Posts by jholland1964

Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
·Open Notepad and copy/paste the text in the below quote box into it.

KillAll::

File::

c:\windows\system32\inf
c:\windows\xccwinsys.ini
c:\windows\system32\xcchit32.ini
C:\475804924
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\8B4B73CBA4.sys
c:\windows\Tasks\mgjnjhuy.job

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=toydmj.dll ugnpwe.dll

·Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
·At this point, you MUST EXIT ALL BROWSERS NOW before continuing.
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
·Follow the prompts.
·When it finishes, a log will be produced named c:\combofix.txt
·Please post back here with that log and also a new HJT scan.

From reading other threads, I realize I ought to delete any TDSS files. My problem is when I go to search for files, I get the bue screen of death. I don't know what step to take now.

I managed to download combofix from the zip Cohen put up (thanks) but can't get it to run either.

Any help will be greatly appreciated - I need to get my comp working again asap!

You should never run combofix unless directed to do so.
So DON'T run it. unless I tell you to do so. Delete that copy you downloaded.
See if this lets you run MBA-M.
Right Click My Computer. Choose Properties. When System Properties opens click Hardware, Device Manager. Then in Device Manager click View, Show Hidden Devices.
When those show go to Non Plug and Play Drivers. Look for # ou should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
Now either try updating that MBA-M you all ready have or uninstall it and download a new copy.
Then run a Full System Scan with it and allow it to REMOVE everything found. Save the log.
Reboot.
Run HiJackThis again and save the log. Post back here with those logs.

If they are for your router then you can leave them and not fix them, that is why I asked.
Just fixed those others. See by your log that you are at or connected with I.U. I'm in Indiana also, daughter's are grads of Ball State and Purdue (with a teaching certification from I.U. K.)

Run HiJackThis again and this time place check marks to these entries:
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: TBSB05137 - {E632D7C7-20EC-4A06-8D6F-259838D16889} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{5D1BF3AF-E568-47DC-87FA-1D1F7DBBBD1E}\0\mrk's.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll

O4 - Startup: PowerReg Scheduler.exe
DID YOU PERSONALLY ADD THESE BELOW? IF NOT THEN THESE SHOULD BE FIXED ALSO
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS4\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
O17 - HKLM\System\CS5\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10

23 - Service: sp_rssrv - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Now I notice in your logs you have Spyware Terminator listed. This formerly was considered a rogue program, it has since been removed from that list. That does NOT mean it is considered to be a good program, just that is no longer on the list. I would Uninstall this program. You have several very good programs, Spybot, SuperANTISPYWARE and now Malwarebytes' Anti-Malware. This is more than enough.
Reboot the computer after you have uninstalled that program.
Run a new HJT scan and post the log.
Judy

Try this on the infected computer:
Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.
Then see if you can get online. If you can then do the following;
Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

If you cannot download to the infected computer then of course download to the computer you are using now, burn to a disk and then install that way on the infected computer.
Judy

Let's see a new HiJackThis scan.
Judy

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
* Windows will issue a prompt asking whether you wish to run the program, click Run

You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a …

Can you run a new HJT scan and post back with that log please?
Thanks! Judy

Few fixes remaining with HiJackThis but FIRST you must turn off the Spybot TeaTimer. This program interferes with any fixes attempted and really adds nothing to protect the program, obviously since your computer was infected even though this was running. SpyBot is an EXCELLENT scanner program but there is no need for TeaTimer.
To turn it off do this, open the program. Choose Mode at the top and choose Advanced Mode. Then click Tools at the bottom. When Tools opens click the second one down which is Resident. When Resident opens take the check mark OUT of TeaTimer. Close the program.
Next you absolutely MUST Uninstall that SpyNoMore program. Once you have done that then reboot the computer. When the computer has rebooted then run a new HJT scan and post that new log back here. I will then give the fixes which need to be done using HiJackThis.
Judy

Still not clean. You are going to have to do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore …

You have to be patient sometimes there is only one of us here...The last HJT log you posted is incomplete. The top part is missing, we always need to see the full log, including this part...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:44, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Can you run a NEW Full System scan and post that entire log for me?
Last night was a long night here.
Judy

These files should be copy/pasted into a reply not attached. Can you do that for us?
Thanks,
Judy

Look, that is exactly what you were supposed to get and see. That file isn't supposed to be there and you should have clicked Finish.
I guess just uninstall it and note that this thread is closed.
Since you don't wish to run any programs given to fix I honestly cannot offer anymore help.

Wondered if that would happen.
Download LSP-Fix
Follow the instructions given HERE on the running of the program.

You will need to run HiJackThis again and place check marks next to the following entries if they still show;
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
Once you have placed those check marks click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run a new HiJackThis scan, save the log and post back here.
By the way, that unknown file is no longer showing in the log so maybe it was a false showing, plus you know it isn't there anymore.
Judy

Ok, here is the info on the temp files Comodo is flagging and also those two files found in the combofix folder.
Those temp files WERE all created by combofix...why? Because it was blocked from creating the recovery console by either Comodo or SuperANTISPYWARE. Please note the first one had no .tmp after it, that is the original attempt to run, all the others were the next attempts. All the security programs were not turned off prior to the attempt to install the recovery console...which is part of combofix and therefore the program was attempting to run but could not because those security programs were not turned off prior to that time.
The two files you found in combofix, in strictly simple terms, were hidec which would have probably been the one used for the recovery console and the NirCmd is the command line utility used by combofix to run the program

Have no idea what they are except that they are temp files, delete them.
IF they were created by combofix then this means the program DID run. If it ran then there should have been a log.

I disabled the antivirus & firewall and tried to run combofix one more time but still no avail. I found the combofix folder, but there was no log in it.

You mean you downloaded combofix again and tried to run it or tried to run the program that didn't run before? Did you also disable SuperANTISPYWARE? That is also a security program which cannot be running when combofix is attempted. It will stop it every time. The instructions say

* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

What WAS in that combofix folder? Please delete it. I have asked you twice now to remove it. If Comodo found "something" in there it certainly wasn't a virus but it would have damaged the program by trying to remove the program. Comodo would have flagged the program because it doesn't have a digital signature, which most programs have. Combofix is safe but Comodo wouldn't know that. I say again, please remove combofix.
I will give you fixes to do with HJTand hope that the computer is clean.

Did you add this "stumble upon" to your Trusted sites?

I couldn't find the meqmk.dll, which may be good, but wasn't it attached to guard32?

guard32.dll is your Comodo Firewall. The other file is an unknown file and SHOULD NOT be there.

While askbar may be considered to be "legit" it is considered by many as foistware as it comes in with other things and you didn't "ask" for it. If you want to leave it...well that is up to you but it certainly isn't required or needed. Comodo is fine. But I DO need to see those other logs before making any other recommendations concerning items showing on your combofix log.

Quite a few suspect programs showing in your combo log. It is going to take me awhile to go through this and it is very late here...nearly 2 a.m.
You have several rogue anti-spy programs on the computer, Rapid Antivirus for one, SpyNoMore, which was listed on the rogue list and though it isn't on there anymore doesn't mean it is a good program either. If it is listed in Add/Remove then Uninstall it.
Also AskBar seems to have been added just this evening. It should be removed.

I need for you to update the MBA-M program. Then close all browsers and run a full system scan with it. Allow it to remove everything it finds and this time please save the entire log.
Reboot.
Then run a Full System scan with HiJackThis and save the log.
Post back here with both logs. I am going to go through your combofix log and after seeing both of those logs I will have some other fixes for you to do. Probably not until tomorrow though. Don't do anything else but the two items I have requested. Don't download any other programs or do a lot of surfing either. Don't download music or games if you do either. The less you do until the computer is clean the easier it will be to get this clean.
Judy

Disregard my previous post. The search found no meqkmk.dll! That's good, right?

What do you mean disregard? Do you mean there is NO combofix folder? Yes, it is good that file wasn't found but it is still showing in your HJT log so it will have to be fixed. Please look inside that combofix folder.
One reason you are supposed to turn off the antivirus programs and all other protection programs is that they will stop combofix from running. I think this may be what happened.

You were supposed to remove combofix. Why is it still on the machine? It should have been removed first.
Did you previously have this on the computer? Open the combofix folder and see if there is a log in there. That is where the log would be stored. If there is a "virus" in there and the program actually ran then it would be in quarantine in there and wouldn't harm anything. Please stop your scan, whatever scan it is, and look in that combofix folder. If there is a log please post it.

Yes, delete it. Did you totally close your browser, Comodo, SUPERAntiSpyware, Spybot when you tried to run it?
You really aren't supposed to copy/paste it but, as the instructions say, type it in, but that's ok.

Of course, it came with the Windows installation CD, but I can't find that either.

The installation CD IS the Recovery CD and is what you would have needed if there had been a problem with the use of combofix, I have never experienced that but that is not to say it couldn't happen.

Anyway,

Follow my instructions for uninstalling combofix.

I was having you run combofix to try to see if a specific file was actually still on the computer and it's location and then have it remove it. But you can do it manually.
You will have to begin with a file search for this file meqkmk.dll
Go to Start, Search, All Files and folders.
Be sure to choose the Advanced Search option and be sure that Search System Folders, Search Hidden Files and Folders and Search Sub folders are checked.
You will need to search in "C" drive.
I need to know the location of this file. You probably will have to remove it manually rather than use combofix and possibly edit the registry to remove it if it is on the computer.

Since you cannot run combofix you will have to uninstall it.
Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u
When shown the disclaimer, Select "2"

It is not IN combofix, combofix would have installed it on the computer. So you have no windows cd? Did you receive one with the computer? If not then the recovery partitions was very likely all ready installed on the machine.

No, I didn't receive a prompt.

Where did you get the recovery console to drag into combofix?

You should have received a prompt which told you that the recovery partition was installed, it would have taken a few minutes, and did you wish to continue scanning the computer and then you should have clicked the Yes button. Did you receive this prompt?

Also, I've read that ComboFix may cause problems if you don't know what you're doing (which is me in a nutshell). Is it safe for me to run it?

This is if you run it without instruction on your own. I would not have had you run it if I felt it would harm your computer but since you don't feel comfortable running it then don't.
There may be manual removal instructions available for this infection. I will have to look for those and get back with you. Just remove combofix.
I will have somebody else take a look here and see what they would recommend. Sorry I couldn't help you any further.
Judy

Don't, I repeat, DON'T use combofix until I say you should.
Judy

i just removed the application entirely so as not to fight with it on a computer i am only half-familiar with, sharing it with someone else on the job
so forget combofix
using hjt, are you able to notice anything that i'm not which may be causing this bizarre issue?
thanks for your assistance

No and without knowing what all has been removed I don't know.
Did you add all those trusted sites?

Nope, don't believe it is clean yet, do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop …

Here is the link that caperjack is referring to
http://www.daniweb.com/forums/thread134865.html
Also, please turn off the SpyBot TeaTimer as it can interfere with any fixes attempted. To do this open the program and go up to Mode. Choose Advanced. Then go to Tools and then choose Resident. When that opens take the check mark OUT of TeaTimer.
Close the program. Reboot the computer.
Begin the steps in the link above. Ignore the portion about Deckard Scanner, it isn't available anymore.
Do especially the MBA-M scan and be sure to have it remove everything found.
Reboot the computer after you run MBA-M
Then do the ESET Scanner and also have it remove everything found. The instructions in the link say not to do that but I would prefer than you do have it remove.
Save the logs for both programs. Then run a new HJT scan and save the log.
Post back here with all three logs.
Judy

parks911, you need to begin your own thread. Give it a slightly different title so we know we are dealing with a new poster and new computer. List you symptoms or something in your title. Then post you same post, leaving out the "I'm having the same problem" part of it. List everything else and I will be glad to assist you.
Judy

What did it remove? Was this a brand new copy of combofix?

i know they can compromise one another and exacerbate the dilemma, so please don't bother to tell me it is that

I won't but it could have.....
You say you ran combofix. This is NOT a tool that should be run without being told to do so as it is for very specific circumstances. Where is the log? If you ran it then in order to know what other steps to tell you to try I need to see the log, since I have no idea what was there BEFORE it was run and without a log I won't know what was there AFTER it was run.
Also TURN OFF Spybot TeaTimer, it will interfere with any fixes done. It isn't needed and shouldn't be running. Did you add all those listings to trusted sites? Where are you located and who is your ISP?

Honestly, no I am not confident the computer is clean. Can you reboot and then run a new HJT scan for me? There may be something else I would like you to do.
Judy

Yes, thank you VERY much. Things seem to be back to normal!! Looks like Mcafe isnt doing its job very well!

The infections on your computer were Trojans, an anti-virus program isn't equipped to look for and remove Trojans. It works on protection against viruses.
Keep the MBA-M program and scan with it at least weekly, be sure to update before each scan. For weekly scanning just use the Quick Scan, if it finds and removes something then use the Full Scan to be sure everything is gone.
You should set a new and now clean restore point by right clicking My Computer. Choose Properties. When System Properties opens click the System Restore Tab. Put a check mark into Turn Off System Restore. You probably will get an alert or warning that it is turning off, click ok or yes, whatever the correct answer is there. Then System Restore will turn off. Wait a moment and do the reverse, go in and take OUT that check mark and System Restore will turn back on.
If you feel everything is solved you can mark this thread Solved.
Judy

Before the ESET scan I did an Ad-aware scan. It found 10 infections that were something like ad trackers and such. I believe those are gone. I'm concerned that the viruses are spawning or letting in other viruses. Everytime I do a scan, it's clear. Then I do a scan later and there's always something. =(

Trackers are not viruses, they are tracking cookies. Make certain that your browser is set NOT to accept these. Do this by opening IE and going to Tools, Internet Options, Privacy, Advanced. Be sure there is a dot in Override Automatic Cookie Handling. A dot in Accept 1st Party Cookies and a dot in Block 3rd Party Cookies and a check mark in Allow Session Cookies. In Firefox in the Privacy Section make sure there is NO check mark in accept 3rd party cookies.
Part of the reason for this is you still have the two antivirus programs on the computer...ClamWin and the Comodo Security Suite.
You absolutely MUST UNINSTALL one of these.

Actually looks pretty good and appears that MBA-M and ESET removed quite a bit.
Have things improved?
I note your java program is out of date. Current version is Version 6 update 11. You should go HERE Download the Offline Install to the desktop. Once that is downloaded then go to Add/Remove and Uninstall ALL previous versions of Java showing there. Once the uninstalls have completed then go to that install file on the desktop and double click to install the newest version. When the install is complete go back to the Download page and on the Right side you will see Verify Now. Click that to go to the verification page where you can test and be certain that your install was successful.
Judy

Looks pretty good Paul. You need to run HiJackThis once more and place a check mark next to the following entries:
O2 - BHO: (no name) - {883C7130-71CC-4D92-953A-DCB8C8C98678} - C:\WINDOWS\system32\fccbCvSk.dll (file missing)
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

Once you have placed the check marks then click the Fix Checked Button.
Exit HJT.
Reboot the computer and run one more HJT scan and post the log.
Judy

Ok, here is what you need: download CodeStuff Starter
This program is free and a very easy way to control both Auto Starting Programs and Auto-Starting Services.
Once you get it installed and open the program you will see Three Tabs;
Startups (these are programs which auto start when you start the computer) Processes (this is the same as your Task Manager) and Services (these are the programs which start as services)
First Click on the Startups Tab.
Click All Sections right at the top on the left side. This will show all programs which auto start from different locations...users, current users, registry...etc. You will see all of yours.
Take the check marks out of the following listings:
These are ones you can ABSOLUTELY stop and are not needed at all to run at Start up and can all be run manually when needed.
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
igfxtray>>>Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets
igfxpers>>> Associated with the Common User Interface module for Intel graphics cards
Google Desktop Search>>>"a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed.
TkBellExe>>> Application Scheduler installed …

Try again also turning off the BitDefender Antiphishing Helper and see if you can get that Windows Malicious Software Tool.

Hi Paul, sorry we somehow missed your post.
Please try the following routine given in the MBA-M forum to see if you can get into this forum with the infected computer.

* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Then go to MBA-M, Update it. Then click the SCANNER tab and run a Full System and allow MBAM to fix anything found.
Then reboot again.
Then run a new HJT scan and save the log. Post back here with both logs.
Judy

The logs look good. I have several questions before I want to offer start up advice. I see several references to LeapFrog. I know these are kids video game players and several other type items...I have grandkids...but have not found anyplace where these are required to run at start up. Are these used very often? There are multiple listings for Leap Frog both in start ups and start up services.
I also note you say you use wireless internet. You have a start up for ModemOnHold which generally is used for dial up connections and wouldn't be needed unless you use dial up, the same goes for Digital Line Detect
You also have some definitely unnecessary start ups which you can stop and I will note those and tell you how to stop themafter I get your answers on these other questions. Disabling unnecessary start ups would certainly speed the boot time. I will also give you a link to a free program to control these.
Judy

Is there a virus still? I scanned with adaware and spybot too but I'm just makin sure thanks

Neither of those programs would remove a virus, they would only remove spyware/malware and adware.
What virus did you have and how was it removed? I don't see anything in the log indicating infection. Do turn off the Spybot TeaTimer portion of the program via Advanced Mode, Tools however, it DOES interfere with fixes which need to be done. Also disable that AdAware Service. It does nothing but run in the back ground.

First of all I don't see two anti-virus programs running BUT no matter, get rid of the second one now. This will actually lessen your protection not improve it. It is recommended that instead of installing two anti-virus programs on the same machine, which is a definite NO-NO for the reason stated above, that you use an online scanner in situations like this one.
AFTER uninstalling the second anti-virus program then do an online scan with ESET Online Scanner.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a new HJT full system scan. Save the log and post back here with both the ESET log and the HJT log.

Malwarebytes' should not be showing in the log. The computer evidently was not rebooted properly after running it.
From the looks of the HJT log I would say, no, the computer is not clean yet.
MBA-M must be run properly in order to work properly.
Please shut down the computer. Reboot. Update MBA-M and run another full system scan with it.
Be sure that everything is checked, and click Remove Selected.
Reboot the computer.
Scan again with HJT and save the log. Then post back here with the new MBA-M log and the new HJT log.
Also please turn off that uTorrent program until the computer is deemed clean. You shouldn't be doing "extra" things until the computer is clean.

Do you feel things are corrected and running better?

The files found by MBA-M are in your System Restore.
The HiJackThis scan was run while the computer was in safe mode. This will not give a clear picture. It must be run in Normal Mode. Was the MBA-M run in normal or safe mode? This program is designed to be run in Normal Mode and shouldn't be run in safe mode unless instructed to do so.
Please reboot to normal mode and run HJT again.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
When the computer reboots then run a new HJT scan and save that log. Post back here with the MBA-M log and the new HJT log.