HELP PLEASE BEFORE IS TOO LATE/RAN COMBOFIX DON'T KNOW WHAT TO DO

Hi all,

I had a trojan 3 weeks ago, avast detected it, but don’t know whether it removed/quarantined or what.

I have messed my security settings, took over C drive ownership few months back. now I have lots of repeated folders under my C drive like, local settings, my doc, my pictures, my music, my videos and, as I try open them gives me access denied.

These are old folders I don’t use, where the laptop had different pc name, different user name, different password.

I had 3 factory restores via F8, and have no external back up. Laptop use 3 years - homepremium win 7 - sony vaio nw26m.

I ran ComboFix but have no idea on what to do next. I have deleted some registry keys as I felt Google chrome was infected. then re-downloaded chrome, after deleting all keys for chrome. and deleted some keys under HKLM & HKeyusers from 3rd party software.

I read that kanji_1.uce is harmful and found it located under C , so I deleted that too.

I also have a QOOBOX folder under C drive which contains the ComboFix files and quarantined items. I had to run ComboFix twice as the first time it downloaded to download folder. it should have downloaded to desktop. and then re-ran it. I also, have 2 files on desktop named - Desktop.ini, same file listed under Users. Also, under Users appeared some old accounts named - Users- All Users-Default User. All these folders give me denied access, I kept them on Recycle bin.

I think my permissions have also messed up the laptop, together with the Trojan I had, or still have somewhere.
HERE’S THE LOG FROM COMBO FIX
ComboFix 15-04-19.01 - ROSHNI 23/04/2015 1:17.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3935.2257 [GMT 1:00]
Running from: c:\users\ROSHNI\Desktop\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus Disabled {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus Disabled/Updated {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-03-23 to 2015-04-23 )))))))))))))))))))))))))))))))
.
.
2015-04-23 00:27 . 2015-04-23 00:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-23 00:27 . 2015-04-23 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-21 22:42 . 2015-04-21 22:43 264846772 ----a-w- C:\registrybackupapriltwentieth.reg
2015-04-21 22:28 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{34EA1EA9-9529-4440-ADA8-9FDAB2E252A9}\mpengine.dll
2015-04-21 13:33 . 2015-04-21 13:43 -------- d-----w- c:\users\ROSHNI\AppData\Local\Google
2015-04-21 13:33 . 2015-04-21 13:33 -------- d-----w- c:\program files (x86)\Google
2015-04-21 00:34 . 2015-04-21 00:34 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2015-04-21 00:34 . 2015-04-21 00:34 -------- d-----w- c:\programdata\Free Download Manager
2015-04-16 02:38 . 2015-04-16 02:38 -------- d-s—w- c:\windows\system32\CompatTel
2015-04-16 02:38 . 2015-04-16 02:38 -------- d-----w- c:\windows\system32\appraiser
2015-04-15 15:36 . 2015-03-25 03:24 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 15:30 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-15 15:30 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-15 15:30 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-15 15:30 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-15 15:30 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-15 15:30 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-15 15:30 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-15 15:30 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-15 15:01 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 15:01 . 2015-03-05 04:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-04-15 14:54 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 14:49 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 14:49 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 14:49 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-10 17:41 . 2015-04-10 17:41 -------- d-----w- c:\program files (x86)\WinPcap
2015-04-05 22:58 . 2015-04-05 22:59 260181148 ----a-w- C:\registrybackupapril15.reg
2015-04-05 01:52 . 2015-04-05 01:52 -------- d-----w- C:\Downloads
2015-04-05 01:38 . 2015-04-21 01:35 -------- d-----w- c:\users\ROSHNI\AppData\Roaming\Free Download Manager
2015-04-05 01:38 . 2015-04-05 01:38 -------- d-----w- c:\users\ROSHNI\AppData\Roaming\FreeDownloadManager.ORG
2015-04-05 01:37 . 2015-04-05 01:37 -------- d-----w- c:\program files (x86)\Free Download Manager
2015-04-05 01:09 . 2015-04-05 01:09 -------- d-s—w- c:\windows\SysWow64\GWX
2015-04-05 01:09 . 2015-04-05 01:09 -------- d-s—w- c:\windows\system32\GWX
2015-04-05 00:59 . 2015-04-05 01:00 -------- d-----w- c:\programdata\Package Cache
2015-04-04 22:45 . 2015-04-04 22:45 -------- d-sh–w- c:\users\Guest\AppData\Local\EmieUserList
2015-04-04 22:45 . 2015-04-04 22:45 -------- d-sh–w- c:\users\Guest\AppData\Local\EmieSiteList
2015-04-04 22:45 . 2015-04-04 22:45 -------- d-sh–w- c:\users\Guest\AppData\Local\EmieBrowserModeList
2015-04-04 22:32 . 2015-04-04 22:32 -------- d-----w- c:\users\Guest\AppData\Local\Apple Computer
2015-04-04 22:32 . 2015-04-04 22:35 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2015-04-03 01:17 . 2015-04-04 22:34 -------- d-----w- c:\program files (x86)\iTunes
2015-04-03 01:17 . 2015-04-03 01:17 -------- d-----w- c:\program files\iPod
2015-04-03 01:17 . 2015-04-03 01:17 -------- d-----w- c:\program files\iTunes
2015-03-30 18:12 . 2015-04-16 21:15 -------- d-----w- c:\users\ROSHNI\AppData\Local\ElevatedDiagnostics
2015-03-29 23:25 . 2015-03-29 23:25 -------- d-----w- C:\SPLASH.SYS
2015-03-24 02:06 . 2015-03-24 02:06 -------- d-----w- c:\users\ROSHNI\AppData\Local\Programs
2015-03-24 01:32 . 2015-03-24 01:34 -------- d-----w- C:\Jumpshot
2015-03-24 01:22 . 2015-03-26 17:13 -------- d-----w- c:\windows\jumpshot.com
2015-03-24 01:14 . 2015-03-24 01:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-24 00:57 . 2015-03-24 00:57 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-24 00:57 . 2015-03-24 00:57 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 13:02 . 2014-04-17 02:45 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-04-21 13:02 . 2014-04-17 02:45 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-04-21 13:02 . 2014-04-24 02:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-04-18 14:45 . 2014-04-24 02:17 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-04-18 14:43 . 2014-04-24 02:17 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-04-17 15:43 . 2014-04-17 02:45 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-04-16 02:05 . 2014-11-24 02:03 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-03-24 01:13 . 2014-08-16 15:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-24 00:57 . 2014-05-13 23:27 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-24 00:57 . 2014-04-14 01:27 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-24 00:57 . 2014-04-14 01:27 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-24 00:57 . 2014-04-14 01:27 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-24 00:57 . 2014-04-14 01:27 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-24 00:57 . 2014-04-14 01:27 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-24 00:57 . 2014-04-14 01:27 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-24 00:57 . 2014-04-14 01:27 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-24 00:01 . 2014-10-01 10:50 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-24 00:01 . 2014-10-01 10:50 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 04:56 . 2015-04-15 14:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-27 13:59 . 2015-02-27 13:59 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-02-27 13:58 . 2015-02-27 13:58 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-02-27 13:58 . 2015-02-27 13:58 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-02-27 13:58 . 2015-02-27 13:58 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-02-27 13:58 . 2015-02-27 13:58 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-02-27 13:58 . 2015-02-27 13:58 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-02-27 13:58 . 2015-02-27 13:58 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-02-27 13:58 . 2015-02-27 13:58 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-02-27 13:58 . 2015-02-27 13:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-02-27 13:58 . 2015-02-27 13:58 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-02-27 13:58 . 2015-02-27 13:58 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-02-27 13:58 . 2015-02-27 13:58 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-02-27 13:58 . 2015-02-27 13:58 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-02-27 13:58 . 2015-02-27 13:58 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-02-27 13:58 . 2015-02-27 13:58 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-02-27 13:58 . 2015-02-27 13:58 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-02-27 13:58 . 2015-02-27 13:58 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-02-27 13:58 . 2015-02-27 13:58 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-02-27 13:58 . 2015-02-27 13:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-02-27 13:58 . 2015-02-27 13:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-02-27 13:58 . 2015-02-27 13:58 247808 ----a-w- c:\windows\system32\msls31.dll
2015-02-27 13:58 . 2015-02-27 13:58 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-02-27 13:58 . 2015-02-27 13:58 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-02-27 13:58 . 2015-02-27 13:58 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-02-27 13:58 . 2015-02-27 13:58 81408 ----a-w- c:\windows\system32\icardie.dll
2015-02-27 13:58 . 2015-02-27 13:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-02-27 13:58 . 2015-02-27 13:58 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-02-27 13:58 . 2015-02-27 13:58 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-02-27 13:58 . 2015-02-27 13:58 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-02-27 13:58 . 2015-02-27 13:58 235520 ----a-w- c:\windows\system32\url.dll
2015-02-27 13:58 . 2015-02-27 13:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-02-27 13:58 . 2015-02-27 13:58 143872 ----a-w- c:\windows\system32\wextract.exe
2015-02-27 13:58 . 2015-02-27 13:58 101376 ----a-w- c:\windows\system32\inseng.dll
2015-02-27 13:58 . 2015-02-27 13:58 774144 ----a-w- c:\windows\system32\jscript.dll
2015-02-27 13:58 . 2015-02-27 13:58 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-02-27 13:58 . 2015-02-27 13:58 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-02-27 13:58 . 2015-02-27 13:58 147968 ----a-w- c:\windows\system32\occache.dll
2015-02-27 13:58 . 2015-02-27 13:58 13824 ----a-w- c:\windows\system32\mshta.exe
2015-02-27 13:58 . 2015-02-27 13:58 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-02-27 13:44 . 2015-02-27 13:44 9728 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 9728 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 5632 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 5632 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-02-27 13:44 . 2015-02-27 13:44 4096 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 4096 —ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-02-27 13:44 . 2015-02-27 13:44 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-02-27 13:44 . 2015-02-27 13:44 3584 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 3584 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 3072 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 3072 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 2560 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 2560 —ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-02-27 13:44 . 2015-02-27 13:44 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-02-27 13:44 . 2015-02-27 13:44 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-02-27 13:44 . 2015-02-27 13:44 10752 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 10752 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-27 13:44 . 2015-02-27 13:44 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-02-27 13:44 . 2015-02-27 13:44 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-02-27 13:44 . 2015-02-27 13:44 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-02-27 13:44 . 2015-02-27 13:44 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-02-27 13:44 . 2015-02-27 13:44 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-02-27 13:44 . 2015-02-27 13:44 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-02-27 13:44 . 2015-02-27 13:44 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-02-27 13:44 . 2015-02-27 13:44 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-02-27 13:44 . 2015-02-27 13:44 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-02-27 13:44 . 2015-02-27 13:44 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-02-27 13:44 . 2015-02-27 13:44 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-02-27 13:44 . 2015-02-27 13:44 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-02-27 13:44 . 2015-02-27 13:44 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-02-27 13:44 . 2015-02-27 13:44 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-02-27 13:44 . 2015-02-27 13:44 1175552 ----a-w- c:\windows\system32\FntCache.dll
2015-02-26 03:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-02-26 03:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-02-26 03:25 . 2015-03-11 16:22 3204096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ROSHNI\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ROSHNI\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ROSHNI\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RocketDock”=“c:\program files (x86)\RocketDock\RocketDock.exe” [2007-09-02 495616]
“GoogleChromeAutoLaunch_4C3BB2366B1390516BD41322EAC3CAFB”=“c:\program files (x86)\Google\Chrome\Application\chrome.exe” [2015-04-13 866120]
“iCloudServices”=“c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe” [2014-08-07 43816]

Thank you in advance for your time, it is very much appreciated. The log is incomplete as it was not allowing me to post it full
rosh19

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach requested logs, not copy and paste

Hi pondus

Is it safe to run those tools at the stage I am in? I have combofix on my laptop and all I know Now is that I should have not used it unless instructed. What do I do with the logs and folders from combofix? Before downloading anything I need help with what to do with this open tool which have created viruses files like zip.exe / PEG.Exe/ sep.exe/ on my c drive and a folder with quarentined items -qoobox folder. Downloading malware bytes failed can’t download anything it starts but won’t continue

Thanks

Is it safe to run those tools at the stage I am in?
yes ....

in the guide i gave, scroll down to Farbar Recovery Scan Tool (second picture in the guide) run as instructed and attach the two diagnostic logs

when done a trained and certified removal expert will assist you

Leave everything as it is and run an FRST scan. Do not use any other programmes or cleaners unless I ask you to

What was the infection you had that need combofix ? As the log showed clean

Hi Essesexboy,

here is the logs.

I have used OTcleanit to get rid of combofix and Qoobox. however the Qoobox gave me a lot of hassle. I had to take permissions, and try to delete it, no success, then ownership, and changed ownership again to administrator, and at some point allowed me to delete it.

I don’t know what infection it was but, it was related to TROJAN, as I connected a USB key 3 weeks ago, immediately AVAST gave me a HIGH alert saying TROJAN detected, I took the usb straight out of my laptop, and have not used again. But I do need to clean it, and don’t know how. I also, deleted those files I mentioned on previous post, which were on c drive. as all of them I googled and were viruses, and not signed, modified the night before - date- after the time I had run combofix.

I am having great difficulty getting the letters on the screen below, right, when I click on play to listen to the letters, it doesn’t work.

thank you

OK lets try to repair this, I give no guarantees

Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop

https://dl.dropboxusercontent.com/u/73555776/waioprescan.JPG

Next select step 3 and run chkdsk
Next select step 4 and run system file checker
Next select Step 5 and back up the registry

https://dl.dropboxusercontent.com/u/73555776/waioregback.JPG

Open the Repairs tab

https://dl.dropboxusercontent.com/u/73555776/waioopenrep.JPG

Select the following repair numbers :

1 to 5, 10, 13, 15, 23, 26 and 27

Set the system to reboot on completion
The press Start Repairs

https://dl.dropboxusercontent.com/u/73555776/waiorepair.JPG

Hi Essexboy,

Just a couple of questions before I start :

  1. what are the risks of not going as you expect? I mean the worse case scenario? laptop becoming unbootable ?permanently?

  2. Fix/repair what? what exactly are we repairing here? is the virus still somewhere? or there may be remnants, we are trying to detect & clean?

  3. I know that right now, laptop is working very very slow, but is still working, and I have no cash to buy any repair, hardware piece or any other alternative. So, How CRUCIAL is this repair? What are the errors you have noticed on the logs I have sent you?

  4. Of course I want to find out what is wrong, if any files are missing etc. But at what cost are we going to attempt that? If it does go wrong, will F8 option to factory default still work? I have had 3 restores that way since I bought the laptop (new), in 3yrs. And I am the only user.

Guest is active though, but not being used; same regarding the HIDDEN BUILTIN Admin that I activated for troubleshooting, once only, still appears as active, when I log on.

Though I have had other accounts, now deleted, and another partition also deleted, and another Laptop Name, not is use. I don’t remember other passwords, and names previously used. Half way the repair If I am asked old information I won’t remember it.

Please could you kindly help me with the above, I am concerned when you say “no guarantees”? I have paid £500.00 for this machine and I have always used it carefully. It is not used for games or any other indecent activities. I use it as a Educational Tool only, and it is very precious to me.

Also, am I to DISABLE ALL AVAST SHIELDS, ONLINE SCANNER - WHICH ADDED ITSELF TO CHROME, WITHOUT ME ASKING FOR IT? And Malware tools like FRST and aswMBR - are they meant to stay as they are: on my desktop , whilst attempting repair?

The link Pondus sent me, also said if we have used a USB key then we should run MCShield. I have downloaded it, but have not dared to install it, or place the infected key on my laptop. I am scared to do that. I know there’s a Trojan virus there.

Please get back to me asap. Thank you so much for your help.

19rosh

Hi essexboy,

I just went to the Tweaking.com site, to check the forums there and see how good is this tool. The first one I read, says:

I installed this because I was trying to fix that my computer wouldn’t update and well now I don’t need updates at all because I don’t have a system anymore. I was told that by doing a disc check through this program it could fix my problem so I made a restore point and went ahead and did so, (note my computer is genuine and since the day I bought it from Acer its only been restored once and before this I only had a problem with my updates) I restarted my computer so the disc check commenced! 1 hour later… 3 hours later… 5 hours later… I can’t do this anymore I’m just watching my laptop constantly restart and do another disc check so on the fifth hour I pressed a button to cancel it and log in.
Oh whats this? My computer is asking me to reactivate windows with my pretty desktop now black with “windows vista ™ build 6002 this copy of windows is not genuine” so I try to activate it and it won’t let me so I exit out and it says something about my desktop missing or its been moved ( no longer have the error as I ran a shadow copy repairthrough this program) and I have no permissions to do anything.

I don’t think I want to read any more about this tool. I know that there is files missing. I can’t just run something, on my laptop, after so many tools I have already downloaded, and deleted. Like spybot, FRST, Combofix, Unlocker beta, MCShield, OTCleanit, I have deleted Eset Online scanner too. Deleted some Greatis folder from my registry, I found to be from a virus. Also, my email account, are full of adds from financial companies.

Migwiz folder from registry is also deleted. But is on my C drive, cause I read is virus, but then I read it could be legit.

I have taken OWNERSHIP OF MY C DRIVE FEW MONTHS BACK, cause windows update has given me enough headaches a year ago, that I completely switched OFF Windows Updates for over 10 months. And had no more Headaches. Since this USB , which I HAD to use in a PC in a Net Café, I am having to download all sorts of things I am not trained on. Which makes me very VERY UNCONFORTABLE.

I hope you understand my concerns, sorry for the long messages. Please advise and reply to my previous questions on previous post.

thank you ever so much. Just one more thing I remembered: AVAST added itself to chrome today, but last week I had it added on Chrome, I uninstalled Chrome & all keys from registry, cause I noted that registry keys related to google , were much too much , together with some “click…whatever whatever” so I uninstalled Google completely, and re-downloaded it, after deleting all Google folders under all users. Now AVast WAS NOT MEANT TO CONTROL AND CHECK AND BLOCK ALL EMAIL TRAFIC TOO? HOW CAN I HAVE SO MANY ADDS FROM FINANCIAL COMPANIES? Is my identity compromised?

19rosh

Essexboy is in bed now, check back tomorrow

I would like to address something first. When you ran Combofix without supervision, you potentially just wrecked your entire system, to a point of needing to use the F8 menu to restart.

sUBS, the creator and Owner of Combofix specifically says NOT to use it, unless directed by an Expert. You, do not qualify as one…

Read his Article Here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Hit Ctrl + F4 and Type “Disclaimer”

  1. Essexboy, is a certified malware Teacher/Instructor. You are receiving quite possibly the best Help readily available on the Internet. If you look at the CF (Combofix) download link from BleepComputer (I’m assuming, this is where you got it from.), and you scroll ALL the way own. In the listed forums to help decode that Log is GeekstoGo, you can find Essex’s profile there.

Essex’s G2G Profile: http://www.geekstogo.com/forum/user/177837-essexboy/

1 Last Thing. And, by no means of what I’m about to say being offensive, I’m getting the spinoff you are not extremely “Tech savvy” here. Why are you messing with your Registry? You might as well be murdering your computer. Are you aware of the dangers of modifying your registry are?

[b]Isn't it dangerous to do anything with the Registry?[/b]

Because it is involved in everything, damage to the Registry can stop a PC from functioning. For that reason Microsoft has gone out of its way to make the Registry mysterious and fearsome sounding. It is reasonable that Microsoft does not want to have to deal with service calls from ignorant people who have tried to edit the Registry but I think the constant warnings about the Registry that you see everywhere on the Internet are overdone.

Sourced: http://www.techsupportalert.com/content/what-everybody-should-know-about-windows-registry.htm

Now, I would advise, politely you stick with Essexboy. Essexboy has helped 100’s if not Thousand’s, and that includes me.

Hi Michael & Pondus,

1.I am sorry but it looks like you have missed some of the information I have posted: On my first reply to Pontus I said

“I have combofix on my laptop and all I know Now is that I should have not used it unless instructed”

to address your comment where you say "the creator and Owner of Combofix specifically says NOT to use it, unless directed by an Expert. You, do not qualify as one…" Have you never made a mistake in your life?.. we are humans, we make mistakes, then we learn and get on with it. Hopefully, never to do the same again.

  1. Again, I am not a tech and that’s why I am here. And I really appreciate the assistance I get. If by expressing my concerns made you upset, I am sorry. I am just trying to get this solved as quickly as I can, as I need the machine working. And the person assisting us cannot be available 24/7.

3.Regarding the REGISTRY, I did read before touching the registry, as this machine IS VERY PRECIOUS to me.

And I WILL CONTINUE TO DO SO as long as I feel it is safe, and I know what I am doing. The only keys and subkeys I deleted was from 3rd party software, and/ or company names which are related to softwares I have installed. Again, ONLY from HKCurrent User and Local Machine, located under software, nothing else.

  1. Finally, regarding “you potentially just wrecked your entire system” I have ran a sfc scannow/ which is clean & a chk dsk to both C & R drives, which show no bad sectors. So, it looks like I have not “wrecked” anything.

PONTUS - I am fully aware that Essexboy is now having sweet dreams, hopefully. As you must know, we all have different time schedules, and different available times/shifts. So, this the time I have to post, today, at least.

I am sorry if my comments have upset anyone, that was definitely not my intention. And if it did, I hereby apologize.

I truly appreciate all the help I can get. Now for Essexboy, when you wake up from your sweet dreams, planet earth calls you. :slight_smile:

Hope everyone has a good night sleep. 19rosh and may God bless you.

Windows all in one is installed on my system. I never use a tool without trying it out first on my computer :).

I have messed my security settings, took over C drive ownership few months back. now I have lots of repeated folders under my C drive like, local settings, my doc, my pictures, my music, my videos and, as I try open them gives me access denied.

What I am asking the tool to do is reset registry and file permissions to default
Reset system services to default
Resetting various network connection data to default

This is done by a series of vbs/batch files that invoke various MS repair routines
Now I could tell you exactly what commands to run but, it would take me about 12 hours to type out and the same amount of time for you to follow them through
Like any tool it will do what you tell it and if you give it the wrong instructions it will do it and break the system

At the end of the day the choice is yours, the worst case scenario would be to reset to factory settings

Hi Essexboy,

Thank you for replying to my questions. I appreciate it.

I have some things to do right now. I will try it a bit later, around 4pm. and post then.

Thank you for getting back.

19Rosh

Hi essexboy

ok I am going to start the first steps. and post back before Repair option.do I leave avast on or off? win defender? on or off?
Firewall on or off?

19rosh

OK do not rush it , just let it happen

Once done and the system has rebooted let me know how it is

could reply to my questions please? FW on or off? win defender on or off? and avast on or off? before turning the laptop off, and then on safe mode w/networking.

thanks
19rosh

It will make no difference as they are legitimate windows commands

I just now managed to start. It has done step one. Problems found with reparse points and environmental variables with path common files/roxio shared/10.0/dllshared/
It says that under program files 86 file does not exist.

Default parse points missing

C:\users\roshni\my documents (target point documents)

C:\users\roshni\printhood from path roaming\app data\microsoft\windows\network shortcuts

Same as above for folders - netwood ; recent ; send to ; start menu ; templates.

Now it’s giving me option to repair. Do I proceed with this repair for reparse FIRST THEN repair environment variables? Or it won’t be able to repair? If is missing, then is it going to download or what?

19rosh

Hi essexboy

You are not online and I can’t leave the laptop in this point till you come back. Cause I don’t even know if you are getting back online shortly.

I will shut of and come out of the program. When it is a good time for you let me know.

I didn’t realise there are much more missing folders/ default user/app data from local/ app data /local history/ cookies/ temporary internet folder/ etc.

Cause it is obvious I will have questions as I go along the steps.

19rosh