Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: !virus 2 ? and removal  (Read 6958 times)

0 Members and 1 Guest are viewing this topic.

The Sandman

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 7
    !virus 2 ? and removal
    « on: December 26, 2012, 12:04:09 PM »
    Hello,

    I'm on a netbook running Windows 7. My computer was basically completely unresponsive. I was directed to a page and have read through it. I want to post my logs from CCleaner, AdwCleaner, and Malwarebytes.

    - AdwCleaner

    # AdwCleaner v2.103 - Logfile created 12/26/2012 at 11:57:09
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Tace - IAHOME
    # Boot Mode : Normal
    # Running from : C:\Users\Tace\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : IBUpdaterService

    ***** [Files / Folders] *****

    File Found : C:\Windows\system32\conduitEngine.tmp
    Folder Found : C:\Program Files\Complitly
    Folder Found : C:\Program Files\Yontoo Layers Runtime
    Folder Found : C:\ProgramData\IBUpdaterService
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\Tace\AppData\Local\Conduit
    Folder Found : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
    Folder Found : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Found : C:\Users\Tace\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Tace\AppData\Roaming\Complitly
    Folder Found : C:\Users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\ConduitCommon
    Folder Found : C:\Users\Tace\AppData\Roaming\yourfiledownloader

    ***** [Registry] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\Ask&Record
    Key Found : HKCU\Software\Complitly
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\PIP
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
    Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
    Key Found : HKLM\Software\PIP
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKU\S-1-5-21-2157684311-2705143710-353330419-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\y3dcq5hn.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\prefs.js

    Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox/137e9f48667e78[...]
    Found : user_pref("extensions.toolbar.mindspark._64Members _.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\ian\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5367 octets] - [26/12/2012 11:57:09]

    ########## EOF - C:\AdwCleaner[R1].txt - [5427 octets] ##########


     - Malwarebytes

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.26.11

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Tace :: IAHOME [administrator]

    Protection: Enabled

    12/26/2012 12:33:52 PM
    mbam-log-2012-12-26 (12-33-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218790
    Time elapsed: 39 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\Users\Tace\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

    (end)

    - DDS

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_29
    Run by Tace at 13:39:59 on 2012-12-26
    Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1012.306 [GMT -5:00]
    .
    AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Launch Manager\LMutilps32.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Users\Tace\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\tace\appdata\roaming\complitly\Complitly.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "c:\users\tace\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SBRegRebootCleaner] "c:\program files\gfi software\vipre\SBRC.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: c:\users\tace\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tace\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\05560724F69737 : DHCPNameServer = 192.168.17.1
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\36963736F63726 : DHCPNameServer = 10.24.1.30 10.1.1.29 10.1.1.26
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\6516D6079627963616C625F63756 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\D6168796D6F647F627 : DHCPNameServer = 10.0.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\tace\appdata\roaming\mozilla\firefox\profiles\wrvm8laa.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox/137e9f48667e78c8|http://scholar.google.com/schhp?hl=en&as_sdt=0,34
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\tace\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\tace\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\tace\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 1faadb86-a2f3-43d0-bf95-9b915f9f9d04
    FF - user.js: extentions.y2layers.defaultEnableAppsLi st - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal,
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-3-24 19304]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-3-24 16744]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-3-24 62048]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 22856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    .
    =============== File Associations ===============
    .
    ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2012-12-26 17:26:39   --------   d-----w-   c:\users\tace\appdata\roaming\Malwarebytes
    2012-12-26 17:25:54   --------   d-----w-   c:\programdata\Malwarebytes
    2012-12-26 17:25:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-12-26 17:25:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2012-12-26 16:33:43   --------   d-----w-   c:\program files\CCleaner
    2012-12-13 19:30:28   5955856   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2012-12-12 12:07:03   2345984   ----a-w-   c:\windows\system32\win32k.sys
    2012-12-12 12:05:58   376832   ----a-w-   c:\windows\system32\dpnet.dll
    2012-12-12 12:05:55   295424   ----a-w-   c:\windows\system32\atmfd.dll
    2012-12-12 12:05:54   34304   ----a-w-   c:\windows\system32\atmlib.dll
    2012-12-12 12:05:44   2048   ----a-w-   c:\windows\system32\tzres.dll
    2012-12-06 03:57:00   96224   ----a-w-   c:\program files\mozilla firefox\webapprt-stub.exe
    2012-12-06 03:57:00   19424   ----a-w-   c:\program files\mozilla firefox\xpcom.dll
    2012-12-06 03:57:00   15112160   ----a-w-   c:\program files\mozilla firefox\xul.dll
    .
    ==================== Find3M  ====================
    .
    2012-12-12 07:00:37   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 07:00:37   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:09:22   1800704   ----a-w-   c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37   1129472   ----a-w-   c:\windows\system32\wininet.dll
    2012-11-14 01:49:25   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27   420864   ----a-w-   c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
    2012-10-16 07:39:52   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
    2012-10-09 17:40:31   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40:31   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
    2012-10-04 16:47:18   169984   ----a-w-   c:\windows\system32\winsrv.dll
    2012-10-04 16:43:05   293376   ----a-w-   c:\windows\system32\KernelBase.dll
    2012-10-04 14:57:58   271360   ----a-w-   c:\windows\system32\conhost.exe
    2012-10-04 14:41:50   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 16:58:30   1293680   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42:26   52224   ----a-w-   c:\windows\system32\nlaapi.dll
    2012-10-03 16:42:26   242176   ----a-w-   c:\windows\system32\nlasvc.dll
    2012-10-03 16:42:24   18944   ----a-w-   c:\windows\system32\netevent.dll
    2012-10-03 16:42:24   175104   ----a-w-   c:\windows\system32\netcorehc.dll
    2012-10-03 16:42:23   156672   ----a-w-   c:\windows\system32\ncsi.dll
    2012-10-03 16:40:35   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21:38   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
    .
    ============= FINISH: 13:43:10.16 ===============


    - Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/30/2011 10:32:29 PM
    System Uptime: 12/26/2012 1:19:23 PM (0 hours ago)
    .
    Motherboard: Acer |  | JE06_PT
    Processor: Intel(R) Atom(TM) CPU N455   @ 1.66GHz | CPU | 999/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 185.432 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP98: 11/3/2012 12:00:05 AM - Scheduled Checkpoint
    RP99: 11/16/2012 11:52:04 AM - Windows Update
    RP100: 11/24/2012 1:10:24 PM - Scheduled Checkpoint
    RP101: 11/29/2012 3:00:27 AM - Windows Update
    RP102: 12/6/2012 12:16:57 PM - Scheduled Checkpoint
    RP103: 12/13/2012 10:18:04 AM - Windows Update
    RP104: 12/16/2012 8:31:51 AM - Windows Update
    RP105: 12/21/2012 3:00:28 AM - Windows Update
    RP106: 12/25/2012 9:24:26 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Bejeweled 2 Deluxe
    CCleaner
    Chuzzle Deluxe
    Complitly
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dropbox
    Easy MP3 Alarm Clock 1.0
    eBay Worldwide
    FATE
    FileZilla Client 3.5.3
    Freez Screen Video Capture v1.2
    Galerie de photos Windows Live
    Google Talk Plugin
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 29
    Jewel Quest Heritage
    Jewel Quest Solitaire
    JoJo's Fashion Show
    Junk Mail filter update
    Launch Manager
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker 4
    MyWinLocker Suite
    Namco All-Stars: PAC-MAN
    newsXpresso
    NOOK for PC
    OpenOffice.org 3.3
    Penguins!
    PersonalBrain 6
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Quick Screen Capture 3.0
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Shredder
    Skip-Bo - Castaway Caper
    Skype Click to Call
    Skype™ 6.0
    Slingo Deluxe
    Switch Sound File Converter
    Synaptics Pointing Device Driver
    Torchlight
    Tradewinds Legends
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Updater Service
    VideoPad Video Editor
    ViewletBuilder2
    VIPRE Internet Security
    Virtual Villagers - The Secret City
    WavePad Sound Editor
    Wedding Dash
    Welcome Center
    WildTangent Games App (Acer Games)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yontoo Layers Runtime 1.10.01
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/26/2012 9:56:44 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
    12/26/2012 9:49:17 AM, Error: Service Control Manager [7000]  - The Updater Service service failed to start due to the following error:  The system cannot find the file specified.
    12/26/2012 9:45:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    12/26/2012 9:45:26 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/26/2012 9:45:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    12/26/2012 9:44:57 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/26/2012 9:41:45 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
    12/26/2012 9:40:35 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    12/26/2012 11:00:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    12/26/2012 11:00:44 AM, Error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/26/2012 10:49:38 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer ILIANA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{423B44B3-8190-471E-B856-5328E52D. The master browser is stopping or an election is being forced.
    12/26/2012 1:20:40 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/26/2012 1:20:40 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
    12/26/2012 1:20:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
    12/25/2012 9:21:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    12/25/2012 9:21:36 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/25/2012 9:21:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    12/25/2012 9:17:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Block Level Backup Engine Service service to connect.
    12/25/2012 9:17:59 PM, Error: Service Control Manager [7000]  - The Block Level Backup Engine Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/25/2012 9:17:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wbengine with arguments "" in order to run the server: {37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}
    12/25/2012 8:21:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    12/25/2012 8:04:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    12/25/2012 8:04:34 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/25/2012 8:03:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
    12/25/2012 8:03:48 PM, Error: Service Control Manager [7000]  - The Intel(R) Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    12/25/2012 8:01:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    .
    ==== End Of File ===========================

    Thank you

    The Sandman
    « Last Edit: December 26, 2012, 12:20:29 PM by The Sandman »

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 998
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: !virus 2 ? and removal
    « Reply #1 on: December 26, 2012, 12:27:51 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    ***************************************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    The Sandman

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows 7
      Re: !virus 2 ? and removal
      « Reply #2 on: December 26, 2012, 04:07:29 PM »
      Hi. Here is the result of Combofixit.txt:


      ComboFix 12-12-25.02 - Tace 12/26/2012  17:37:06.1.2 - x86
      Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1012.310 [GMT -5:00]
      Running from: c:\users\Tace\Desktop\ComboFix.exe
      AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
      FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
      SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      c:\users\Tace\AppData\Roaming\Microsoft\Windows\Recent\Already tagged.URL
      c:\users\Tace\Documents\~WRL0563.tmp
      c:\windows\wininit.ini
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-11-26 to 2012-12-26  )))))))))))))))))))))))))))))))
      .
      .
      2012-12-26 22:55 . 2012-12-26 22:55   --------   d-----w-   c:\users\ian\AppData\Local\temp
      2012-12-26 22:55 . 2012-12-26 22:56   --------   d-----w-   c:\users\Tace\AppData\Local\temp
      2012-12-26 22:55 . 2012-12-26 22:55   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2012-12-26 17:26 . 2012-12-26 17:26   --------   d-----w-   c:\users\Tace\AppData\Roaming\Malwarebytes
      2012-12-26 17:25 . 2012-12-26 17:25   --------   d-----w-   c:\programdata\Malwarebytes
      2012-12-26 17:25 . 2012-12-26 17:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2012-12-26 17:25 . 2012-09-30 00:54   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-12-26 16:33 . 2012-12-26 16:33   --------   d-----w-   c:\program files\CCleaner
      2012-12-13 01:34 . 2012-12-13 01:34   --------   d-----w-   c:\program files\Common Files\Skype
      2012-12-12 12:07 . 2012-11-22 02:56   2345984   ----a-w-   c:\windows\system32\win32k.sys
      2012-12-12 12:05 . 2012-11-02 05:11   376832   ----a-w-   c:\windows\system32\dpnet.dll
      2012-12-12 12:05 . 2012-11-05 20:32   295424   ----a-w-   c:\windows\system32\atmfd.dll
      2012-12-12 12:05 . 2012-11-05 20:32   34304   ----a-w-   c:\windows\system32\atmlib.dll
      2012-12-12 12:05 . 2012-11-09 04:42   2048   ----a-w-   c:\windows\system32\tzres.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-12-12 07:00 . 2012-05-07 21:39   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2012-12-12 07:00 . 2011-09-03 21:38   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-16 07:39 . 2012-11-28 16:08   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
      2012-10-09 17:40 . 2012-11-14 16:18   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
      2012-10-09 17:40 . 2012-11-14 16:18   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
      2012-10-03 16:58 . 2012-11-14 16:19   1293680   ----a-w-   c:\windows\system32\drivers\tcpip.sys
      2012-10-03 16:42 . 2012-11-14 16:19   242176   ----a-w-   c:\windows\system32\nlasvc.dll
      2012-10-03 16:42 . 2012-11-14 16:19   52224   ----a-w-   c:\windows\system32\nlaapi.dll
      2012-10-03 16:42 . 2012-11-14 16:19   175104   ----a-w-   c:\windows\system32\netcorehc.dll
      2012-10-03 16:42 . 2012-11-14 16:19   18944   ----a-w-   c:\windows\system32\netevent.dll
      2012-10-03 16:42 . 2012-11-14 16:19   156672   ----a-w-   c:\windows\system32\ncsi.dll
      2012-10-03 16:40 . 2012-11-14 16:19   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
      2012-10-03 15:21 . 2012-11-14 16:19   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
      2012-12-06 03:57 . 2012-12-06 03:56   262112   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
      "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
      "SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2011-12-19 3050352]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "SBRegRebootCleaner"="c:\program files\GFI Software\VIPRE\SBRC.exe" [2011-12-19 200560]
      "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-23 296096]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
      .
      c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\Tace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-3-24 704104]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
      path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
      backup=c:\windows\pss\Dropbox.lnk.Startup
      backupExtension=.Startup
      .
      [HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
      path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
      backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
      backupExtension=.Startup
      .
      [HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
      path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
      backup=c:\windows\pss\PersonalBrain.lnk.Startup
      backupExtension=.Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-07-27 20:51   919008   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
      2010-09-17 23:10   407920   ----a-w-   c:\program files\EgisTec IPS\PmmUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
      2010-09-17 23:10   201584   ----a-w-   c:\program files\EgisTec IPS\EgisUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2011-08-27 02:49   136176   ----atw-   c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
      2010-11-06 06:54   283160   ----a-w-   c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
      2011-03-14 11:44   1081424   ----a-w-   c:\program files\Launch Manager\LManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
      2011-02-11 06:06   10025576   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
      2012-11-09 16:27   17877168   ----a-r-   c:\program files\Skype\Phone\Skype.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
      2010-09-28 02:00   340336   ----a-w-   c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2011-06-09 18:06   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-09-23 13:46   296096   ----a-w-   c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe

      R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe

      R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe

      R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys

      R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys

      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

      S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys

      S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys

      S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys

      S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys

      S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys

      S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

      S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe

      S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe

      S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe

      S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

      S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe

      S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe

      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

      S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

      S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe

      S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe

      S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys

      S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe

      S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe

      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

      S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys

      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

      S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys

      S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys

      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

      S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe

      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 07:00]
      .
      2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000Core.job
      - c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
      .
      2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000UA.job
      - c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
      .
      2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001Core.job
      - c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
      .
      2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001UA.job
      - c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
      .
      2012-12-26 c:\windows\Tasks\ReclaimerUpdateFiles_Tace.job
      - c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
      .
      2012-12-26 c:\windows\Tasks\ReclaimerUpdateXML_Tace.job
      - c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
      .
      2012-12-26 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tace.job
      - c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com/
      mStart Page = hxxp://acer.msn.com
      TCP: DhcpNameServer = 192.168.1.254
      FF - ProfilePath - c:\users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-12-26  18:00:54
      ComboFix-quarantined-files.txt  2012-12-26 23:00
      .
      Pre-Run: 198,456,303,616 bytes free
      Post-Run: 198,272,761,856 bytes free
      .
      - - End Of File - - 07CF2F86FC746C1979506481EAF54836

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 998
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: !virus 2 ? and removal
      « Reply #3 on: December 26, 2012, 04:55:55 PM »
      Download Security Check by screen317 from one of the following links and save it to your desktop.

      Link 1
      Link 2

      * Double-click Security Check.bat
      * Follow the on-screen instructions inside of the black box.
      * A Notepad document should open automatically called checkup.txt
      * Post the contents of that document in your next reply.

      Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
      *****************************************************
      Please read here for more information about WildTangent. Your choice if you want to remove it or not.

      If you choose to follow my advice, please follow these instructions.

      Go to Start > Control Panel > Programs and Features and remove the following programs.

      WildTangent Web Driveror anything related to WildTangent.
      ****************************************************
      • Download RogueKiller on the desktop
      • Close all the running programs
      • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
      • Otherwise just double-click on RogueKiller.exe
      • Pre-scan will start. Let it finish.
      • Click on SCAN button.
      • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
      • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      The Sandman

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows 7
        Re: !virus 2 ? and removal
        « Reply #4 on: December 27, 2012, 09:00:08 AM »
        SuperDave,

        Here are the results from Security Check:

         Results of screen317's Security Check version 0.99.56 
         Windows 7 Service Pack 1 x86 (UAC is enabled) 
         Internet Explorer 9 
        ``````````````Antivirus/Firewall Check:``````````````[/u]
         Windows Firewall Disabled! 
        GFI Software VIPRE   
         Antivirus out of date! 
        `````````Anti-malware/Other Utilities Check:`````````[/u]
         Malwarebytes Anti-Malware version 1.65.1.1000 
         CCleaner     
         Java(TM) 6 Update 29 
         Java version out of Date!
         Adobe Flash Player    11.5.502.135 
         Adobe Reader 10.1.4 Adobe Reader out of Date! 
         Mozilla Firefox (17.0.1)
        ````````Process Check: objlist.exe by Laurent````````[/u] 
         Malwarebytes Anti-Malware mbamservice.exe 
         Malwarebytes Anti-Malware mbamgui.exe 
         Malwarebytes' Anti-Malware mbamscheduler.exe   
        `````````````````System Health check`````````````````[/u]
         Total Fragmentation on Drive C: 1%
        ````````````````````End of Log``````````````````````[/u]

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 998
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: !virus 2 ? and removal
        « Reply #5 on: December 27, 2012, 11:51:37 AM »
        The log show that your AV is out-of-date. Please update it asap. If the subscription has run out, let me know and I'll direct you to some AV's.

        Update Your Java (JRE)

        Old versions of Java have vulnerabilities that malware can use to infect your system.


        First Verify your Java Version

        If there are any other version(s) installed then update now.

        Get the new version (if needed)

        If your version is out of date install the newest version of the Sun Java Runtime Environment.

        Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

        Be sure to close ALL open web browsers before starting the installation.

        Remove any old versions

        1. Download JavaRa and unzip the file to your Desktop.
        2. Open JavaRA.exe and choose Remove Older Versions
        3. Once complete exit JavaRA.

        Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
        **************************************************
        Update your Adobe Reader. get.adobe.com/reader.

        Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

        **************************************************
        Please run RogueKiller and post the log.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        The Sandman

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 7
          Re: !virus 2 ? and removal
          « Reply #6 on: December 27, 2012, 04:57:06 PM »
          RogueKiller V8.4.1 [Dec 27 2012] by Tigzy
          mail : tigzyRK<at>gmail<dot>com
          Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
          Website : http://tigzy.geekstogo.com/roguekiller.php
          Blog : http://tigzyrk.blogspot.com/

          Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
          Started in : Normal mode
          User : Tace [Admin rights]
          Mode : Scan -- Date : 12/27/2012 19:10:50

          ¤¤¤ Bad processes : 0 ¤¤¤

          ¤¤¤ Registry Entries : 4 ¤¤¤
          [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
          [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
          [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

          ¤¤¤ Particular Files / Folders: ¤¤¤

          ¤¤¤ Driver : [LOADED] ¤¤¤

          ¤¤¤ HOSTS File: ¤¤¤
          --> C:\Windows\system32\drivers\etc\hosts

          127.0.0.1       localhost


          ¤¤¤ MBR Check: ¤¤¤

          +++++ PhysicalDrive0: ST9250315AS +++++
          --- User ---
          [MBR] 3fdd795d23cfcf1bb7239d7f79d1b03d
          [BSP] 7f1d49a317aba0b40eb23b83237e75e2 : Windows 7/8 MBR Code
          Partition table:
          0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
          1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
          2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
          User = LL1 ... OK!
          User = LL2 ... OK!

          Finished : << RKreport[1]_S_12272012_02d1910.txt >>
          RKreport[1]_S_12272012_02d1910.txt

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 998
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: !virus 2 ? and removal
          « Reply #7 on: December 28, 2012, 11:47:10 AM »
          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan
          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          The Sandman

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows 7
            Re: !virus 2 ? and removal
            « Reply #8 on: December 29, 2012, 05:35:24 PM »
            Here it is SuperDave:

            C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_10238\YontooLayers.crx   Win32/Adware.Yontoo.C application   deleted - quarantined
            C:\Users\Tace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\252635f6-27a0fb15   a variant of Java/Exploit.CVE-2011-3544.AW trojan   deleted - quarantined


            BTW, if it somehow makes your life easier, I updated my profile to show me as one rank up from beginner. Just FYI.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 998
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: !virus 2 ? and removal
            « Reply #9 on: December 30, 2012, 11:19:45 AM »
            Ok. If there are no other issues, we can do some cleanup.

            To uninstall ComboFix

            • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
            • In the field, type in ComboFix /uninstall


            (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

            • Then, press Enter, or click OK.
            • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
            ************************************************
            Click Start> Computer> right click the C Drive and choose Properties> enter
            Click Disk Cleanup from there.



            Click OK on the Disk Cleanup Screen.
            Click Yes on the Confirmation screen.



            This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
            ****************************************
            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
            Safe Surfing and Happy New Year!
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            The Sandman

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows 7
              Re: !virus 2 ? and removal
              « Reply #10 on: December 30, 2012, 08:48:03 PM »
              Hi SuperDave,

              I appreciate all of your help. I'll download all the progs you advise--already a bit familiar with Spybot.

              I still have CCleaner, adwcleaner, Malwarebytes, SecurityCheck, and RogueKiller on my computer. Should I keep them?

              I know this is your time, a valuable commodity in life, and clicking a button is only a tiny gesture. I'm very grateful there are people like you around.

              Happy new Baktun to you SuperDave. May you find good fortune 10x what you put out!

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 998
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: !virus 2 ? and removal
              « Reply #11 on: December 31, 2012, 04:08:46 PM »
              Quote
              I still have CCleaner, adwcleaner, Malwarebytes, SecurityCheck, and RogueKiller on my computer. Should I keep them?
              You may keep CCleaner, adwCleaner and MBAM. The rest can go. It has been a pleasure helping you out.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              The Sandman

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows 7
                Re: !virus 2 ? and removal
                « Reply #12 on: December 31, 2012, 08:23:36 PM »
                SuperDave,

                I can't find the Uninstaller for Roguekiller or Security Check. I have been in the start menu --> all programs, and see neither program, much less the uninstaller (?). I went to the Control Panel --> Remove Programs but I found neither program in there either. I went to C:/ Program Files and didn't find the programs in there either. I went online and found an uninstaller for SecurityCheck, but I don't know if I can trust it.

                Do you know what I'm doing wrong?

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 998
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: !virus 2 ? and removal
                « Reply #13 on: January 01, 2013, 12:30:13 PM »
                SuperDave,

                I can't find the Uninstaller for Roguekiller or Security Check. I have been in the start menu --> all programs, and see neither program, much less the uninstaller (?). I went to the Control Panel --> Remove Programs but I found neither program in there either. I went to C:/ Program Files and didn't find the programs in there either. I went online and found an uninstaller for SecurityCheck, but I don't know if I can trust it.

                Do you know what I'm doing wrong?
                Both programs are on your desktop. Just drag them into the recycling bin.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender