Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: suspect a virus need help removing....please

26 Feb 2015   #11
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Quote   Quote: Originally Posted by Jacee View Post
Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop. Keep this temporary file cleaner and use it!
Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts, so just be aware!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Manually reboot the machine to ensure a complete clean.

Make sure your Internet settings aren't using a 'Proxy', unless you purposely set it that way.
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.

Now clean the DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.

Make sure "Proxy server" is still disabled under your LAN Settings.

Jacee,

did everything so far. worked great I believe. so where do we go from here? And is system mechanic on deck?

Thanx for the help so far!!


My System SpecsSystem Spec
.
27 Feb 2015   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
01 Mar 2015   #13
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Thanks Jacee for your reply. I kind of figured as volunteers your time was valuable and quite divided with helping others. I do really appreciate it. I ran Eset scan as you instructed. Scan found no threats. At installation it detected my Bitdefender and mentioned it could affect results.....

Anyway I've attached screen shot of results. Also screen shots of Kaspersky VRT before and after from Fri 2/27. I cured/deleted 4 files it had found previously, which I had quarantined...previously.

Is it safe to assume my system is clean from infection and malware now?

I mentioned System Mechanic in original post. You had mentioned dealing with it later. Should I uninstall System Mechanic?

I noticed a significant improvement in boot up & shut down performance after your repairs on Thursday.

In my misguided attempt to "tweak" my system, I also had downloaded early last week, Tweaking.com "Windows Repair All-In-One-Tool" and their "Simple System Tweaker". I uninstalled these 2 programs (without getting your advice first) after your help on Thursday at which time I noticed the improved boot up/shutdown performance . After I uninstalled the Tweaking.com apps performance declined and I had some unfamiliar black screen for about 30 seconds, between the "windows is starting" screen and the "welcome" screen(it was not there prior to unstallation, after your repairs there was NO black screen time out between screens). I'm wondering if these programs left something in my boot/shut down process. I can get screen shots of appropriate logs or reports if you direct me to them.

There are 2 other programs/apps I downloaded when I got on the "clean up/tweak" horse. CPZ-U and Autoruns. I got CPU-Z to identify specific specs for my hard drive and ram as I was having some trouble getting specific info. I got Autoruns to get a clearer picture of al my processes, startups, etc...It seems to be ok. WHAT ARE YOUR THOUGHTS REGARDING THESE AS WELL, KEEP EM OR UNINSTALL THEM.

SCREEN SHOTS (I'm including some system shots that might be helpful regarding boot up etc...):


Attached Thumbnails
suspect a virus need help removing....please-kaspersky-vrt-2272015-150pm.jpg   suspect a virus need help removing....please-malwarebytes-free-version-scan-2272015-3pm.jpg  
Attached Images
suspect a virus need help removing....please-eset-scan-312015-1230pm.jpg suspect a virus need help removing....please-kaspersky-vrtreport-after-cure-vdeletion-2272015-152pm.jpg suspect a virus need help removing....please-kaspersky-vrt-2272015-8pm.jpg 
My System SpecsSystem Spec
.

01 Mar 2015   #14
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Here 4 lists and a registry scan from Ccleaner on Friday. I thought they might be helpful:

Ccleaner registry scan for issues 2272015 2272015 not fixed waiting for advice:


Unused File Extension .bc HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bc
Unused File Extension .enc1 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.enc1
Unused File Extension .eot HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eot
Unused File Extension .etl HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.etl
Unused File Extension .id HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.id
Unused File Extension .md5 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.md5
Unused File Extension .tax HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tax
Unused File Extension .tga HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga
Invalid or empty file class OneIndex14 HKCR\OneIndex14
ActiveX/COM Issue InProcServer32\C:\Windows\SysWOW64\wpcmig.dll HKCR\CLSID\{343D770D-7788-47c2-B62A-B7C4CED925CB}
ActiveX/COM Issue InProcServer32\C:\Windows\SysWOW64\wpcumi.dll HKCR\CLSID\{DFA14C43-F385-4170-99CC-1B7765FA0E4A}
ActiveX/COM Issue InProcServer32\C:\Windows\system32\wuaucpl.cpl HKCR\CLSID\{5F327514-6C5E-4d60-8F16-D07FA08A78ED}
ActiveX/COM Issue InProcServer32\%systemroot%\system32\sharemediacpl.cpl HKCR\CLSID\{B977CB2D-EC6E-4A8F-BFFE-D18682BB0D52}
Missing TypeLib Reference IRoamRemoteStore - {38e8db48-2747-444f-970d-8437534991ca} HKCR\Interface\{062c7f3f-5d6c-426b-95d9-69dddcf524ad}
Missing TypeLib Reference IRoamTokens - {38e8db48-2747-444f-970d-8437534991ca} HKCR\Interface\{3581572a-9b9e-4500-bcad-5bb5a737b0e2}
Missing TypeLib Reference IRoamLocalStore - {38e8db48-2747-444f-970d-8437534991ca} HKCR\Interface\{435eb1b8-b681-4569-b862-551e13764315}
Missing TypeLib Reference IRoamFilters - {38e8db48-2747-444f-970d-8437534991ca} HKCR\Interface\{5a36a745-8357-49ff-92ee-9a5bfe043496}
Missing TypeLib Reference IRoamConflictResolution - {38e8db48-2747-444f-970d-8437534991ca} HKCR\Interface\{5c60f565-4f7f-4894-a9c8-1c4cad355f16}
Application Paths Issue SnippingTool.exe - %SystemRoot%\system32\SnippingTool.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SnippingTool.exe
Application Paths Issue C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Application Paths Issue C:\Program Files (x86)\iolo\System Mechanic\ProcessLasso.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Application Paths Issue C:\Program Files (x86)\iolo\System Mechanic\ProcessGovernor.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Application Paths Issue C:\Users\Admin\Downloads\Antivirus_Free_Edition_x64.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Application Paths Issue C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ3IF2ZB\bitdefender_tsecurity_akHp8T1LlIKRrfeXQdcOdEV9y9A.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Installer Reference Issue C:\Program Files (x86)\AVG HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\$AVG HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\$AVG\$VAULT HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\PC Drivers HeadQuarters HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\AVG\AVG2014 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\AVG\AVG2015 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\ProgramData\AVG2015\log HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\ProgramData\AVG2015\IDS\config HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\ProgramData\AVG2015\IDS HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\ProgramData\AVG2015\avi HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\ProgramData\AVG2015\Cfg HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\AVG\AVG2015\Notification HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue C:\Program Files (x86)\AVG\AVG2015\banners HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Obsolete software key OldTimer Tools HKLM\Software\OldTimer Tools
Obsolete software key ProcessLasso HKLM\Software\ProcessLasso
Invalid firewall rule {8BFD39CC-C929-42B1-86CD-5F200A326337} - C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {4555DDFF-FD78-4E0D-BE4A-BD5B6AB878DC} - C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {8BFD39CC-C929-42B1-86CD-5F200A326337} - C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe HKLM\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {4555DDFF-FD78-4E0D-BE4A-BD5B6AB878DC} - C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe HKLM\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Missing MUI Reference C:\Program Files (x86)\AVG\AVG2015\avgui.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Missing MUI Reference C:\Program Files (x86)\Tweaking.com\Simple System Tweaker\Simple_System_Tweaker.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Ccleaner sched task startup list:

No Task 1214avUpdateInfo C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe /SETINFO /CMPID=1214av /INFORETRY=3
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task ConfigFree Startup Programs TOSHIBA CORPORATION C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Yes Task iolo Process Governor iolo technologies, LLC C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe
Yes Task {016BB9F5-0990-4F08-9D8D-DA593A9CF6A4} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\pacscubestart.exe -d D:\
No Task {1772D6CB-FE01-4CFA-A6E6-576FA7B21355} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {202AE447-4756-478F-A99F-040C48D03F65} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {228F9402-6637-423A-B8C0-9F85F499A035} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {29737AFD-A246-4DD4-BF6A-82BBDA11EA9A} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
Yes Task {29F2F83A-448A-436C-BA27-9B14FA3598BA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "E:\Turbo Tax Programs\Turbo Tax 2005 Home & Business Program & Download\[uM]Turbo.Tax.Deluxe.2005\autorun.exe" -d "E:\Turbo Tax Programs\Turbo Tax 2005 Home & Business Program & Download\[uM]Turbo.Tax.Deluxe.2005"
No Task {315D10FA-33AC-474A-BA80-84F796FA0FD3} Eidos plc C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\battlestationspacific.exe
Yes Task {39313FE5-37E0-4400-A7AE-D5A2EB9EED6E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVUQV2U9\epson12958.exe" -d C:\Users\Admin\Desktop
No Task {4420DDE4-E88D-4D97-8E82-EAC26FA35FD5} Eidos plc C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\battlestationspacific.exe
No Task {5CD83F2E-48A0-4D4C-84C3-CE45EFA046B6} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {60FCDD39-23E5-4961-9B9C-22503810C034} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {6AB7BEFC-A892-41C4-A104-571189463001} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
Yes Task {8A91B2E1-C513-40ED-B1AE-602CCE8F144E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
No Task {961DAE4E-C212-4423-9E21-B9BE4CE23702} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {A1336B73-6C2C-49AA-A080-CDACF1D1C055} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {AA975F61-914C-464E-AA58-A9A81A3DB479} EIDOS C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\bsp.exe
No Task {BB2AF268-1E2D-4BDD-AD32-E1A4C630A718} Eidos plc C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\battlestationspacific.exe
No Task {BECEBFD9-1A86-4CC7-8B28-A087046729E3} Eidos plc C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\battlestationspacific.exe
No Task {D8CCF8E8-FA8C-49C5-9AC7-0B245A47329D} C:\Users\Admin\Downloads\Stratego\STRATEGO.EXE
No Task {E4236582-AE34-4703-8508-D68E6F2BE0D2} EIDOS C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\bsp.exe
No Task {EF4F4FAD-BD2C-4B8A-91D8-BFFB708AD59E} EIDOS C:\Users\Admin\Downloads\Battlestations Pacific\Battlestations Pacific\bsp.exe


Ccleaner startup services application list:


No EPLTarget
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run EPSON Stylus CX7400 Series SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_S8BB6.tmp" /EF "HKCU"
No HKCU:Run OfficeSyncProcess Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
No HKCU:Run ROC_ROC_APR2013_AV C:\Users\Admin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid a637edff9d5447d3a13bd16f2af148e4-aea5bc041859bab0beb2f3f406a65da5af445dbc --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run amd_dc_opt AMD C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
No HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
No HKLM:Run ioloLiveBoost iolo technologies, LLC C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
No HKLM:Run StartupDelayer r2 Studios "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup User OneNote 2010 Screen Clipper and Launcher.lnk C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE /tsr



Ccleaner Context startup list:


Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Incinerator iolo technologies, LLC C:\Windows\system32\Incinerator64.dll
Yes Directory MSSE
Yes Directory Play with VLC media player VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes File Gonzales Bitdefender C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll
Yes File Incinerator iolo technologies, LLC C:\Windows\system32\Incinerator64.dll
Yes Folder Gonzales Bitdefender C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll


Ccleaner install list:


7-Zip 9.20 (x64 edition) Igor Pavlov 1/11/2014 4.53 MB 9.20.00.0
ABBYY FineReader 9.0 Sprint ABBYY 3/1/2014 9.00.15.58233
Adobe AIR Adobe Systems Incorporated 3/27/2013 3.6.0.6090
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 3/27/2013 6.00 MB 11.6.602.180
Adobe Flash Player 12 ActiveX Adobe Systems Incorporated 2/9/2014 6.00 MB 12.0.0.44
Adobe Reader XI (11.0.02) Adobe Systems Incorporated 3/27/2013 126 MB 11.0.02
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 3/27/2013 12.0.0.112
Apple Application Support Apple Inc. 1/24/2015 95.2 MB 3.1
Apple Mobile Device Support Apple Inc. 1/24/2015 22.2 MB 8.0.5.6
Apple Software Update Apple Inc. 1/24/2015 2.38 MB 2.1.3.127
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 3/27/2013 2.1.0.6
Bitdefender Antivirus Free Edition Bitdefender 2/25/2015 1.0.21.1099
Bonjour Apple Inc. 1/24/2015 2.04 MB 3.0.0.10
CCleaner Piriform 2/25/2015 5.03
CPUID CPU-Z 1.71.1 2/23/2015 3.72 MB
Download Navigator SEIKO EPSON CORPORATION 3/1/2014 6.14 MB 3.4.0
Dream Tale - The Golden Keys Foxy Games 1/17/2014 1.0
Dual-Core Optimizer AMD 1/11/2014 86.0 KB 1.1.4.0169
EPSON Connect version 1.0 Epson America Inc. 3/1/2014 1.10 MB 1.0
Epson Customer Participation SEIKO EPSON CORPORATION 3/1/2014 3.32 MB 1.4.0.0
Epson Event Manager Seiko Epson Corporation 3/1/2014 42.4 MB 3.01.0003
Epson FAX Utility SEIKO EPSON CORPORATION 3/1/2014 1.30.00
EPSON Printer Software SEIKO EPSON Corporation 3/1/2014
EPSON Scan Seiko Epson Corporation 3/1/2014
EPSON WF-2540 Series Printer Uninstall SEIKO EPSON Corporation 3/1/2014
EpsonNet Print SEIKO EPSON CORPORATION 3/1/2014 2.5.00
Handset USB Driver 1/5/2014 12.5 MB 5.2088.1.A01B06
Intel(R) Processor Graphics Intel Corporation 1/11/2014 9.17.10.3347
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 1/11/2014 2.0.0.37149
iolo technologies' System Mechanic iolo technologies, LLC 2/17/2015 117 MB 14.5.0
iTunes Apple Inc. 1/24/2015 244 MB 12.0.1.26
Java 7 Update 17 (64-bit) Oracle 3/27/2013 128 MB 7.0.170
Java 7 Update 60 Oracle 4/30/2013 130 MB 7.0.600
Job Tracker for Contractors Data Village 4/5/2014
Malwarebytes Anti-Malware version 2.0.4.1028 Malwarebytes Corporation 1/29/2015 57.2 MB 2.0.4.1028
Microsoft .NET Framework 4.5.2 Microsoft Corporation 1/22/2015 38.8 MB 4.5.51209
Microsoft Office Professional Plus 2010 Microsoft Corporation 4/22/2013 14.0.4734.1000
Microsoft Silverlight Microsoft Corporation 12/14/2014 299 MB 5.1.31211.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 8/14/2014 1.69 MB 3.1.0000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 1/6/2014 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 1/6/2014 588 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 1/18/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2/13/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2/13/2015 16.6 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/13/2015 10.0.50903
Moonbase Alpha Virtual Heroes 1/7/2014
MSXML 4.0 SP3 Parser Microsoft Corporation 9/25/2013 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 10/2/2013 1.54 MB 4.30.2117.0
NVIDIA PhysX v8.10.29 NVIDIA Corporation 1/11/2014 119 MB 8.10.29
OpenAL 1/6/2014
Realtek WLAN Driver REALTEK Semiconductor Corp. 3/27/2013 2.00.0020
Risk - 2012 Foxy Games 1/17/2014 1.0
Skype™ 6.11 Skype Technologies S.A. 12/25/2013 26.9 MB 6.11.102
Startup Delayer v3.0 (build 363) r2 Studios 2/20/2015 3.0 (build 363)
Steam Valve Corporation 1/7/2014
System Requirements Lab for Intel Husdawg, LLC 1/11/2014 1.03 MB 4.5.15.0
TOSHIBA ConfigFree TOSHIBA CORPORATION 3/27/2013 84.7 MB 8.0.43
TOSHIBA Media Controller TOSHIBA CORPORATION 3/27/2013 1.0.87.5
TOSHIBA Service Station TOSHIBA 2/21/2015 2.2.14
TurboTax 2013 Intuit, Inc 2/5/2014 2013.0
Visual Studio 2010 x64 Redistributables AVG Technologies 4/22/2013 12.4 MB 13.0.0.1
Visual Studio 2012 x64 Redistributables AVG Technologies 3/28/2014 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 3/28/2014 10.5 MB 14.0.0.1
VLC media player 2.0.5 VideoLAN 4/22/2013 2.0.5
Windows Live Essentials Microsoft Corporation 8/14/2014 16.4.3528.0331
µTorrent BitTorrent Inc. 4/21/2013 3.3.0.29544
My System SpecsSystem Spec
01 Mar 2015   #15
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

And lastly, I read another thread posted and the advice given by Callender to the poster. Callender advised downloading and running UVK - Ultra Virus Killer. I figured this was trusted by a forum senior member and couldn't hurt. So, I downloaded and ran and here is the report from UVK (zipped using 7zip, I think I did it right)........


Attached Files
File Type: zip UVK - Ultra Virus Killer Log.zip (103.6 KB, 11 views)
My System SpecsSystem Spec
01 Mar 2015   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Don't mess with removing things in CCleaner, other than what you definitely know!

Download Security Check by screen317 from
http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.spywareinfoforum.org/
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please copy/paste the contents of that document.
My System SpecsSystem Spec
01 Mar 2015   #17
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Here's the checkup.txt:

Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus Free Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 11.6.602.180 Flash Player out of Date!
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Bitdefender Antivirus Free Edition gzserv.exe
Bitdefender Antivirus Free Edition gziface.exe
iolo System Mechanic iologovernor64.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
My System SpecsSystem Spec
02 Mar 2015   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, everything that Kaspersky found was found by AwCleaner ... go ahead and delete all that, rather than 'skip'

Now, go into your Control Panel and un-install all old/outdated Java, such as --->Java 7 Update 60
Older versions have vulnerabilities that malware can use to infect your system.

Uninstall iolo System Mechanic: How to perform a thorough uninstall of System Mechanic

Let me know how things are going.
My System SpecsSystem Spec
03 Mar 2015   #19
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Thx Jacee.

I updated Java and it automatically removed old versions......CHECK.
I updated Adobe Flashplayer.
I Uninstalled Iolo System Mechanic, checked the registry as instructed......CHECK

I re ran Eset online scanner with all options checked, very long scan. it found 3 things all google toolbars from different folders. deleted/quarantined 2 of them, took no action on 3rd.

Please take a look at the screen shot and let me know your thoughts. Thx!!!!


Attached Images
suspect a virus need help removing....please-eset-follow-up-scan-all-options-checked.jpg 
My System SpecsSystem Spec
05 Mar 2015   #20
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please delete:
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe found by Eset ---->Win32/Bundled.Toolbar.Google.D potentially unsafe application
My System SpecsSystem Spec
Reply

 suspect a virus need help removing....please




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Help removing the shortcut virus
Hello all, Can anyone give me a working solution for removing the shortcut virus, you know the one that creates shortcuts of all the files in any external device that is plugged in. I know you can just run CMD and use attrib -h -r -s /s /d f:\*.* to get the files shown again, but MSE ,...
System Security
BSOD on booting after windows logo. Atikdmag.sys relat. Suspect virus.
G,day. Warning: Depressed as F*** so sorry if I come off distasteful. I keep getting a BSOD crash on every load. It gets to the windows logo, the one that shines, and the screen goes black and the tower goes quiet. Then it BSOD's.
BSOD Help and Support
need help removing svchost.exe virus
hello i have been infected with the svchost virus and well its making me angry...can someine help? Things i have tried: using antivirus to remove it but it comes right back, and using rkill but it did not detect anything as a threat... so if anyone can help me please do so.... and sorry if...
System Security
All My Folders Are Gone After Removing Virus !!
i cant seem to see any of my folders on my laptop the wallpaper is now all black and there are only 2 icons on my desktop are my files deleted or just hidden :confused:
Performance & Maintenance
Help with removing happili virus
Hi there! Recently it seems as though my Google searches are being redirected to happili more and more often (and I think once to infomash?). Anyway, it seems as if people on here have been very helpful in helping folks remove this virus but, it also looks like the instructions vary on a system...
System Security
I Need Help Removing A Virus
When i try to select "remove all unhealed" in AVG it says that removing the virus can cause instability or a system crash. How can i get rid of it safely? Here's a screen of my AVG and the virus details. http://i964.photobucket.com/albums/ae126/SonicBrewtality/Virus.png
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App