Jump to content

Dept Justice - Moneypack


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490
Run by Josh at 22:21:39 on 2013-06-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1846 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve


uProxyServer = :0
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.1.14\ips\ipsbho.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [FXoIuAOxAoT.exe] c:\programdata\FXoIuAOxAoT.exe
uRun: [HP Officejet 6600 (NET)] "c:\program files\hp\hp officejet 6600\bin\ScanToPCActivationApp.exe" -deviceID "CN231290DG05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [McAfeeSecurePC] rundll32.exe "c:\programdata\mcafeesecurepc\mcafeesecurepc.dll",#3
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpzsetup.lnk - c:\program files\hp\temp\{b2c61ebb-f47c-48ba-b375-27a40f8f48f7}\hpzstub.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}












TCP: NameServer = 192.168.1.1
TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1C67EBB9-B8A5-4441-867A-7A29EC35158B} : DHCPNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604010.00e\symds.sys [2013-2-5 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604010.00e\symefa.sys [2013-2-5 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys [2013-2-5 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20130615.001\IDSvix86.sys [2013-6-17 386720]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys [2013-2-5 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604010.00e\symtdiv.sys [2013-2-5 345208]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.1.14\ccsvchst.exe [2013-2-5 138272]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-18 16:32:59 -------- d-----w- c:\programdata\McAfeeSecurePC
2013-06-18 16:32:54 64512 ----a-w- c:\users\josh\javaw.dll
2013-06-13 23:29:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-12 21:11:43 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:11:41 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:11:40 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:11:32 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 21:11:32 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 21:11:32 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:11:32 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:11:32 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 21:11:26 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 21:11:25 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 21:11:19 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
==================== Find3M  ====================
.
2013-06-15 13:27:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-15 13:27:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09:28 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 22:23:58.84 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 9:39:20 AM
System Uptime: 6/18/2013 10:20:27 PM (0 hours ago)
.
Motherboard: Wistron |  | 3612
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 139.865 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.799 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Adobe Shockwave Player
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Atheros Driver Installation Program
BeerSmith
BeerSmith 2
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink DVD Suite
Destinations
DeviceManagementQFolder
DivX Setup
dj_aio_corporate
DJ_AIO_Software_min
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Facebook Plug-In
Fax
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Officejet 6600 Product Improvement Study
HP Photo Creations
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Product Assistant
HP Quick Launch Buttons 6.40 H2
HP Solution Center 8.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
I.R.I.S. OCR
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java 6 Update 30
LabelPrint
LightScribe System Software  1.14.17.1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
My HP Games
NetWaiting
Norton 360
Norton Internet Security
OGA Notifier 2.0.0048.0
Palm Desktop by ACCESS
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WebReg
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-19 07:04:36
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG002C 232.89GB
Running: lswvhm1k.exe; Driver: C:\Users\Josh\AppData\Local\Temp\uxdirpow.sys

---- System - GMER 2.1 ----

SSDT  87DCD860                                                                       ZwAlertResumeThread
SSDT  87DCD940                                                                       ZwAlertThread
SSDT  87DCB308                                                                       ZwAllocateVirtualMemory
SSDT  87CE4158                                                                       ZwAlpcConnectPort
SSDT  87DCEC20                                                                       ZwAssignProcessToJobObject
SSDT  87DCD5B0                                                                       ZwCreateMutant
SSDT  87DCE940                                                                       ZwCreateSymbolicLinkObject
SSDT  87DCA048                                                                       ZwCreateThread
SSDT  87DCED00                                                                       ZwDebugActiveProcess
SSDT  87DCB4D8                                                                       ZwDuplicateObject
SSDT  87DCB0C0                                                                       ZwFreeVirtualMemory
SSDT  87DCD6A0                                                                       ZwImpersonateAnonymousToken
SSDT  87DCD780                                                                       ZwImpersonateThread
SSDT  87CEEFD0                                                                       ZwLoadDriver
SSDT  87DCDF70                                                                       ZwMapViewOfSection
SSDT  87DCD4D0                                                                       ZwOpenEvent
SSDT  87DCB6B8                                                                       ZwOpenProcess
SSDT  87DCB3F8                                                                       ZwOpenProcessToken
SSDT  87DCEF28                                                                       ZwOpenSection
SSDT  87DCB5C8                                                                       ZwOpenThread
SSDT  87DCEB30                                                                       ZwProtectVirtualMemory
SSDT  87DCDA20                                                                       ZwResumeThread
SSDT  87DCDCC0                                                                       ZwSetContextThread
SSDT  87DCDDA0                                                                       ZwSetInformationProcess
SSDT  87DCEDE0                                                                       ZwSetSystemInformation
SSDT  87DCE008                                                                       ZwSuspendProcess
SSDT  87DCDB00                                                                       ZwSuspendThread
SSDT  87DCA148                                                                       ZwTerminateProcess
SSDT  87DCDBE0                                                                       ZwTerminateThread
SSDT  87DCDE90                                                                       ZwUnmapViewOfSection
SSDT  87DCB1B0                                                                       ZwWriteVirtualMemory
SSDT  87DCEA30                                                                       ZwCreateThreadEx

---- Registry - GMER 2.1 ----

Reg   HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanUserTime  Wed, Jun 19 13, 06:24:52 AM????????????
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanTime      0xF0 0x6C 0xCE 0x01 ...
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@MemoryCacheSize       382803057

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                          unknown MBR code

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Combofix


Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Link to post
Share on other sites

ComboFix 13-06-18.02 - Josh 06/19/2013  22:19:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1844 [GMT -7:00]
Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@
c:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n
c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll
c:\users\Josh\4syprb61rwv6o.exe
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\Yahoo! Sports Fantasy Pro Football Pickem.url
c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe
c:\users\Josh\AppData\Roaming\Ukyco
c:\users\Josh\AppData\Roaming\Ukyco\elke.exe
c:\users\Josh\javaw.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-20 05:27 . 2013-06-20 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 01:02 . 2010-02-28 09:04 232545 ----a-w- c:\windows\system32\zuroehbuid.exe
2013-06-20 01:02 . 2013-06-20 05:31 -------- d-----w- c:\users\Josh\AppData\Roaming\Musacui
2013-06-20 01:02 . 2013-06-20 01:02 -------- d-----w- c:\users\Josh\AppData\Roaming\Xaevi
2013-06-20 01:02 . 2013-06-20 01:09 -------- d-----w- c:\users\Josh\AppData\Roaming\Oquru
2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC
2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Coivdiqoezyrek"="c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe" [2013-06-20 232545]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Coivdiqoezyrek"="c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe" [2013-06-20 232545]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]
.
2013-06-20 c:\windows\Tasks\Security Center Update - 518368305.job
- c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe [2010-02-28 05:31]
.
.
------- Supplementary Scan -------
.


uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-FXoIuAOxAoT.exe - c:\programdata\FXoIuAOxAoT.exe
HKCU-Run-McAfeeSecurePC - c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll
HKCU-Run-Wounb - c:\users\Josh\AppData\Roaming\Ukyco\elke.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzsetup.LNK - c:\program files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\hpzstub.exe -run "c:\program files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\hpzsetup.exe" "-*Stub" "273875162" /rerun 4 -f "c:\windows\hpoins14.dat"
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-19 22:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\windows\system32\zuroehbuid.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-06-19  22:38:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-20 05:38
.
Pre-Run: 151,323,029,504 bytes free
Post-Run: 151,331,270,656 bytes free
.
- - End Of File - - 79BD9DC600818DCC6E5177B63018CFDA
588AE8F0C685C02BA11F30D9CD7E61A0
 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

ComboFix 13-06-20.01 - Josh 06/20/2013   7:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1889 [GMT -7:00]
Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Security Center Update - 518368305.job"
.
file zipped: c:\windows\system32\zuroehbuid.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Josh\AppData\Roaming\Musacui
c:\users\Josh\AppData\Roaming\Musacui\agniyz.exe
c:\users\Josh\AppData\Roaming\Oquru
c:\users\Josh\AppData\Roaming\Xaevi
c:\users\Josh\AppData\Roaming\Xaevi\gezae.teg
c:\users\Josh\Desktop\SMART_HDD.lnk
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\zuroehbuid.exe
c:\windows\Tasks\Security Center Update - 518368305.job
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer518368305
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC
2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]
.
.
------- Supplementary Scan -------
.


uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-20 07:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\program files\SMINST\BLService.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-06-20  07:28:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-20 14:28
ComboFix2.txt  2013-06-20 05:38
.
Pre-Run: 151,255,011,328 bytes free
Post-Run: 151,045,689,344 bytes free
.
- - End Of File - - D152964FEBF2E022C5E6502EA0ED69C3
588AE8F0C685C02BA11F30D9CD7E61A0
Upload was successful
 

Link to post
Share on other sites

Looks good!

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Users\Josh\4syprb61rwv6o.exe.vir a variant of Win32/Kryptik.BDYX trojan
C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\Ukyco\elke.exe.vir Win32/Spy.Zbot.AAO trojan
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 12:09:57
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Josh - LAPTOP-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Josh\Desktop\Malwarebytes\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\Josh\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1066 octets] - [20/06/2013 12:09:57]

########## EOF - C:\AdwCleaner[s1].txt - [1126 octets] ##########

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.67 

 Windows Vista Service Pack 2 x86 (UAC is enabled) 

 Internet Explorer 9 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Norton 360   

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 SUPERAntiSpyware    

 Malwarebytes Anti-Malware version 1.75.0.1300 

 Java 6 Update 30 

 Java version out of Date!

 Adobe Flash Player  11.7.700.224 

 Adobe Reader 9 Adobe Reader out of Date!

 Adobe Reader 10.1.7 Adobe Reader out of Date! 

````````Process Check: objlist.exe by Laurent```````` 

 Norton ccSvcHst.exe

 Josh Desktop Malwarebytes SecurityCheck.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

 

Link to post
Share on other sites

When Windows loads, I get an error notification that states:

 

Run DLL

- Error loading C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll

- The specified module could not be found

 

I can click "OK" and everything seems alright.

The DOJ malware has not locked my computer after connecting to the network.

Link to post
Share on other sites

Hard to believe, but true... :blink:

 

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

ComboFix 13-06-20.01 - Josh 06/20/2013  12:48:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1849 [GMT -7:00]
Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-20 20:02 . 2013-06-20 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 14:40 . 2013-06-20 14:40 -------- d-----w- c:\program files\ESET
2013-06-19 18:21 . 2013-06-19 18:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-18 16:32 . 2013-06-20 05:26 -------- d-----w- c:\programdata\McAfeeSecurePC
2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\McAfeeSecurePC ----
.
.
---- Directory of c:\windows\system32\%APPDATA% ----
.
2013-06-19 18:21 . 2013-06-19 18:32 262144 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#3 [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-20 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]
.
.
------- Supplementary Scan -------
.


uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-20 13:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-06-20  13:05:43
ComboFix-quarantined-files.txt  2013-06-20 20:05
ComboFix2.txt  2013-06-20 14:29
ComboFix3.txt  2013-06-20 05:38
.
Pre-Run: 150,554,206,208 bytes free
Post-Run: 150,587,359,232 bytes free
.
- - End Of File - - 50A1308E13A1C2A2AD2BEAD23C8905C3
588AE8F0C685C02BA11F30D9CD7E61A0
 

Link to post
Share on other sites

OK, we still have some work to do:

 

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

ComboFix 13-06-21.02 - Josh 06/21/2013   6:26.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1558 [GMT -7:00]
Running from: c:\users\Josh\Desktop\Malwarebytes\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\Malwarebytes\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\McAfeeSecurePC
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk
c:\windows\system32\%APPDATA%
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21  )))))))))))))))))))))))))))))))
.
.
2013-06-21 13:39 . 2013-06-21 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 14:40 . 2013-06-20 14:40 -------- d-----w- c:\program files\ESET
2013-06-13 23:29 . 2013-06-14 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-12 21:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 21:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 21:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 21:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 21:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 21:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 00:53 . 2012-04-04 00:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-20 00:53 . 2011-07-24 15:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 23:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 23:21 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 23:21 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-04-06 19:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-13 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:53]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:16]
.
2013-06-21 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-11-18 10:11]
.
2013-06-18 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]
.
.
------- Supplementary Scan -------
.


uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-21 06:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-06-21  06:44:43
ComboFix-quarantined-files.txt  2013-06-21 13:44
ComboFix2.txt  2013-06-20 20:05
ComboFix3.txt  2013-06-20 14:29
ComboFix4.txt  2013-06-20 05:38
.
Pre-Run: 151,418,433,536 bytes free
Post-Run: 151,633,215,488 bytes free
.
- - End Of File - - DDF991908B39EF8C4A1656FA9AD5DA2D
588AE8F0C685C02BA11F30D9CD7E61A0
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 04:35:21
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Josh - LAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Josh\Desktop\Malwarebytes\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1195 octets] - [20/06/2013 12:09:57]
AdwCleaner[s2].txt - [748 octets] - [22/06/2013 04:35:21]

########## EOF - C:\AdwCleaner[s2].txt - [807 octets] ##########

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.67 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 30 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Josh Desktop Malwarebytes SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

Java update

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to

    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)

  • When finished, reboot your computer.
After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.

    The Temporary Files Settings dialog box appears.

  • Click Delete Files.

    The Delete Temporary Files dialog box appears

  • Click OK on Delete Temporary Files window.
  • Click OK again.
Adobe Reader update

Your Adobe Reader is outdated. We will fix this.

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.
Uninstall our tools.

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.
Reading Material

How to protect yourself

  • System Updates

    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.

    Windows XP | Windows Vista |

    Windows 7 | windows 8

  • Protection

    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.

    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.

  • Up to date Software

    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

  • Backups

    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.

  • Brains

    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.