Always getting this error on startup

[vgchat]

See the end of this message for details on invoking 
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
   at 쥌嗿㗲恧絛↶҉短휘흎흎7.쥌嗿㗲恧絛↶҉短휘흎흎7.NodeSelect(String slctNodes)
   at 쥌嗿㗲恧絛↶҉短휘흎흎7.쥌嗿㗲恧絛↶҉短휘흎흎7.Form1_Load(Object sender, EventArgs e)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Windows.Forms.Form.OnLoad(EventArgs e)
   at System.Windows.Forms.Form.OnCreateControl()
   at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
   at System.Windows.Forms.Control.CreateControl()
   at System.Windows.Forms.Control.WmShowWindow(Message& m)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
   at System.Windows.Forms.ContainerControl.WndProc(Message& m)
   at System.Windows.Forms.Form.WmShowWindow(Message& m)
   at System.Windows.Forms.Form.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
cocolo
    Assembly Version: 1.0.0.0
    Win32 Version: 0.0.0.0
    CodeBase: file:///G:/Users/avalanch/AppData/Roaming/chrome/chrome.exe
----------------------------------------
Microsoft.VisualBasic
    Assembly Version: 8.0.0.0
    Win32 Version: 8.0.50727.5420 (Win7SP1.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5473 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5473 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Runtime.Remoting
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
Anonymously Hosted DynamicMethods Assembly
    Assembly Version: 0.0.0.0
    Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_32/mscorlib/2.0.0.0__b77a5c561934e089/mscorlib.dll
----------------------------------------
Dll
    Assembly Version: 1.0.0.0
    Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_32/mscorlib/2.0.0.0__b77a5c561934e089/mscorlib.dll
----------------------------------------
System.Web
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5471 (Win7SP1GDR.050727-5400)
    CodeBase: file:///G:/Windows/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

I also see this loaded in taskmanager... I boot up & check taskmanager & this is there


Trying to kill the instance:

 

[gregrocker]

Establish a Clean Boot, run a full scan with Malwarebytes, then SFC /scannow Command, and the other Troubleshooting Steps for Windows 7

 

[vgchat]

I have comodo internet security. Would you reccomend a full scan with malwarebites over a full scan with Comodo Internet Security?

 

[VistaKing]

Run Farbar Recovery Scan Tool

64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link

Drag the FRST64.exe from the Downloads folder to your Desktop

Right click on FRST64.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.

FRST will let you know when the scan is complete and has written the FRST.txt to file

   Note

The first time Farbar Recovery Scan Tool is run, it makes also another log Addition.txt

Please upload both logs in your reply.(FRST.txt and Addition.txt)

:note: FRST.txt and Addition.txt will be on the Desktop :note:

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

 

[vgchat]

Thanks, here are the files it generated.

 

[VistaKing]

Can you unzip them please and just upload the txt files . I'm on an iPad . I can't view zip files .

 

[gregrocker]

I have comodo internet security. Would you reccomend a full scan with malwarebites over a full scan with Comodo Internet Security?

Yes that's why I specified Malwarebytes.

Have only seen problems with Comodo. I would uninstall it and replace with Microsoft Security Essentials.

Then proceed with the other Troubleshooting steps, reporting back results for each. These will often turn up the problem

 

[vgchat]

@ vistaking here you go

and I'll run a full scan with malwarebytes soon

 

[VistaKing]

Uninstall smart Defrag . Not needed .

 

[VistaKing]

RogueKiller for 32bit <==== Download Link

RogueKiller for 64bit <==== Download Link

:ar: Click on one of the links above that goes with your Windows 7 bit versions

:ar: Save to the Desktop.

:ar: Close all windows and browsers

:ar: Right click on

and choose

:ar: Press: SCAN

:ar: provide the RKreport.txt (Mode: Scan) in your reply.

 

[vgchat]

I installed MB and a few seconds after start up it caught this and it looks like the virus keeps popping back up.

2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting protection
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Protection started successfully
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting IP protection
2013/07/24 11:31:55 -0600	AVALANCH-PC	avalanch	MESSAGE	IP Protection started successfully
2013/07/24 11:32:02 -0600	AVALANCH-PC	avalanch	DETECTION	G:\Users\avalanch\AppData\Local\Temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2

I have yet to do a full scan or run the roguekiller but the full scan is in progress right now.

 

[vgchat]

Here's the mbam results

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
avalanch :: AVALANCH-PC [administrator]

Protection: Enabled

7/24/2013 12:18:15 PM
mbam-log-2013-07-24 (12-18-15).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 611690
Time elapsed: 1 hour(s), 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|chrome (Trojan.Agent) -> Data: "G:\Users\avalanch\AppData\Roaming\chrome\chrome.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
G:\Users\avalanch\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 11
E:\SRS Audio Sandbox 1.10.2.0.rar (Trojan.Dropper.PGen) -> No action taken.
E:\Downloads\chromepass.zip (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\chromepass\ChromePass.exe (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\WPE PRO - modified.zip (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
E:\Downloads\WPE PRO - modified\WpeSpy.dll (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.

G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)

 

[VistaKing]

Restart the PC and run RogueKiller .

 

[vgchat]

Alright, I restarted & ran the RK tool and here's it's results.

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : avalanch [Admin rights]
Mode : Scan -- Date : 07/24/2013 14:33:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 19aac6d6358a31638193da1e58b3a80f
[BSP] 824b93df78cb5d2a69c81aec1266ca81 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 9539fd94bddbffda9395ae3323c8ba30
[BSP] e4c948cba6d734b778c663230ff4e8d3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953716 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 5670f7dab435709844937a658dce92cc
[BSP] c362c2fb01507bdde3712e595625b8c5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 7a184e6949a725c54af869a717e79537
[BSP] d583239bfca040b83921c79615c2cf29 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07242013_143313.txt >>

 

[VistaKing]

Change your passwords on a non infected PC . Are you still getting that pop up ?

 

[vgchat]

No the popup hasn't been showing after that.