I have smart guard virus

[sara]

==================== Drives ================================

Drive c: () (Fixed) (Total:73.06 GB) (Free:21.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
Drive f: (ACTIVE BOOT) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 836187BC)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=73 GB) - (Type=07 NTFS)

 

[sara]

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 008EB1D8)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2014-01-23 12:53

==================== End Of Log ============================

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

 

[sara]

The virus will not let me open the file

 

[sara]

Oh you mean like I did with ferst folder

 

[TwinHeadedEagle]

You were able to open FRST and to scan. Now just copy this file to the same location as FRST, open FRST and click Fix. That is all...

 

[sara]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2014 03
Ran by SYSTEM at 2014-01-29 01:55:26 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

 

[sara]

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AS2014] - C:\ProgramData\pnDXXn37\pnDXXn37.exe [533520 2014-01-26] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\pnDXXn37\pnDXXn37.exe -sm,
C:\ProgramData\pnDXXn37
HKU\Esraa\...\RunOnce: [AS2014] - C:\ProgramData\pnDXXn37\pnDXXn37.exe [ 2014-01-26] ()
2014-01-27 14:27 - 2014-01-28 10:57 - 00001666 _____ C:\Users\Esraa\Desktop\Smart Guard Protection.lnk
2014-01-27 14:27 - 2014-01-28 10:57 - 00000112 _____ C:\Users\Esraa\Desktop\Smart Guard Protection support.url
2014-01-26 11:19 - 2014-01-27 15:28 - 00000000 ____D C:\ProgramData\pnDXXn37
C:\Users\Esraa\AppData\Local\Temp\Bit65B7.tmp.exe
C:\Users\Esraa\AppData\Local\Temp\Folder Lock Portable.exe
C:\Users\Esraa\AppData\Local\Temp\htmlayout.dll
C:\Users\Esraa\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\launcher.exe
C:\Users\Esraa\AppData\Local\Temp\siinst.exe
C:\Users\Esraa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Esraa\AppData\Local\Temp\strings.dll
C:\Users\Esraa\AppData\Local\Temp\{E246E0A0-570D-42C2-A28A-9FEABF96B089}-25.0.1364.97_24.0.1312.57_chrome_updater.exe
cmd: ipconfig /flushdns

*****************

 

[sara]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
C:\ProgramData\pnDXXn37 => Moved successfully.
HKU\Esraa\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AS2014 => Value deleted successfully.
C:\Users\Esraa\Desktop\Smart Guard Protection.lnk => Moved successfully.
C:\Users\Esraa\Desktop\Smart Guard Protection support.url => Moved successfully.
"C:\ProgramData\pnDXXn37" => File/Directory not found.
C:\Users\Esraa\AppData\Local\Temp\Bit65B7.tmp.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\Folder Lock Portable.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.

 

[sara]

C:\Users\Esraa\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\launcher.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\siinst.exe => Moved successfully.

 

[sara]

C:\Users\Esraa\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\strings.dll => Moved successfully.
C:\Users\Esraa\AppData\Local\Temp\{E246E0A0-570D-42C2-A28A-9FEABF96B089}-25.0.1364.97_24.0.1312.57_chrome_updater.exe => Moved successfully.

========= ipconfig /flushdns =========

 

[sara]

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


==== End of Fixlog ====

 

[sara]

I rebooted from the flash drive as shown in this site

 

[sara]

oh my god I can't believe that i'm using my laptop
thank you sooooooooooooo much
I really need it oh thank you thank you thank you thank you thank you thank you

 

[TwinHeadedEagle]

Good, can you now open FRST from normal Windows and attach both reports...

 

[sara]

OK done
but I can not delete the virus file

 

[sara]

sorry for the wrong files
I opened FRST and run scan
but I couldn't run fix

 

[TwinHeadedEagle]

System seems clean, is everything ok?

 

[sara]

I can not delete the virus file
I can not fined Simple programs like ( paint / Calculator etc..

 

[TwinHeadedEagle]

What file? What happens when you try to find paint?