ZarkoTodorov

Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.0 Java 7 Update 4 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Mozilla Firefox (17.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

# AdwCleaner v2.011 - Logfile created 12/07/2012 at 13:16:37 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Zarko - ZARKO-PC # Boot Mode : Normal # Running from : C:\Users\Zarko\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Zarko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) Profile name : default File : C:\Users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\iluejcbp.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\Zarko\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10874 octets] - [03/12/2012 13:05:32] AdwCleaner[R2].txt - [1207 octets] - [06/12/2012 06:07:28] AdwCleaner[R3].txt - [1267 octets] - [07/12/2012 13:16:07] AdwCleaner[s1].txt - [11047 octets] - [03/12/2012 13:09:41] AdwCleaner[s2].txt - [1200 octets] - [07/12/2012 13:16:37] ########## EOF - C:\AdwCleaner[s2].txt - [1260 octets] ##########

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 06:07:28 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Zarko - ZARKO-PC # Boot Mode : Normal # Running from : C:\Users\Zarko\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Zarko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) Profile name : default File : C:\Users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\iluejcbp.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\Zarko\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10874 octets] - [03/12/2012 13:05:32] AdwCleaner[R2].txt - [1017 octets] - [06/12/2012 06:07:28] AdwCleaner[s1].txt - [11047 octets] - [03/12/2012 13:09:41] ########## EOF - C:\AdwCleaner[R2].txt - [1138 octets] ##########

Thanks again, I was able to run ComboFix, attached is the log. Let me know if I need to do something else. ComboFix log.txt

What do I need to do next. The OTL files are attached in previous post.

Now in standard mode under the new user log in evry time I try to open a new web page or tab I get this: Do you want to allow the following program to make changes to this computer? Program name: ssvagent.exe Verified Publisher: Oracle America Inc. File origin: Hard drive on this computer After clicking NO it opens the web page. Thank You for all the help Zarko

I did log-in under new user and did run OTL. Extras.Txt OTL.Txt

I am havig problem diactivating Norton in Safe Mode and I am geting this error(see attachment). Shuld I try to log in under the different user (not in Safe Mode) that I created.

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Zarko [Admin rights] Mode : Scan -- Date : 12/03/2012 16:59:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 17 ¤¤¤ [RUN][HJNAME] HKCU\[...]\Run : conhost (C:\Users\Zarko\AppData\Roaming\Microsoft\conhost.exe) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : EPSON Stylus Photo R1800 (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SBCA2.tmp" /EF "HKCU") -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : Chinese Reader (C:\Users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MDBG\Chinese Reader.appref-ms) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : Adobe ARM ("C:\Users\Zarko\AppData\Roaming\ifgxpers.exe") -> FOUND [RUN][HJNAME] HKUS\S-1-5-21-3832389784-3191397106-927586553-1000[...]\Run : conhost (C:\Users\Zarko\AppData\Roaming\Microsoft\conhost.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3832389784-3191397106-927586553-1000[...]\Run : EPSON Stylus Photo R1800 (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SBCA2.tmp" /EF "HKCU") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3832389784-3191397106-927586553-1000[...]\Run : Chinese Reader (C:\Users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MDBG\Chinese Reader.appref-ms) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3832389784-3191397106-927586553-1000[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3832389784-3191397106-927586553-1000[...]\Run : Adobe ARM ("C:\Users\Zarko\AppData\Roaming\ifgxpers.exe") -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5056GSY ATA Device +++++ --- User --- [MBR] c79f2bd0be0c416046337c7b4be5e0f7 [bSP] 86e0863e50002712c3a8f7a1fcd1f6b6 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12032012_02d1659.txt >> RKreport[1]_S_12032012_02d1659.txt

I did download DDS, tryed to run it , notepad opens with strange unreadable text but someware on the top it reads that can not be run in DOS, I am in Safe Mode

Attached is the mbam-log, In the Protection tab - Protection disabled, not able to chech Enable filesystem protection and Enable malicios website blocking mbam-log-2012-12-03 (15-47-57).txt

I did finaly boot into safe mode and I am runing Malwarebytes scan at the moment

My laptop has the FBI Moneypak Virus, need Help. Widows 7, I was reading some of the blogs but it will help to have step by step instructions, I am not experience and I am afraid that I may make it worst. Thank You