Unable to remove yontoo and norton security scan

[jmwcrna]

I have Windows 7 and using Google Chrome, my son downloaded a "skin" for Minecraft and it also downloaded multiple malware programs, including, Drop Down Deals, Deal Ply, Delta Search, Norton Security Scan, and Yontoo. I was able to uninstall almost all of them from the control panel, but Norton fails to uninstall (the uninstall pop-up just flickers then disappears and it is still there and Yontoo says "C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.dat Error 2 while loading archive:The system cannot find the file specified." I've run Mal-warebytes and that comes out clean, Avast is clean too. I tried a System Restore, but it won't allow it, even disabling Avast prior to Restore doesn't work. Norton runs a scan every time I open my computer. How can I get clean again?

These are the logs:

DDS-Notepad

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Julie at 6:25:39 on 2013-06-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1842 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe

C:\Users\Julie\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe

C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\WUDFHost.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Games\solitaire\solitaire.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=119357&tt=gc_&babsrc=HP_ss_din2g&mntrId=B22FF04DA241B4FA

uDefault_Page_URL = hxxp://www.dell.com

mWinlogon: Userinit = userinit.exe

BHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} -

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Akamai NetSession Interface] "C:\Users\Julie\AppData\Local\Akamai\netsession_win.exe"

uRun: [Yontoo Desktop] "C:\Users\Julie\AppData\Roaming\Yontoo\YontooDesktop.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\C696E6B6379737 : DHCPNameServer = 4.2.2.2 8.8.8.8

TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\D43474F4F4 : DHCPNameServer = 129.135.130.1

TCP: Interfaces\{9E439EFC-57C1-4315-B23C-C388F35A2D7E}\F4B42514027455543545 : DHCPNameServer = 192.168.169.1

TCP: Interfaces\{F8D04562-9FDF-4E7C-AD61-D5696A5FDF68} : DHCPNameServer = 192.168.1.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65336]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-23 55280]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-24 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-24 377920]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-24 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-24 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-7 45248]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 828072]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-23 2320920]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-23 23552]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-22 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-7-23 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-7-23 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-7-23 151936]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-23 244736]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2012-7-23 72744]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]

S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 178624]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-29 19456]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-29 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-31 1255736]

.

=============== Created Last 30 ================

.

2013-06-01 13:15:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086CEBB4-FE98-4848-8D68-5CE7AF4D5AC2}\offreg.dll

2013-06-01 13:12:09 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086CEBB4-FE98-4848-8D68-5CE7AF4D5AC2}\mpengine.dll

2013-05-28 00:12:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2013-05-25 03:29:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-25 03:29:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-24 01:16:25 -------- d-----w- C:\Windows\IswTmp

2013-05-23 18:37:32 -------- d-----w- C:\ProgramData\Symantec

2013-05-23 18:37:07 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0400000.030

2013-05-23 18:37:07 -------- d-----w- C:\Windows\System32\drivers\NSSx64

2013-05-23 18:37:07 -------- d-----w- C:\Program Files (x86)\Norton Security Scan

2013-05-23 18:37:06 -------- d-----w- C:\ProgramData\Norton

2013-05-23 18:33:44 -------- d-----w- C:\ProgramData\NortonInstaller

2013-05-23 18:33:44 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2013-05-23 18:17:02 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-05-23 18:17:02 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-05-23 18:16:14 -------- d-----w- C:\ProgramData\BrowserProtect

2013-05-23 18:15:52 -------- d-----w- C:\Users\Julie\AppData\Roaming\BabSolution

2013-05-23 18:15:36 -------- d-----w- C:\Users\Julie\AppData\Roaming\Yontoo

2013-05-23 18:15:36 -------- d-----w- C:\Program Files (x86)\Yontoo

2013-05-23 18:15:19 -------- d-----w- C:\Users\Julie\AppData\Roaming\DealPly

2013-05-23 18:15:10 -------- d-----w- C:\Users\Julie\AppData\Roaming\Babylon

2013-05-23 18:15:10 -------- d-----w- C:\ProgramData\Babylon

2013-05-23 18:14:52 -------- d-----w- C:\ProgramData\Tarma Installer

2013-05-23 18:14:50 -------- d-----w- C:\Users\Julie\AppData\Roaming\DSite

2013-05-21 16:59:19 -------- d-----w- C:\Program Files\iPod

2013-05-21 16:59:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-21 16:59:18 -------- d-----w- C:\Program Files\iTunes

2013-05-21 16:59:18 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-17 13:14:32 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-17 13:14:30 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-17 13:14:30 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-17 13:14:30 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-17 13:14:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-17 13:14:13 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-17 13:14:13 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-17 13:13:16 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-17 13:12:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-17 13:12:46 230400 ----a-w- C:\Windows\System32\wwansvc.dll

.

==================== Find3M ====================

.

2013-05-15 01:40:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 01:40:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-26 14:49:59 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-11 00:07:45 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 00:07:45 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-03-06 23:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-06 23:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr

.

============= FINISH: 6:26:48.04 ===============

Attach-Notepad

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/22/2012 9:21:55 AM

System Uptime: 5/31/2013 9:01:07 AM (69 hours ago)

.

Motherboard: Dell Inc. | | 08VFX1

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | U2E1 | 929/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 382.893 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP100: 5/21/2013 11:54:22 AM - Installed iTunes

RP101: 5/23/2013 3:45:43 PM - Restore Operation

RP102: 5/24/2013 9:58:04 AM - Windows Update

RP103: 5/25/2013 8:28:20 AM - Restore Operation

RP104: 5/27/2013 6:46:43 PM - Windows Update

RP105: 6/1/2013 8:10:43 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.22 (x64 edition)

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.7)

Adobe Shockwave Player 12.0

Advanced Audio FX Engine

Akamai NetSession Interface

Amazon Kindle

Amazon MP3 Downloader 1.0.17

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

Bonjour

calibre

Cozi

CyberLink PowerDVD 9.5

Dell Dock

Dell Edoc Viewer

Dell Resource CD

Dell System Detect

Dell Webcam Central

DirectXInstallService

Dropbox

EMC 10 Content

EMCGadgets64

Google Chrome

Google Update Helper

GoToAssist Corporate

HP Officejet Pro 8500 A910 Basic Device Software

HP Officejet Pro 8500 A910 Help

HP Officejet Pro 8500 A910 Product Improvement Study

HP Update

I.R.I.S. OCR

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

iTunes

Java 7 Update 21

Java Auto Updater

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.75.0.1300

Marketsplash Shortcuts

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NOOK for PC

Norton Security Scan

Quicken 2011

Quickset64

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

Secunia PSI (3.0.0.2004)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sonic CinePlayer Decoder Pack

SpywareBlaster 4.6

SUPERAntiSpyware

swMSM

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WIDCOMM Bluetooth Software

Yontoo 2.053

YTD Video Downloader 3.9.6

ZoneAlarm Firewall

ZoneAlarm Free Firewall

ZoneAlarm LTD Toolbar

ZoneAlarm Security

.

==== Event Viewer Messages From Past Week ========

.

6/3/2013 6:01:55 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

5/30/2013 9:46:50 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVE-DELL09PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E439EFC-57C1-4315-B23C-C388F35A2D7E}. The master browser is stopping or an election is being forced.

5/30/2013 7:29:54 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-21-6A-52-E3-AC. Network operations on this system may be disrupted as a result.

5/27/2013 5:11:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer YOUR-EFD10BA36E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E439EFC-57C1-4315-B23C-C388F35A2D7E}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Thank you for your help!

[Psychotic]

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
2. Click Upload.

Scan with adwCleaner

Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
  
• Hit Search.
  
• When the scan is finished, it will open up a text file.
  
• Please post its contents within your next reply.
  
• You´ll find the log file at C:\AdwCleaner[R1].txt also.
  

[Psychotic]

Due to the lack of response, this topic is closed.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!