Help me Please! Remnants of Trojan.0access

Thank you for taking a look.

I found this website a month back when I was searching for Trojan.0access since it came up in my MalwareBytes check. I thought I could do it myself so I followed the steps from this thread: http://forums.majorgeeks.com/showthread.php?t=262034

I also have Comodo antivirus, firewall enabled, which also detected Heur.Packed.Unknown@4294967295. After a prompt, I quarentied it using the antivirus, and begun following the steps in the above thread. RogueKiller did show up with something that looked like a rootkit, so did TDSKiller and others.

I naively thought that this is easy now, I will clean it myself, no need to bother someone. So I did the best I could and it seemed, no more pop-ups from Comodo and the scans were clean. However, it seems there are remnants of the rootkit still there.

I have lost links to a lot of programs/folders I used to keep in a folder on desktop. I can access the folder back by pulling back the privileges on my admin account, however I saved some to show you how it looks in case you need it. While changing some of permissions and owner properties, a user would quickly change its name and have access to the folder I couldn't access. I have attached pics of that as well.

My computer also would become slow randomly. I saw in Task Manager that my CPU was only using less than 10% even though my super fast laptop was crawling like a dinosaur. I cannot install some software and it gives me an error "Can not create temp folder archive."

The rootkit was found in the $recycle.bin folder. After a while (end of Dec), it showed up again on Comodo's 'on alert' virus check and is quarentied there again.

I re-ran all the tests again which are attached below, except for few like RogueKiller, which surprisingly does not create a report and the EULA is empty as well. This did not happen last time when I ran it. It shows up with one result in registry tab (Key type: HOSTS | Global: HKLM | Key: SYSTEM\CurrentControlSet\services\Tcpip\Parameters | Value: DataBasePath).

Malwarebytes ran fine and showed up with nothing. Tdsskiller also encountered a problem (cannot initialize log; cannot load driver), which did not happen before. It comes with nothing now and there is no log available.

Ok, so something is seriously wrong here now. HitmanPro starts and loads up, but 13% into the scan, I get the message HitmanPro has stopped working and windows creates a log file of the crash of program to be sent to microsoft. This keeps on happening. This did not happen a month ago.

I had to do "Now locate the GetLogs.bat file in the MGTools folder and right click on it and select Run As Administrator this should begin the scan process" since even MGTools did not run properly. I have attached the zip file as well

I do have all the old log files of the day I previously cleaned up, where the rootkit did show up if you need.

Please help. Thanks!

 

Please advice what steps I need to take in order to get those tests running now.

 

No problem! I greatly appreciate taking your time to help random individuals like me!

Puush is a fast and easy to share screen capture software. Better described here: http://lifehacker.com/5953142/puush...enshots-or-files-for-incredibly-quick-sharing

 

I cannot run it since it says the program only runs on 32bit systems (Mine is 64bit)

 

I am thinking something is definitely wrong.

There are lost shortcuts, folders I don't have access to anymore, privileges being messed up, some software that I cannot install. Somehow, 3 out of 5 tools do not seem to run anymore. It seems to me, either the rootkit was not removed, or something is left over.