apeliz, Avira shows malware in "C:\Qoobox\Quarantine"- this is where Combofix put the files it quarantines- it's not going to affect the system now. When we have you uninstall Combofix, these will be removed.
There is a list of 19 files in the Recycler folder in Combofix.se show in the Combofixc log.They look like this but the number strings are different:
c:\recycler\S-1-5-21-0183500278-5597706240-161784849-7707
The Recycler is a hidden folder that holds the files emptied from the Recycle Bin. They can be removed easily. The Recycler folder received the deleted files from ALL of the users, each user having their own identification number. Looking at this list, it appears that there are 19 different accounts listed.
Is this an older machine that had other users or are there 19 users now? That's a lot of users on one machine. There is a command that can be use to empty this but It doesn't always work, so let's try a different way.
First, it's important that you
empty the recycle bin first. These files won't delete if there is trash in the bin.
Second, you must show hidden files and folders:
Click on the Control Panel> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide system and protected files (Recommended'> Apply> OK
Now open Windows Explorer: Right click on Start> explore> My Computer> Local Drive- usually C> click on the Recycler folder on the left. This shows the files on the right screen> do a right click> delete on each.
Go back and hide the files.
You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player:
To remove, find and remove Viewpoint Media Player
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
- Click on Start > Run and type: services.msc> OK
- Click the "Extended tab".
- Scroll down the list and find the service called "Viewpoint Manager Service"
- When you find the service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
- Click on Start > Settings > Control Panel >Add/Remove Programs
- Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
C:\Program Files\
ViewManager\ <-- and delete this folder
C:\Program Files\
Viewpoint\ <-- and delete this folder
Empty the Recycle Bin
The SAS log shows the malware in the temp files and System Restore. We'll have you drop those old restore points at the end- don't do a SR now:
TFC (Temp File Cleaner)
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
After all of that is done, run an online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Please attach online scan log.
Rescan with HJT and attach new log.
kimsland may come alone and write script for all this, but if not, this should help. I'll give you a heads up for the tracking cookies in my next reply.
