!virus 2 ? and removal

[The Sandman]

Hello,

I'm on a netbook running Windows 7. My computer was basically completely unresponsive. I was directed to a page and have read through it. I want to post my logs from CCleaner, AdwCleaner, and Malwarebytes.

- AdwCleaner

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 11:57:09
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Tace - IAHOME
# Boot Mode : Normal
# Running from : C:\Users\Tace\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : IBUpdaterService

***** [Files / Folders] *****

File Found : C:\Windows\system32\conduitEngine.tmp
Folder Found : C:\Program Files\Complitly
Folder Found : C:\Program Files\Yontoo Layers Runtime
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Tace\AppData\Local\Conduit
Folder Found : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Found : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Tace\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tace\AppData\Roaming\Complitly
Folder Found : C:\Users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\ConduitCommon
Folder Found : C:\Users\Tace\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-2157684311-2705143710-353330419-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\y3dcq5hn.default\prefs.js

[OK] File is clean.

File : C:\Users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox/137e9f48667e78[...]
Found : user_pref("extensions.toolbar.mindspark._64Members _.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5367 octets] - [26/12/2012 11:57:09]

########## EOF - C:\AdwCleaner[R1].txt - [5427 octets] ##########


 - Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.26.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tace :: IAHOME [administrator]

Protection: Enabled

12/26/2012 12:33:52 PM
mbam-log-2012-12-26 (12-33-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218790
Time elapsed: 39 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Tace\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)

- DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_29
Run by Tace at 13:39:59 on 2012-12-26
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1012.306 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Users\Tace\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\tace\appdata\roaming\complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\tace\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SBRegRebootCleaner] "c:\program files\gfi software\vipre\SBRC.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\users\tace\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tace\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\05560724F69737 : DHCPNameServer = 192.168.17.1
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\36963736F63726 : DHCPNameServer = 10.24.1.30 10.1.1.29 10.1.1.26
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\6516D6079627963616C625F63756 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{423B44B3-8190-471E-B856-5328E52D0D70}\D6168796D6F647F627 : DHCPNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tace\appdata\roaming\mozilla\firefox\profiles\wrvm8laa.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox/137e9f48667e78c8|http://scholar.google.com/schhp?hl=en&as_sdt=0,34
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tace\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\tace\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tace\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 1faadb86-a2f3-43d0-bf95-9b915f9f9d04
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal,
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-3-24 19304]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-3-24 16744]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-3-24 62048]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 22856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2012-12-26 17:26:39   --------   d-----w-   c:\users\tace\appdata\roaming\Malwarebytes
2012-12-26 17:25:54   --------   d-----w-   c:\programdata\Malwarebytes
2012-12-26 17:25:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-26 17:25:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-12-26 16:33:43   --------   d-----w-   c:\program files\CCleaner
2012-12-13 19:30:28   5955856   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-12-12 12:07:03   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-12-12 12:05:58   376832   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-12 12:05:55   295424   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-12 12:05:54   34304   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-12 12:05:44   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-12-06 03:57:00   96224   ----a-w-   c:\program files\mozilla firefox\webapprt-stub.exe
2012-12-06 03:57:00   19424   ----a-w-   c:\program files\mozilla firefox\xpcom.dll
2012-12-06 03:57:00   15112160   ----a-w-   c:\program files\mozilla firefox\xul.dll
.
==================== Find3M  ====================
.
2012-12-12 07:00:37   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 07:00:37   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2012-11-14 01:58:15   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-11-14 01:49:25   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27   420864   ----a-w-   c:\windows\system32\vbscript.dll
2012-11-14 01:44:42   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-10-16 07:39:52   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18   169984   ----a-w-   c:\windows\system32\winsrv.dll
2012-10-04 16:43:05   293376   ----a-w-   c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58   271360   ----a-w-   c:\windows\system32\conhost.exe
2012-10-04 14:41:50   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30   1293680   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26   52224   ----a-w-   c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26   242176   ----a-w-   c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24   18944   ----a-w-   c:\windows\system32\netevent.dll
2012-10-03 16:42:24   175104   ----a-w-   c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23   156672   ----a-w-   c:\windows\system32\ncsi.dll
2012-10-03 16:40:35   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 13:43:10.16 ===============


- Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2011 10:32:29 PM
System Uptime: 12/26/2012 1:19:23 PM (0 hours ago)
.
Motherboard: Acer |  | JE06_PT
Processor: Intel(R) Atom(TM) CPU N455   @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 185.432 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP98: 11/3/2012 12:00:05 AM - Scheduled Checkpoint
RP99: 11/16/2012 11:52:04 AM - Windows Update
RP100: 11/24/2012 1:10:24 PM - Scheduled Checkpoint
RP101: 11/29/2012 3:00:27 AM - Windows Update
RP102: 12/6/2012 12:16:57 PM - Scheduled Checkpoint
RP103: 12/13/2012 10:18:04 AM - Windows Update
RP104: 12/16/2012 8:31:51 AM - Windows Update
RP105: 12/21/2012 3:00:28 AM - Windows Update
RP106: 12/25/2012 9:24:26 PM - Restore Operation
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Bejeweled 2 Deluxe
CCleaner
Chuzzle Deluxe
Complitly
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Diner Dash 2 Restaurant Rescue
Dropbox
Easy MP3 Alarm Clock 1.0
eBay Worldwide
FATE
FileZilla Client 3.5.3
Freez Screen Video Capture v1.2
Galerie de photos Windows Live
Google Talk Plugin
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest Heritage
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker 4
MyWinLocker Suite
Namco All-Stars: PAC-MAN
newsXpresso
NOOK for PC
OpenOffice.org 3.3
Penguins!
PersonalBrain 6
Plants vs. Zombies - Game of the Year
Polar Bowler
Quick Screen Capture 3.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Shredder
Skip-Bo - Castaway Caper
Skype Click to Call
Skype™ 6.0
Slingo Deluxe
Switch Sound File Converter
Synaptics Pointing Device Driver
Torchlight
Tradewinds Legends
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Updater Service
VideoPad Video Editor
ViewletBuilder2
VIPRE Internet Security
Virtual Villagers - The Secret City
WavePad Sound Editor
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yontoo Layers Runtime 1.10.01
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/26/2012 9:56:44 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
12/26/2012 9:49:17 AM, Error: Service Control Manager [7000]  - The Updater Service service failed to start due to the following error:  The system cannot find the file specified.
12/26/2012 9:45:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
12/26/2012 9:45:26 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/26/2012 9:45:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
12/26/2012 9:44:57 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/26/2012 9:41:45 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
12/26/2012 9:40:35 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/26/2012 11:00:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
12/26/2012 11:00:44 AM, Error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/26/2012 10:49:38 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer ILIANA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{423B44B3-8190-471E-B856-5328E52D. The master browser is stopping or an election is being forced.
12/26/2012 1:20:40 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/26/2012 1:20:40 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
12/26/2012 1:20:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
12/25/2012 9:21:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
12/25/2012 9:21:36 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/25/2012 9:21:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
12/25/2012 9:17:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Block Level Backup Engine Service service to connect.
12/25/2012 9:17:59 PM, Error: Service Control Manager [7000]  - The Block Level Backup Engine Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/25/2012 9:17:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wbengine with arguments "" in order to run the server: {37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}
12/25/2012 8:21:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/25/2012 8:04:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
12/25/2012 8:04:34 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/25/2012 8:03:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
12/25/2012 8:03:48 PM, Error: Service Control Manager [7000]  - The Intel(R) Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/25/2012 8:01:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================

Thank you

The Sandman

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

***************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[The Sandman]

Hi. Here is the result of Combofixit.txt:


ComboFix 12-12-25.02 - Tace 12/26/2012  17:37:06.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1012.310 [GMT -5:00]
Running from: c:\users\Tace\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: GFI Software VIPRE *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Tace\AppData\Roaming\Microsoft\Windows\Recent\Already tagged.URL
c:\users\Tace\Documents\~WRL0563.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-26 to 2012-12-26  )))))))))))))))))))))))))))))))
.
.
2012-12-26 22:55 . 2012-12-26 22:55   --------   d-----w-   c:\users\ian\AppData\Local\temp
2012-12-26 22:55 . 2012-12-26 22:56   --------   d-----w-   c:\users\Tace\AppData\Local\temp
2012-12-26 22:55 . 2012-12-26 22:55   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-26 17:26 . 2012-12-26 17:26   --------   d-----w-   c:\users\Tace\AppData\Roaming\Malwarebytes
2012-12-26 17:25 . 2012-12-26 17:25   --------   d-----w-   c:\programdata\Malwarebytes
2012-12-26 17:25 . 2012-12-26 17:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-12-26 17:25 . 2012-09-30 00:54   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-26 16:33 . 2012-12-26 16:33   --------   d-----w-   c:\program files\CCleaner
2012-12-13 01:34 . 2012-12-13 01:34   --------   d-----w-   c:\program files\Common Files\Skype
2012-12-12 12:07 . 2012-11-22 02:56   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-12-12 12:05 . 2012-11-02 05:11   376832   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-12 12:05 . 2012-11-05 20:32   295424   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-12 12:05 . 2012-11-05 20:32   34304   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-12 12:05 . 2012-11-09 04:42   2048   ----a-w-   c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:00 . 2012-05-07 21:39   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-12 07:00 . 2011-09-03 21:38   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 16:08   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 16:18   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 16:18   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-14 16:19   1293680   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 16:19   242176   ----a-w-   c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 16:19   52224   ----a-w-   c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 16:19   175104   ----a-w-   c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 16:19   18944   ----a-w-   c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 16:19   156672   ----a-w-   c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 16:19   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 16:19   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-12-06 03:57 . 2012-12-06 03:56   262112   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2011-12-19 3050352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SBRegRebootCleaner"="c:\program files\GFI Software\VIPRE\SBRC.exe" [2011-12-19 200560]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-23 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-3-24 704104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
backup=c:\windows\pss\PersonalBrain.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51   919008   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2010-09-17 23:10   407920   ----a-w-   c:\program files\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2010-09-17 23:10   201584   ----a-w-   c:\program files\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-27 02:49   136176   ----atw-   c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-11-06 06:54   283160   ----a-w-   c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-14 11:44   1081424   ----a-w-   c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-02-11 06:06   10025576   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 16:27   17877168   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-09-28 02:00   340336   ----a-w-   c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-23 13:46   296096   ----a-w-   c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe

R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe

S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe

S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys

S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys

S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe

.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 07:00]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000Core.job
- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000UA.job
- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001Core.job
- c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001UA.job
- c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
.
2012-12-26 c:\windows\Tasks\ReclaimerUpdateFiles_Tace.job
- c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
.
2012-12-26 c:\windows\Tasks\ReclaimerUpdateXML_Tace.job
- c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
.
2012-12-26 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tace.job
- c:\users\Tace\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://acer.msn.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26  18:00:54
ComboFix-quarantined-files.txt  2012-12-26 23:00
.
Pre-Run: 198,456,303,616 bytes free
Post-Run: 198,272,761,856 bytes free
.
- - End Of File - - 07CF2F86FC746C1979506481EAF54836

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Programs and Features and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
****************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[The Sandman]

SuperDave,

Here are the results from Security Check:

 Results of screen317's Security Check version 0.99.56 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
GFI Software VIPRE   
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.65.1.1000 
 CCleaner     
 Java(TM) 6 Update 29 
 Java version out of Date!
 Adobe Flash Player    11.5.502.135 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

The log show that your AV is out-of-date. Please update it asap. If the subscription has run out, let me know and I'll direct you to some AV's.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

**************************************************
Please run RogueKiller and post the log.

[The Sandman]

RogueKiller V8.4.1 [Dec 27 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tace [Admin rights]
Mode : Scan -- Date : 12/27/2012 19:10:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 3fdd795d23cfcf1bb7239d7f79d1b03d
[BSP] 7f1d49a317aba0b40eb23b83237e75e2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12272012_02d1910.txt >>
RKreport[1]_S_12272012_02d1910.txt

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[The Sandman]

Here it is SuperDave:

C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_10238\YontooLayers.crx   Win32/Adware.Yontoo.C application   deleted - quarantined
C:\Users\Tace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\252635f6-27a0fb15   a variant of Java/Exploit.CVE-2011-3544.AW trojan   deleted - quarantined


BTW, if it somehow makes your life easier, I updated my profile to show me as one rank up from beginner. Just FYI.

[SuperDave]

Ok. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing and Happy New Year!

[The Sandman]

Hi SuperDave,

I appreciate all of your help. I'll download all the progs you advise--already a bit familiar with Spybot.

I still have CCleaner, adwcleaner, Malwarebytes, SecurityCheck, and RogueKiller on my computer. Should I keep them?

I know this is your time, a valuable commodity in life, and clicking a button is only a tiny gesture. I'm very grateful there are people like you around.

Happy new Baktun to you SuperDave. May you find good fortune 10x what you put out!

[SuperDave]

I still have CCleaner, adwcleaner, Malwarebytes, SecurityCheck, and RogueKiller on my computer. Should I keep them?

You may keep CCleaner, adwCleaner and MBAM. The rest can go. It has been a pleasure helping you out.

[The Sandman]

SuperDave,

I can't find the Uninstaller for Roguekiller or Security Check. I have been in the start menu --> all programs, and see neither program, much less the uninstaller (?). I went to the Control Panel --> Remove Programs but I found neither program in there either. I went to C:/ Program Files and didn't find the programs in there either. I went online and found an uninstaller for SecurityCheck, but I don't know if I can trust it.

Do you know what I'm doing wrong?

[SuperDave]

SuperDave,

I can't find the Uninstaller for Roguekiller or Security Check. I have been in the start menu --> all programs, and see neither program, much less the uninstaller (?). I went to the Control Panel --> Remove Programs but I found neither program in there either. I went to C:/ Program Files and didn't find the programs in there either. I went online and found an uninstaller for SecurityCheck, but I don't know if I can trust it.

Do you know what I'm doing wrong?

Both programs are on your desktop. Just drag them into the recycling bin.