BitDefender found some evidence of a rootkit:
File not found: C:\WINDOWS\PRAGMApcvbyputob\PRAGMAd.sys
--> HKLM\System\ControlSet001\services\PRAGMApcvbyputob\"ImagePath"
The file might be there but hidden. PRAGMAd.sys is a known TDSS driver and rootkit. Download protection_center_exe_fix.reg and save it to your desktop:
http://www.malwarehe...ter_exe_fix.reg
Double click the downloaded “protection_center_exe_fix.reg”. You will see a dialogue box pop-up with a message similar to “Are you sure you want to add the information in trojan_fakerean_exe_fix.reg to the registry”. Click “Yes” to merge the registry data.
Let's see if Avenger will get the driver.
Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to replace with dummy:
C:\WINDOWS\PRAGMApcvbyputob\PRAGMAd.sys
Drivers to delete:
PRAGMAd
******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.
copy the next line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PRAGMAd.sys > \junk.txt
Now open a command window: Start, Run, cmd, OK
Right click and Paste or Edit, Paste then hit Enter.
dir /a /s pragma*.* >> \junk.txt
notepad \junk.txt
Copy and Paste the text from notepad.
Ron