Need help with cleaning and/or infection.


Recommended Posts

These are the results of my last scan of Malwarebytes....

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.16.09

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

guerajasso :: GUERAJASSO-PC [administrator]

5/16/2013 2:28:54 PM

mbam-log-2013-05-16 (14-28-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228380

Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

It states the scan was completed successfully. No malicious items detected.

I am going to run a scan disk and then a defrag, then I will await your response tomorrow morning. Thank you so much for your help so far. ; )

Link to post
Share on other sites
  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

guera, hold off on the run of scan disk & defrag until we are threw please !!! Sometimes it can make things more difficult !! That's why i posted in the first post

So Do Not Remove anything or run any tools/programs until advised to do so !

Ok, lets continue with the cleaning. There is a bunch in the OTL log we need to remove but first run this scan for me !!

Please download adwcleaner by Xplode onto your desktop..

* Double click on AdwCleaner.exe to run the tool.

* Click on Search.

* A logfile will automatically open after the scan has finished.

* Please post the contents of that logfile with your next reply.

* You can find the logfile at C:\AdwCleaner[R1].txt as well.

Post that log before we deal with OTL junk to remove !!

Thanks

Chuck

Link to post
Share on other sites

guera, hold off on the run of scan disk & defrag until we are threw please !!! Sometimes it can make things more difficult !! That's why i posted in the first post

So Do Not Remove anything or run any tools/programs until advised to do so !

Ok, lets continue with the cleaning. There is a bunch in the OTL log we need to remove but first run this scan for me !!

Please download adwcleaner by Xplode onto your desktop..

* Double click on AdwCleaner.exe to run the tool.

* Click on Search.

* A logfile will automatically open after the scan has finished.

* Please post the contents of that logfile with your next reply.

* You can find the logfile at C:\AdwCleaner[R1].txt as well.

Post that log before we deal with OTL junk to remove !!

Thanks

Chuck

I'm sorry. I did not receive this last night. I will now run this latest scan as requested.

Link to post
Share on other sites

Here are the results of the latest scan....

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 07:46:33

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (64 bits)

# User : guerajasso - GUERAJASSO-PC

# Boot Mode : Normal

# Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic

Folder Found : C:\Program Files (x86)\ImTranslator_Pro

Folder Found : C:\ProgramData\ParetoLogic

Folder Found : C:\Users\guerajasso\AppData\Local\APN

Folder Found : C:\Users\guerajasso\AppData\Local\PackageAware

Folder Found : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro

Folder Found : C:\Users\guerajasso\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ImTranslator_Pro

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\Software\GamesBarSetup

Key Found : HKLM\Software\ImTranslator_Pro

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8599 octets] - [17/05/2013 07:46:33]

########## EOF - C:\AdwCleaner[R1].txt - [8659 octets] ##########

Link to post
Share on other sites

Ok, lets get rid of those found before we get to OTL fix !! I be right back !!

Chuck

DO YOU USE THIS >> Folder Found : C:\Program Files (x86)\ImTranslator_Pro <<<< AdwCleaner says get rid of it and it knows what needs to go !!!

Link to post
Share on other sites

DO YOU USE THIS >> Folder Found : C:\Program Files (x86)\ImTranslator_Pro <<<< AdwCleaner wants to get rid of it, i agree unless you want to keep it !!!

Link to post
Share on other sites

DO YOU USE THIS >> Folder Found : C:\Program Files (x86)\ImTranslator_Pro <<<< AdwCleaner wants to get rid of it, i agree unless you want to keep it !!!

No. I haven't used it for a long time. About 3 years. It can go.

Link to post
Share on other sites

guera, anything we remove can always be re-downloaded if you ever need them !!

Run this again please & make sure you click "DELETE" this time !!

AdwCleaner

* Close all open programs and internet browsers.

* Double click on adwcleaner.exe to run the tool.

* Click on Delete.

* Confirm each time with Ok.

* You will be prompted to restart your computer. A text file will open after the restart.

* Please post the contents of that logfile with your next reply.

* You can find the logfile at C:\AdwCleaner[s1].txt as well.

Post log please !

Thanks

Chuck

Link to post
Share on other sites

guera, anything we remove can always be re-downloaded if you ever need them !!

Run this again please & make sure you click "DELETE" this time !!

AdwCleaner

* Close all open programs and internet browsers.

* Double click on adwcleaner.exe to run the tool.

* Click on Delete.

* Confirm each time with Ok.

* You will be prompted to restart your computer. A text file will open after the restart.

* Please post the contents of that logfile with your next reply.

* You can find the logfile at C:\AdwCleaner[s1].txt as well.

Post log please !

Thanks

Chuck

Okay. I will do this now.

Link to post
Share on other sites

Okay. Here are the results from that last scan....

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 08:16:16

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (64 bits)

# User : guerajasso - GUERAJASSO-PC

# Boot Mode : Normal

# Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\ParetoLogic

Deleted on reboot : C:\Program Files (x86)\ImTranslator_Pro

Deleted on reboot : C:\ProgramData\ParetoLogic

Deleted on reboot : C:\Users\guerajasso\AppData\Local\APN

Deleted on reboot : C:\Users\guerajasso\AppData\Local\PackageAware

Deleted on reboot : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro

Deleted on reboot : C:\Users\guerajasso\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ImTranslator_Pro

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\Software\GamesBarSetup

Key Deleted : HKLM\Software\ImTranslator_Pro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8720 octets] - [17/05/2013 07:46:33]

AdwCleaner[R2].txt - [8780 octets] - [17/05/2013 08:15:44]

AdwCleaner[s1].txt - [8606 octets] - [17/05/2013 08:16:16]

########## EOF - C:\AdwCleaner[s1].txt - [8666 octets] ##########

Link to post
Share on other sites

Great job, ok lets take care of what i found in the OTL log !!

We need to Run an OTL fix !!

* Double-click OTL.exe to start the program.

* Copy and Paste the following code into the customFix.png. Do not include the word Code

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not found
O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] OSPLASH File not found
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778D0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46
[HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

ipconfig /flushdns
:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.

# Click btnOK.png

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.

Remember to enable your real time protection.

Let me know how it's running & if you are still geting that notice of Virus Alert Click to see how to remove Worm:MSIL/Necast.D ???

Link to post
Share on other sites

Great job, ok lets take care of what i found in the OTL log !!

We need to Run an OTL fix !!

* Double-click OTL.exe to start the program.

* Copy and Paste the following code into the customFix.png. Do not include the word Code

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not found
O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] OSPLASH File not found
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778D0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46
[HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

ipconfig /flushdns
:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.

# Click btnOK.png

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.

Remember to enable your real time protection.

Let me know how it's running & if you are still geting that notice of Virus Alert Click to see how to remove Worm:MSIL/Necast.D ???

Okay. I will run this now.

Link to post
Share on other sites

Here are the results....

All processes killed

Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not foundO3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not foundO4:64bit: - HKLM..\Run: [intelWirelessWiMAX] OSPLASH File not foundO4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex> in the current context!

Error: Unable to interpret <.exe" -hide -runkey File not foundO4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not foundO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value found@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778> in the current context!

Error: Unable to interpret <D0@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46[HKEY_USERS\S-1-5-21-2943996986-> in the current context!

Error: Unable to interpret <3391541806-3619402730-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not foundipconfig /flushdns :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05172013_083356

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upon restart, this pops up.... Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly. Windows will notify you if a solution is available. When I close it the Virus alert comes up regarding that "worm".

Link to post
Share on other sites

guera, we are almost done with the cleaning !

Clean up with OTL

Right-click OTL.exe and select " Run as administrator " to run it.

This will remove all the tools we used to clean your pc.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CleanUp! button

Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop

NEXT STEP:

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image: EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on: EOLS2.gif

* When prompted allow the Add-On/Active X to install.

* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.

* Now click on Advanced Settings and select the following:

o Scan for potentially unwanted applications

o Scan for potentially unsafe applications

o Enable Anti-Stealth Technology

* Now click on: EOLS3.gif

# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

# When completed the Online Scan will begin automatically.

# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

# Now click on: EOLS4.gif

# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply to this topic.

==================

Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.

This is usually caused by a needed update driver !!!

When I close it the Virus alert comes up regarding that "worm".

Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!

We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!

Did those appear after the ESET Scan ????

Thanks

Chuck

Link to post
Share on other sites

guera, we are almost done with the cleaning !

Clean up with OTL

Right-click OTL.exe and select " Run as administrator " to run it.

This will remove all the tools we used to clean your pc.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CleanUp! button

Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop

NEXT STEP:

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image: EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on: EOLS2.gif

* When prompted allow the Add-On/Active X to install.

* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.

* Now click on Advanced Settings and select the following:

o Scan for potentially unwanted applications

o Scan for potentially unsafe applications

o Enable Anti-Stealth Technology

* Now click on: EOLS3.gif

# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

# When completed the Online Scan will begin automatically.

# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

# Now click on: EOLS4.gif

# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply to this topic.

==================

Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.

This is usually caused by a needed update driver !!!

When I close it the Virus alert comes up regarding that "worm".

Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!

We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!

Did those appear after the ESET Scan ????

Thanks

Chuck

Okay. Let me start this process now. I will let you know.

Link to post
Share on other sites

guera, we are almost done with the cleaning !

Clean up with OTL

Right-click OTL.exe and select " Run as administrator " to run it.

This will remove all the tools we used to clean your pc.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CleanUp! button

Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop

NEXT STEP:

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image: EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on: EOLS2.gif

* When prompted allow the Add-On/Active X to install.

* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.

* Now click on Advanced Settings and select the following:

o Scan for potentially unwanted applications

o Scan for potentially unsafe applications

o Enable Anti-Stealth Technology

* Now click on: EOLS3.gif

# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

# When completed the Online Scan will begin automatically.

# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

# Now click on: EOLS4.gif

# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply to this topic.

==================

Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.

This is usually caused by a needed update driver !!!

When I close it the Virus alert comes up regarding that "worm".

Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!

We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!

Did those appear after the ESET Scan ????

Thanks

Chuck

This scan just completed. Do I "delete quarentined filesOr just press uninstall application on close and press finish? This scan took over 9 hours. It was a long one.

Edited by guera8818
Link to post
Share on other sites

Good evening, yes delete quarantined files then follow up with finish !!Then post me the ESET Scan fix !!

Thanks

Chuck

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\guerajasso\AppData\Local\Temp\vlsuho12a8uu6-10083.tmp Win32/Simda.P trojan cleaned by deleting - quarantined

C:\Users\Public\Downloads\10DaysUnderTheSea-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\10Talismans-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\3Days_ZooMystery-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlabamaSmith_Setup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlicesMagicalMahjong-dm (1).exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlicesMagicalMahjong-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Ankh2HeartofOsiris-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AnkhTheLostTreasures-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Aquitania-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\aroundtheworldin80days-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\BigCityAdventureSF_EN-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\cafe_mahjongg-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Cradle_of_Persia-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Hide_and_Secret-v1-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Jetsetter-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\JigsawLandscapesSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LegendsotWildWestGoldenHill-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LetterLab-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LucyQ_Setup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MagicEncyclopedia-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MahjongEscapeAncientChina-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MahJongSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Marooned-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Marooned-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MissTeriTale-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MurderSheWrote-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MyBoyfriend-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MyFantasyWeddingSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MysteryvilleSetup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\NancyDrew_ResortingtoDanger-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\NeptunesSecret-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Pickers-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\PureHidden-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\SallysSpa-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Saqqarah-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\TheMysteriousCityPrague-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\TheMysteryoftheCrystalPortal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\WHTheInquisitor-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Zeal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

E:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.B application cleaned by deleting - quarantined

Okay. I deleted scan and finished up as requested. ; )

Link to post
Share on other sites

guera, we are almost done with the cleaning !

Clean up with OTL

Right-click OTL.exe and select " Run as administrator " to run it.

This will remove all the tools we used to clean your pc.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CleanUp! button

Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop

NEXT STEP:

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image: EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on: EOLS2.gif

* When prompted allow the Add-On/Active X to install.

* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.

* Now click on Advanced Settings and select the following:

o Scan for potentially unwanted applications

o Scan for potentially unsafe applications

o Enable Anti-Stealth Technology

* Now click on: EOLS3.gif

# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

# When completed the Online Scan will begin automatically.

# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

# Now click on: EOLS4.gif

# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply to this topic.

==================

Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.

This is usually caused by a needed update driver !!!

When I close it the Virus alert comes up regarding that "worm".

Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!

We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!

Did those appear after the ESET Scan ????

Thanks

Chuck

Okay. I just restarted my computer and the virus alert still comes up upon restart. ; (

Link to post
Share on other sites

Ok lets try to fix those problems !

1. Click Start, type msconfig in the Start Search box, and then press ENTER.

2. On the General tab, click Selective Startup.

3. Under Selective Startup, click to clear the Load Startup Items check box >>> Click on the services tab

and find the one for the proset event log and uncheck it. Click "OK" and you're done.

See if that helps the Intel® PROSet/Wireless Event Log Service from popping up !

Now run this to get rid of that Worm:MSIL/Necast.D >>>> http://www.microsoft.../scanner/en-gb/ <<< download & run this then let me know if you still get the 2 problems !!

Chuck

Link to post
Share on other sites

Hi, how's it running ? Are you still getting the same 2 problems ?

It seems to be running better, however I am still getting the same two pop ups. When I close the first one, the pop up of the worm comes up. Everytime upon restart.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.