ok I did as you said as best as I could. During the process it told me that it detected eset security running and to disable it but I no longer have that antivirus and have had avast for some time now. At any rate here is the log. Hopefully I’ve done everything as needed. 
Hi awesomemansikes,
BitTorrent
You have BitTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You’ll be doing yourself a favor by removing it.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun…protection.mspx
http://www.internetworldstats.com/articles…cles/art053.htm
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove this program, you can do so via [b]Control Panel >> Uninstall a program option under the Programs category.
If you wish to keep it, please do not use it until your computer is cleaned.
Please navigate to this folder C:\Qoobox. Locate this file, add-remove.txt and post it’s contents.
Please follow all previous instructions regarding security programs.
Open a new Notepad session
[*]Click the Start button, click run
[*]in the run box type notepad
[*]click ok
[*]In the notepad, Click “Format” and be certain that Word Wrap is not checked.
[*]Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
File::
C:\Users\Awesomeman\AppData\Local\{ad0f708b-9234-4251-f626-82a2d06aa3e3}\@
C:\Users\Awesomeman\AppData\Local\x0lf03t5uw0olr
C:\ProgramData\x0lf03t5uw0olr
Folder::
C:\Users\Awesomeman\AppData\Local\{ad0f708b-9234-4251-f626-82a2d06aa3e3}
In the notepad
[*]Click File, Save as…, and set the Save in to your Desktop
[*]In the filename box, type (including quotation marks) as the filename: “CFScript.txt”
[*]Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
Note: Do not mouseclick combofix’s window while it’s running. That may cause it to stall
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Please post back with
[]add-remove.txt
[]combofix log
How’s the computer now?
Alright here’s the files…
So far the computer seems fine. But not sure if the problem is gone. Either way thank you so much for the help.
Oh and I am aware of the risks of Bit torrent, thank you though. Too be honest I haven’t downloaded anything from it in a while and I believe I’m not uploading anything. I have thought about removing it as of late.
So do I have an all clear on my PC? I don’t want to do anything else until I have confirmation that you believe it’s ok. In case any other logs need to be made. Again thank you for the help.
Hi awesomemansikes,
This infection is known to corrupt some services. Let’s have a look.
Download
Farbar Recovery Scan Tool 64-Bit and save it to your desktop.
[*]double click on FSS to run it
[*]When the tool opens click Yes to disclaimer.
[*]Check all the boxes
[*]Press Scan button.
[*]A log will be produced on your desktop. Please copy and paste it to your reply.
Ok here’s the file.
My antivirus was on during the first scan, I wasn’t sure if I should have it turned off like before so this file is a scan done with the AV turned off.
Hi awesomemansikes,
You did fine. A bit more to do.
Your java is out of date. Click your start button > Control Panel
[*]Use the drop down menu beside view by and change it to small icons
[*]locate java (looks like a coffee cup)in the list and click on it
[*]when the java console opens click the update tab
[*]Click update now
Next, Double click on OTL.exe
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[*]Do Not copy the word CODE
[*]please note the fix starts with the :
:Services
:Files
ipconfig /flushdn /c
C:\Windows\Installer\{ad0f708b-9234-4251-f626-82a2d06aa3e3}\L
C:\Windows\Installer\{ad0f708b-9234-4251-f626-82a2d06aa3e3}\U
C:\Windows\Installer\{ad0f708b-9234-4251-f626-82a2d06aa3e3}
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
[*]Let the program run unhindered
[*]Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Please download Farbar Service Scanner and save it to your desktop.
[*]Check all the boxes and click scan
[*]Please copy and paste the log to your reply.
Pleas post back with the OTL log and the FSS log.
Thanks
There is no update tab in java. I have a General tab, Java tab, security, and advanced. I haven’t been able to locate an update tab.
Edit: I have a 64 bit operating system and apparently I needed to download the newer versions manually. I now have JRE 7 instead of six. I’ll wait to get an ok before I finish with the other steps you listed.
Hi awesomemansikes,
Uninstall this version of java if it’s still present the carry on with the rest. Java™ 6 Update 31
Here you go.
Hi awesomemansikes,
Please open Farbar Service Scanner.
In the search box copy and paste the following
BITS
[*]Click the Export Service button
Please post the log.
Here’s the log.
Hi awesomemansikes,
Next, Double click on OTL.exe
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[*]Do Not copy the word CODE
[*]please note the fix starts with the :
[*]to ensure you get it all click the [select]
:Services
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
"Library"="bitsperf.dll"
"Open"="PerfMon_Open"
"Collect"="PerfMon_Collect"
"Close"="PerfMon_Close"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"First Counter"=dword:00000774
"Last Counter"=dword:00000784
"First Help"=dword:00000775
"Last Help"=dword:00000785
"Object List"="1908"
"1008"=hex(b):bc,81,53,b3,1d,d9,cc,01
"PerfMMFileName"="Global\\MMF_BITS_s"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
"Security"=hex:01,00,14,90,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum]
"0"="Root\\LEGACY_BITS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
:Commands
[createrestorepoint]
[reboot]
Then click the Run Fix button at the top
[*]Let the program run unhindered
[*]Please save the resulting log to be posted in your next reply.
Please post the OTL fix log
Next OTL should have rebooted your computer after the above fix. If it didn’t please reboot the computer.
Click your start button and copy and paste the following into the search box and hit enter.
services.msc
[*]Locate Background Intelligent Transfer Service
[*]click on it
[*]in the left panel you should see “start the service”
[*]click the underlined blue start
Did the service start? If not what if any error message did you recieve?
The service was already started when I looked it up. Also after I ran the OTL fix and restarted there were to files on the desktop that were slightly transparent that were not there before. Both named desktop.ini, one of which is locked.