Windows 7 Ultimate, Dell Laptop; possible "Reveton?" virus

[lace]

  Please help... Laptop dropped off for a fix. FBI logo with Moneypak on page at one point. Most times was getting a white screen after startup process. Could only get a windows screen using Safe Mode with prompt. Now able to get windows screen with a normal start, but there's no internet connection. Grrr...virus still in the laptop. I've loaded the 3 files, although I couldn't do an update with Malwarebytes due to no internet connection (297 days out of date). Thanks much! 

[recovering disk space, attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

[lace]

Junkware Removal Tool Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Owner on Mon 01/27/2014 at 14:07:07.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/27/2014 at 14:11:39.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti Root Kit stated nothing found:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Owner :: OWNER-PC [administrator]

1/27/2014 2:17:24 PM
mbar-log-2014-01-27 (14-17-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 188814
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[lace]

I know have internet access. Simple fix, just had to enable the wireless capability (DUH on my part). At this point, I've gone ahead and updated the Malwarebytes that was 297 days outdated. Would you want a new scan and log?

[SuperDave]

I've gone ahead and updated the Malwarebytes that was 297 days outdated. Would you want a new scan and log?

Yes please and run a full scan.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[lace]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Owner :: OWNER-PC [administrator]

Protection: Enabled

1/27/2014 7:35:54 PM
mbam-log-2014-01-27 (19-35-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444015
Time elapsed: 2 hour(s), 30 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{d6048231-c0ed-4b67-a7d5-30d179c96df6} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{92b232d2-8874-431b-84e0-f46dc617919e} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKCR\Interface\{dd6e92f9-5021-4cc3-9a74-826e338f8509} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6048231-C0ED-4B67-A7D5-30D179C96DF6} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6048231-C0ED-4B67-A7D5-30D179C96DF6} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6048231-C0ED-4B67-A7D5-30D179C96DF6} (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c77ebbf3-47b3-466a-9d0e-52b04abeae0b (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kppkjdpifiiogddjaebpigjoinegfcle (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Program Files\Buzz-it (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 44
C:\Users\Owner\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\4766504.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\Installer.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\nsv267D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\nsx7E3B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\RegClean10.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\nsl299A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\nsq21B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\nsqFEC0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Owner\Downloads\Setup.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\150.crx (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\01.db (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\150.dat (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\150.dll (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\150.xpi (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\Buzzitupdate.exe (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\Sqlite3.dll (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Program Files\Buzz-it\Uninstall.exe (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Buzz-it Update.job (PUP.Optional.BuzzIT.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

[lace]

EST scan still going...

[lace]

ESET Online Scanner
Scan results
No threats found.
  Scanned Files:        290064
  Infected Files:         0
  Cleaned Files:         0
  Total scan time:      07:08:28
  Scan status:           Finished
Select Uninstall if you want to remove all ESET Online Scanner files from your computer. The next time you run the ESET Online Scanner, they will need to be downloaded again.

[SuperDave]

How's your computer running now? Any other issues before we clean up?

[lace]

It seems great! No issues at all...Thanks! Ready for clean-up now.

[SuperDave]

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[lace]

Did and read all of the above  Is the lappy ready to go now?

[SuperDave]

Is the lappy ready to go now?

Yes, it should be good now.
I will lock this thread. If you need it re-opened, please send me a pm.