Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Malware & Other Stuff - Need Help Clearing


Laurie

Recommended Posts

Hi

 

It seems per "HITMANPRO" (log below) there is malware and adware junk and it gets worse (more stuff) daily even though I run ASCU6 & IMF2.0 :roll:

 

If true, I hope someone can guide me to clear this.

 

:-D Thank YOU!!! - Laurie

 

I read the instructions for posting a request for malware-spyware removal help here is a summary of my reports/logs

 

(1) IMF Log

(2) DDS Logs

(1) HITMANPRO Log

- - - - - -

 

IObit Malware Fighter

OS: Windows Vista

Version: 2.0.1.12

Define Version: 1239

Time Elapsed: 01:02:02

Objects Scanned: 77726

Threats Found: 0

Save Time: 9/3/2013 9:04:55 PM

|Name|Type|Description|ID|

 

DDS Note Log

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2

Run by HP_Owner at 20:09:40 on 2013-09-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.257 [GMT -7:00]

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ascsvc.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\RacAgent.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN11528837941114822&UM=2&ctid=CT3279417

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned>

BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate\ASCTray.exe" /AutoStart

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

mRunOnce: [Launcher] c:\windows\sminst\launcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{82982B24-BD1D-4F76-BE6E-49EA24AE0F4E} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - <Clsid value has no data>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]

.

=============== Created Last 30 ================

.

2013-09-03 05:45:20 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2013-09-02 21:21:35 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2013-09-02 21:21:18 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2013-09-02 21:21:14 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}

2013-09-02 21:21:12 -------- d-----w- C:\IObit

2013-09-02 21:21:09 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}

2013-08-31 08:39:41 -------- d-----w- c:\users\hp_owner\appdata\local\Amazon

2013-08-31 07:10:25 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-08-31 06:43:54 -------- d-----w- C:\c30bbacfbcb592ec02cf03fc

2013-08-31 03:14:23 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-31 00:28:54 -------- d-----w- c:\programdata\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}

2013-08-30 23:59:44 -------- d-----w- c:\users\hp_owner\appdata\roaming\PerformerSoft

2013-08-30 23:59:40 17920 ----a-w- c:\windows\system32\roboot.exe

2013-08-30 23:58:32 -------- d-----w- c:\users\hp_owner\appdata\local\Conduit

2013-08-30 23:57:04 -------- d-----w- c:\program files\Conduit

2013-08-30 23:55:32 -------- d-----w- c:\program files\wrapper_inst

2013-08-30 23:26:42 -------- d-----w- c:\users\hp_owner\appdata\local\LogMeIn Rescue Applet

2013-08-25 16:51:31 -------- d-----w- c:\programdata\BlueSprig

2013-08-25 16:41:07 -------- d-----w- c:\users\hp_owner\appdata\roaming\BlueSprig

2013-08-25 16:40:57 -------- d-----w- c:\program files\BlueSprig

2013-08-25 15:49:28 -------- d-----w- c:\programdata\hsswpr

2013-08-24 03:37:21 -------- d-----w- c:\windows\system32\MRT

2013-08-24 03:33:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-08-24 03:33:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-08-24 03:33:01 149656 ----a-w- c:\program files\internet explorer\sqmapi.dll

2013-08-24 03:33:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2013-08-24 03:33:00 194560 ----a-w- c:\program files\internet explorer\IEShims.dll

2013-08-24 03:33:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-24 03:29:43 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-24 03:29:42 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-24 03:29:40 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 03:29:36 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-24 03:29:36 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-08-24 03:29:32 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 03:29:08 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 03:29:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 03:29:07 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 03:27:49 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 03:27:49 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 03:27:48 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-24 03:27:48 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-08-23 23:48:23 398336 ----a-w- c:\windows\system32\TVWizudlg.exe

2013-08-23 23:48:23 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2013-08-23 23:32:46 80488 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-08-23 23:32:46 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys

2013-08-23 23:32:46 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-08-23 23:30:43 396136 ----a-w- c:\windows\system32\itpcoin82.dll

2013-08-20 02:36:00 -------- d-----w- c:\users\hp_owner\appdata\roaming\Dropbox

2013-08-07 21:43:12 -------- d-----w- c:\program files\iPod

2013-08-07 21:40:30 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-07 21:40:30 -------- d-----w- c:\program files\iTunes

2013-08-07 21:21:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-08-07 21:21:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-08-07 21:21:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-08-07 21:21:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-08-07 21:21:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2013-08-24 01:35:02 997912 ----a-w- c:\windows\system32\igxpun.exe

2013-08-23 23:27:35 345328 ----a-w- c:\windows\system32\SRSTSXT.dll

2013-08-21 13:13:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-21 13:13:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-06 05:03:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-06 05:03:47 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-07-06 05:03:47 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-24 04:06:48 10965504 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 20:17:28.79 ===============

 

DDS Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/26/2007 7:57:28 PM

System Uptime: 9/3/2013 7:54:08 PM (1 hours ago)

.

Motherboard: Quanta | | 30CC

Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 62.063 GiB free.

D: is FIXED (NTFS) - 7 GiB total, 0.695 GiB free.

E: is CDROM (CDFS)

F: is FIXED (NTFS) - 1 GiB total, 1.03 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP534: 9/3/2013 2:18:19 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe Digital Editions 2.0

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Advanced SystemCare Ultimate 6

Amazon Kindle

Apple Application Support

Apple Software Update

BlackBerry Desktop Software 7.1

Bonjour

EPSON Scan

EPSON WorkForce 500 Series Printer Uninstall

ESU for Microsoft Vista

Fuze Meeting

Google Chrome

Google Update Helper

GoToMeeting 5.8.0.1189

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Active Support Library 32 bit components

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Quick Launch Buttons

HP QuickPlay 3.2

HP Update

HP User Guides 0057

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Intel® TV Wizard

IObit Malware Fighter

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 37

Java SE Runtime Environment 6

LightScribe 1.4.136.1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MotoHelper MergeModules

MSCU for Microsoft Vista

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.0

My HP Games

OpenOffice.org 2.0

OverDrive Media Console

PSSWCORE

QLBCASL

QuickTime

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Simple Adblock

Skype Click to Call

Skype™ 5.10

Smart Defrag 2

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

.

==== Event Viewer Messages From Past Week ========

.

9/3/2013 7:56:30 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/3/2013 7:56:30 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.

9/3/2013 7:56:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/3/2013 7:56:30 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.

9/3/2013 7:56:30 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/3/2013 7:56:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/3/2013 7:56:10 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

9/3/2013 7:56:10 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/3/2013 7:50:13 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

9/3/2013 1:09:13 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

9/2/2013 7:45:23 AM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/2/2013 7:23:24 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

9/2/2013 2:21:19 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/2/2013 1:16:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/2/2013 1:16:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

9/2/2013 1:16:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/2/2013 1:16:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/2/2013 1:15:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

9/2/2013 1:15:24 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/2/2013 1:15:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/2/2013 1:04:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2013 12:35:55 AM, Error: Microsoft Antimalware [2001] -

8/31/2013 12:06:54 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).

8/31/2013 12:00:05 AM, Error: EventLog [6008] - The previous system shutdown at 11:57:43 PM on 8/30/2013 was unexpected.

8/30/2013 9:46:45 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/30/2013 7:58:37 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

8/30/2013 11:43:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

8/30/2013 11:42:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

8/30/2013 11:42:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

8/29/2013 10:11:35 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/29/2013 10:10:59 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).

8/29/2013 10:10:37 AM, Error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).

8/29/2013 10:10:31 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

8/28/2013 10:10:49 AM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

 

HitmanPro 3.7.7.205
www.hitmanpro.com[/b]
  Computer name . . . . : HP_OWNER-PC
  Windows . . . . . . . : 6.0.2.6002.X86/2
  User name . . . . . . : HP_Owner-PC\HP_Owner
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (Expired)
  Scan date . . . . . . : 2013-09-03 21:17:28
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 7m 43s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 7
  Traces  . . . . . . . : 100
  Objects scanned . . . : 1,782,690
  Files scanned . . . . : 24,091
  Remnants scanned  . . : 261,631 files / 1,496,968 keys
Malware __________________________________________________________________
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
     Size . . . . . . . : 438,784 bytes
     Age  . . . . . . . : 279.1 days (2012-11-28 18:17:25)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : D25891C93440113E7A6C0C214157B82C3346290BEFE5748E4204A600FDC057A2
   > Ikarus . . . . . . : AdWare.Yotoon!IK
     Fuzzy  . . . . . . : 106.0
Potential Unwanted Programs _________________________________________________
  C:\Program Files\Conduit\ (Conduit)
  C:\Program Files\Conduit\Community Alerts\ (Conduit)
  C:\Program Files\Conduit\Community Alerts\Alert.dll (Conduit)
     Size . . . . . . . : 638,560 bytes
     Age  . . . . . . . : 4.2 days (2013-08-30 16:58:54)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
     Product  . . . . . : Alert
     Publisher  . . . . : Conduit Ltd.
     Description  . . . : Alert
     Version  . . . . . : 1.1.4.1
     Copyright  . . . . : Copyright © Conduit Ltd. 2011.
     RSA Key Size . . . : 1024
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -5.0
     Forensic Cluster
         0.0s C:\Program Files\Conduit\Community Alerts\
         0.0s C:\Program Files\Conduit\Community Alerts\Alert.dll
         0.4s C:\Users\HP_Owner\AppData\LocalLow\Conduit\Community Alerts\Log\
         0.4s C:\Users\HP_Owner\AppData\LocalLow\Conduit\Community Alerts\
  C:\Program Files\Conduit\CT3279417\plugins\ (Conduit)
  C:\Program Files\Conduit\CT3279417\plugins\TBVerifier.dll (Conduit)
     Size . . . . . . . : 287,008 bytes
     Age  . . . . . . . : 4.2 days (2013-08-30 16:57:05)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : C3B39F220B2249039613D2D5396E0BB8D61867CE5CEA402C60C74F78AFF08876
     Product  . . . . . : Conduit Toolbar Verifier
     Publisher  . . . . : Conduit Ltd.
     Description  . . . : Conduit Toolbar Verifier
     Version  . . . . . : 1.0.4.0
     Copyright  . . . . : Copyright © 2013 All Rights Reserved
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -5.0
     Forensic Cluster
        -0.7s C:\Program Files\Conduit\
        -0.7s C:\Program Files\Conduit\CT3279417\
        -0.7s C:\Program Files\Conduit\CT3279417\plugins\
        -0.7s C:\Program Files\Conduit\CT3279417\plugins\
        -0.7s C:\Program Files\Conduit\CT3279417\plugins\
         0.0s C:\Program Files\Conduit\CT3279417\plugins\TBVerifier.dll
         0.0s C:\Program Files\Conduit\CT3279417\plugins\TBVerifier.dll
         0.6s C:\Users\HP_Owner\AppData\LocalLow\Conduit\ChromeExtData\hndppnmigdlfmdegjjdmjoeinbbceihi\Repository\
         0.6s C:\Users\HP_Owner\AppData\LocalLow\Conduit\ChromeExtData\hndppnmigdlfmdegjjdmjoeinbbceihi\Repository\
         0.6s C:\Users\HP_Owner\AppData\LocalLow\Conduit\ChromeExtData\hndppnmigdlfmdegjjdmjoeinbbceihi\
         0.8s C:\Users\HP_Owner\AppData\LocalLow\Conduit\ChromeExtData\hndppnmigdlfmdegjjdmjoeinbbceihi\Repository\ToolbarUserId.txt
         0.8s C:\Users\HP_Owner\AppData\LocalLow\Conduit\ChromeExtData\hndppnmigdlfmdegjjdmjoeinbbceihi\Repository\ToolbarFullUserID.txt
         4.4s C:\Users\HP_Owner\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx

  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
  C:\Users\HP_Owner\AppData\Local\Conduit\ (Conduit)
  HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
  HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
  HKU\S-1-5-21-2361194988-2416449815-516093924-1000\Software\AppDataLow\Software\SmartBar\ (Conduit)
  HKU\S-1-5-21-2361194988-2416449815-516093924-1000\Software\Softonic\ (Softonic)
Repairs _________________________________________________________________
  Proxy server on this computer (User)
  127.0.0.1:8555

Link to comment
Share on other sites

Laurie

 

I am sure Superdave will assist you shortly. However, if I may ask a question to satisy my curiosity only. Why do you believe you have malware and adware junk on your machine. I cannot see anything that would indicate this. What in Hitman indicates an issue to you.

 

This is not my area of expertise, but it would be of interest to me how you arrived at your conclusion.

Link to comment
Share on other sites

Hi Scannan,

Thank you for your reply and inquiry.

iOBIT support from my first story installed HITMANPRO on my laptop and did not uninstall. It is a free intro scan only version and showed virus/malware when iOBIT guy ran it so I ran it today & it still shows the malware and adware (the log is on the bottom of my previous post but here is a snap shot:

 

Malware _____________________________________________________

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

Size . . . . . . . : 438,784 bytes

Age . . . . . . . : 279.1 days (2012-11-28 18:17:25)

Entropy . . . . . : 6.4

SHA-256 . . . . . : D25891C93440113E7A6C0C214157B82C3346290BEFE5748E4204A600FDC057A2

> Ikarus . . . . . . : AdWare.Yotoon!IK

Fuzzy . . . . . . : 106.0

Link to comment
Share on other sites

Laurie

 

Thank you for the reply. As I said, it is not my area of expertise. I presume it was the same Iobit support guy that was not very helpful or successful with your previous problem. I do not know why he downloaded Hitman. It will be interesting to see what Superdave makes of it.

 

In the meantime do not panic.

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Please download Junkware Removal Tool to your desktop.

 

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

 

Shut down your protection software now to avoid potential conflicts.

 

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

 

•The tool will open and start scanning your system.

 

•Please be patient as this can take a while to complete depending on your system's specifications.

 

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•Copy and Paste the JRT.txt log into your next message.

*****************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites

Rock Star! :-D SuperDave!!!

 

Thank you for guiding me to clean my laptop.

The following are the log results per your instructions.

I hope my machine gets a good report card from you!

 

:grin: Laurie"

 

# AdwCleaner v3.002 - Report created 05/09/2013 at 22:17:19

# Updated 01/09/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : HP_Owner - HP_OWNER-PC

# Running from : C:\Users\HP_Owner\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\HP_Owner\AppData\Local\Conduit

Folder Deleted : C:\Users\HP_Owner\AppData\Local\cre

Folder Deleted : C:\Users\HP_Owner\AppData\Local\PackageAware

Folder Deleted : C:\Users\HP_Owner\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\HP_Owner\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\HP_Owner\AppData\Roaming\PerformerSoft

File Deleted : C:\END

File Deleted : C:\Windows\system32\roboot.exe

File Deleted : C:\Program Files\Mozilla Firefox\user.js

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Product Deleted : Google Update Helper

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16502

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Google Chrome v29.0.1547.62

 

[ File : C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : urls_to_restore_on_startup

 

[ File : C:\Users\Hawaii\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [5708 octets] - [05/09/2013 22:15:24]

AdwCleaner[s0].txt - [5690 octets] - [05/09/2013 22:17:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5750 octets] ##########

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

http://www.malwarebytes.org

 

Database version: v2013.09.06.03

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

HP_Owner :: HP_OWNER-PC [administrator]

 

Protection: Enabled

 

9/6/2013 7:16:40 AM

mbam-log-2013-09-06 (07-16-40).txt

 

Scan type: Full scan (C:\|D:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 418731

Time elapsed: 1 hour(s), 46 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\Program Files\wrapper_inst\service.exe (PUP.Optional.Chatzum) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Users\HP_Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.

 

(end)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.8 (09.05.2013:1)

OS: Windows Vista Home Premium x86

Ran by HP_Owner on Fri 09/06/2013 at 16:28:36.25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2E25448-4568-4A62-9704-80B1CE00CB33}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{266B0F19-BF0E-4E12-8518-86D59D5A63A5}

 

~~~ Files

 

~~~ Folders

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 09/06/2013 at 16:31:19.93

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Results of screen317's Security Check version 0.99.73

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Advanced SystemCare Ultimate

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 37

Java 7 Update 25

Java SE Runtime Environment 6

Adobe Flash Player 11.8.800.94

Adobe Reader 10.1.7 Adobe Reader out of Date!

Google Chrome 29.0.1547.62

Google Chrome 29.0.1547.66

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSASCui.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Windows Defender MSASCui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Link to comment
Share on other sites

You can uninstall Java 6 Update 37. It is no longer needed.

 

Download Combofix from any of the links below, and save it to your DESKTOP.

If your version of Windows defaults to you download folder you will need to copy it to your desktop.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.
     
    You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Link to comment
Share on other sites

Hey :-D SuperDave,

 

Once again, thank you!

 

Here's the ComboFix Log

 

Hoping you have a good report card for this one!

 

Cheers,

Laurie" :lol:

 

ComboFix 13-09-06.01 - HP_Owner 09/07/2013 15:35:15.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.888 [GMT -7:00]

Running from: c:\users\HP_Owner\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\SPL3863.tmp

c:\users\HP_Owner\AppData\Local\assembly\tmp

c:\users\HP_Owner\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-08-08 to 2013-09-08 )))))))))))))))))))))))))))))))

.

.

2013-09-07 22:59 . 2013-09-08 00:42 -------- d-----w- c:\users\HP_Owner\AppData\Local\temp

2013-09-07 07:02 . 2013-09-07 07:02 -------- d-----w- c:\program files\Common Files\Skype

2013-09-07 04:47 . 2012-03-15 21:16 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2013-09-06 23:28 . 2013-09-06 23:28 -------- d-----w- c:\windows\ERUNT

2013-09-06 08:39 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-06 08:39 . 2013-09-06 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-06 05:15 . 2013-09-06 05:17 -------- d-----w- C:\AdwCleaner

2013-09-04 14:20 . 2013-08-20 07:47 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FF12003-B422-4C1D-942B-FE7747A63E87}\mpengine.dll

2013-09-03 05:45 . 2013-05-23 01:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2013-09-02 21:21 . 2013-09-02 21:21 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}

2013-09-02 21:21 . 2013-09-02 21:21 -------- d-----w- C:\IObit

2013-09-02 21:21 . 2013-09-02 21:21 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}

2013-08-31 08:59 . 2013-08-31 08:59 -------- d-----w- c:\program files\7-Zip

2013-08-31 08:39 . 2013-08-31 08:40 -------- d-----w- c:\users\HP_Owner\AppData\Local\Amazon

2013-08-31 07:10 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-08-31 06:43 . 2013-08-31 06:43 -------- d-----w- C:\c30bbacfbcb592ec02cf03fc

2013-08-31 06:36 . 2013-09-02 23:59 -------- d-----w- c:\users\Hawaii

2013-08-31 03:14 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-31 00:28 . 2013-08-31 00:28 -------- d-----w- c:\programdata\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}

2013-08-30 23:55 . 2013-09-06 16:23 -------- d-----w- c:\program files\wrapper_inst

2013-08-30 23:26 . 2013-08-31 03:05 -------- d-----w- c:\users\HP_Owner\AppData\Local\LogMeIn Rescue Applet

2013-08-25 16:51 . 2013-08-25 16:51 -------- d-----w- c:\programdata\BlueSprig

2013-08-25 16:41 . 2013-08-25 16:41 -------- d-----w- c:\users\HP_Owner\AppData\Roaming\BlueSprig

2013-08-25 16:40 . 2013-08-25 16:51 -------- d-----w- c:\program files\BlueSprig

2013-08-25 15:49 . 2013-08-25 15:49 -------- d-----w- c:\programdata\hsswpr

2013-08-24 03:37 . 2013-08-24 03:41 -------- d-----w- c:\windows\system32\MRT

2013-08-24 03:33 . 2013-07-25 02:42 149656 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-08-24 03:33 . 2013-07-25 02:23 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-08-24 03:33 . 2013-07-25 02:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-08-24 03:33 . 2013-07-25 02:25 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2013-08-24 03:33 . 2013-07-25 02:24 194560 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2013-08-24 03:33 . 2013-07-25 02:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-24 03:29 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-24 03:29 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-24 03:29 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 03:29 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-24 03:29 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-08-24 03:29 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 03:29 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 03:29 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 03:29 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 03:27 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 03:27 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 03:27 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-08-24 03:27 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-23 23:48 . 2009-02-26 18:05 398336 ----a-w- c:\windows\system32\TVWizudlg.exe

2013-08-23 23:48 . 2009-02-26 18:04 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2013-08-23 23:32 . 2013-08-23 23:32 80488 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-08-23 23:32 . 2013-08-23 23:32 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys

2013-08-23 23:32 . 2013-08-23 23:32 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-08-23 23:30 . 2013-08-23 23:30 396136 ----a-w- c:\windows\system32\itpcoin82.dll

2013-08-20 02:36 . 2013-08-20 04:38 -------- d-----w- c:\users\HP_Owner\AppData\Roaming\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-24 01:35 . 2007-05-14 10:56 997912 ----a-w- c:\windows\system32\igxpun.exe

2013-08-23 23:34 . 2007-05-14 09:33 51712 ----a-w- c:\windows\system32\igfxsrvc.dll

2013-08-23 23:34 . 2007-05-14 09:33 257536 ----a-w- c:\windows\system32\igfxTMM.dll

2013-08-23 23:34 . 2007-05-14 09:33 5702656 ----a-w- c:\windows\system32\igfxress.dll

2013-08-23 23:34 . 2008-02-12 01:47 200192 ----a-w- c:\windows\system32\igfxpph.dll

2013-08-23 23:34 . 2008-02-12 01:46 275968 ----a-w- c:\windows\system32\igfxrenu.lrc

2013-08-23 23:34 . 2007-05-14 09:33 210432 ----a-w- c:\windows\system32\igfxdev.dll

2013-08-23 23:34 . 2007-05-14 09:33 3821568 ----a-w- c:\windows\system32\igdumd32.dll

2013-08-23 23:34 . 2007-05-14 09:33 94208 ----a-w- c:\windows\system32\hccutils.dll

2013-08-23 23:27 . 2007-03-08 21:20 3173008 ----a-w- c:\windows\system32\RtkAPO.dll

2013-08-21 13:13 . 2012-04-22 16:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-21 13:13 . 2011-09-26 21:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-07 11:22 . 2011-11-14 17:06 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-07-06 05:03 . 2013-07-06 05:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-06 05:03 . 2012-07-05 05:56 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-07-06 05:03 . 2011-09-26 21:36 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-24 04:06 . 2013-03-24 02:57 10965504 ----a-w- c:\program files\Common Files\lpuninstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-23 150552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^HP_Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-05-31 18:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2009-11-24 18:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2013-01-17 23:08 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]

2013-08-23 23:27 10996368 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2361194988-2416449815-516093924-1000]

"EnableNotificationsRef"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-06 06:35 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 13:13]

.

2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-05 19:15]

.

2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-05 19:15]

.

2013-09-07 c:\windows\Tasks\HPCeeScheduleForHawaii.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]

.

2013-09-04 c:\windows\Tasks\HPCeeScheduleForHP_Owner.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - (no file)

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

SafeBoot-Wdf01000.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-ConduitFloatingPlugin_hndppnmigdlfmdegjjdmjoeinbbceihi - c:\program files\Conduit\CT3279417\plugins\TBVerifier.dll

MSConfigStartUp-lxctmon - (no file)

MSConfigStartUp-pcreg - c:\program files\wrapper_inst\service.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-07 17:43

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f8,79,

7b,57,ae,49,03,dd,eb,c2,43,63,68,39,15

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Completion time: 2013-09-07 17:47:09 - machine was rebooted

ComboFix-quarantined-files.txt 2013-09-08 00:47

.

Pre-Run: 65,825,992,704 bytes free

Post-Run: 66,391,142,400 bytes free

.

- - End Of File - - 4592FBEA08D5065B2EA378B23B53A13B

1A1A06F62E891045814007163C1C76C3

Link to comment
Share on other sites

That's looking good. Here's another scanner.

 

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Link to comment
Share on other sites

:-D Hey Rock Star :-P Superdave,

 

What's next?

 

RK is complete.

 

Cheers,

Laurie 8-)

 

DN Report

RogueKiller V8.6.9 [sep 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : HP_Owner [Admin rights]

Mode : DNSFix -- Date : 09/07/2013 20:00:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

Finished : << RKreport[0]_DN_09072013_200015.txt >>

RKreport[0]_D_09072013_195346.txt;RKreport[0]_H_09072013_195402.txt;RKreport[0]_S_09072013_195324.txt

 

PR Report

RogueKiller V8.6.9 [sep 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : HP_Owner [Admin rights]

Mode : ProxyFix -- Date : 09/07/2013 20:00:06

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

Finished : << RKreport[0]_PR_09072013_200006.txt >>

RKreport[0]_D_09072013_195346.txt;RKreport[0]_H_09072013_195402.txt;RKreport[0]_S_09072013_195324.txt

 

H Report

RogueKiller V8.6.9 [sep 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : HP_Owner [Admin rights]

Mode : HOSTSFix -- Date : 09/07/2013 19:54:02

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ Reset HOSTS: ¤¤¤

127.0.0.1 localhost

 

 

Finished : << RKreport[0]_H_09072013_195402.txt >>

RKreport[0]_D_09072013_195346.txt;RKreport[0]_S_09072013_195324.txt

 

D Report

RogueKiller V8.6.9 [sep 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : HP_Owner [Admin rights]

Mode : Remove -- Date : 09/07/2013 19:53:46

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F2C140)

[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F2C140)

[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA5A)

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA2C)

[Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA88)

[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F27B70)

[Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F27B3C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 +++++

--- User ---

[MBR] 051d38c85853aa4a3cba0e5df934f985

[bSP] c39d26b2944779cb28c982f13ef7cac7 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229993 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 471025800 | Size: 7357 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 486094848 | Size: 1122 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] e1c8c0f8f6fe815f17ff5e3a71486e72

[bSP] 964764d30d96fe8acd58e826b56d805b : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24591 Mo

1 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 50379840 | Size: 400 Mo

 

Finished : << RKreport[0]_D_09072013_195346.txt >>

RKreport[0]_S_09072013_195324.txt

 

S Report

RogueKiller V8.6.9 [sep 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : HP_Owner [Admin rights]

Mode : Scan -- Date : 09/07/2013 19:53:24

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F2C140)

[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F2C140)

[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA5A)

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA2C)

[Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F1AA88)

[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F27B70)

[Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82F27B3C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Root.MBR ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 +++++

--- User ---

[MBR] 051d38c85853aa4a3cba0e5df934f985

[bSP] c39d26b2944779cb28c982f13ef7cac7 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229993 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 471025800 | Size: 7357 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 486094848 | Size: 1122 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] e1c8c0f8f6fe815f17ff5e3a71486e72

[bSP] 964764d30d96fe8acd58e826b56d805b : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 24591 Mo

1 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 50379840 | Size: 400 Mo

 

Finished : << RKreport[0]_S_09072013_195324.txt >>

Link to comment
Share on other sites

Video and TAB Issues

 

Hi Superdave :razz:

 

Some Videos are now not playing

 

With all the work we've done some videos will now not play?

 

Example: AGT http://www.nbc.com/americas-got-talent

 

Please forgive my ignorance... Does JAVA have anything to do with videos?

 

Remember we uninstalled "Java 6 Update 37"

 

Either or, do you know what causes the videos to now not work?

 

Also, Chrome is acting weird. Everytime I open a new TAB it retains the previous TAB content but in the address the URL is the new website I want. I can refresh the new TAB page and the content changes to match the URL address, but do you know WHY it's doing that? :roll:

 

Thank You!

Laurie"

Link to comment
Share on other sites

PS Chrome Bookmark Bar

 

Hi Superdave,

 

One more thing since I began the cleaning ... another odd thing in Chrome is my bookmarks bar is unstable :roll:

 

Sometimes it disappears and sometimes it is not end-2-end, there are gaps on both left and right ends, looks like the bookmark bar is just floating not attached to anything like usual.

 

I hope you understand and can provide insight.

 

Thank YOU!!!

Laurie"

Link to comment
Share on other sites

Yes, we uninstalled it because there was a newer version installed. Go to the Java site and get all the updates.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

************************************************

Please run RogueKiller again and delete those items.

I am required to give you this waring.

 

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

 

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

 

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

 

What danger is presented by rootkits?

Rootkits and how to combat them

r00tkit Analysis: What Is A Rootkit

 

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

What Should I Do If I've Become A Victim Of Identity Theft?

Identity Theft Victims Guide - What to do

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot

be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

When should I re-format? How should I reinstall?

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Where to draw the line? When to recommend a format and reinstall?

 

Guides for format and reinstall:

 

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

 

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.

If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

 

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Link to comment
Share on other sites

Hi Superdave!

 

Thank You!

 

I ran the JavaRa, though I don't have a log

 

Before I received your instructions, I installed Java 7 Update 25

 

Should I uninstall to install Sun Java Runtime Environment 6 Update 43?

 

If yes, which Java SE Environment do I run for Windows Vista (see below for options)?

 

Thank You :-D

Laurie:

 

http://www.oracle.com/technetwork/java/javase/downloads/jre6downloads-1902815.html

 

Java SE Runtime Environment 6 Update 45

You must accept the Oracle Binary Code License Agreement for Java SE to download this software.

 

Thank you for accepting the Oracle Binary Code License Agreement for Java SE; you may now download this software.

 

Product / File Description

File Size

Download

Linux x86 20.24 MB jre-6u45-linux-i586-rpm.bin

Linux x86 20.76 MB jre-6u45-linux-i586.bin

Linux x64 19.82 MB jre-6u45-linux-x64-rpm.bin

Linux x64 20.39 MB jre-6u45-linux-x64.bin

Solaris x86 20.4 MB jre-6u45-solaris-i586.sh

Solaris SPARC 25.19 MB jre-6u45-solaris-sparc.sh

Solaris SPARC 64-bit 11.21 MB jre-6u45-solaris-sparcv9.sh

Solaris x64 7.54 MB jre-6u45-solaris-x64.sh

Windows x86 Online 0.87 MB jre-6u45-windows-i586-iftw.exe

Windows x86 Offline 16.3 MB jre-6u45-windows-i586.exe

Windows x64 11 MB jre-6u45-windows-x64.exe

Linux Intel Itanium 19.36 MB jre-6u45-linux-ia64-rpm.bin

Linux Intel Itanium 21.9 MB jre-6u45-linux-ia64.bin

Windows Intel Itanium 20.0 MB jre-6u45-windows-ia64.exe

Link to comment
Share on other sites

Hi Superdave,

 

I decided I want to install Java SE

 

Please advise which one should I install for my VISTA 32-bit?

 

Java SE Runtime Environment 6 Update 45

Download

Windows x86 Online 0.87 MB jre-6u45-windows-i586-iftw.exe

Windows x86 Offline 16.3 MB jre-6u45-windows-i586.exe

Windows x64 11 MB jre-6u45-windows-x64.exe

http://www.oracle.com/technetwork/ja...s-1902815.html

Link to comment
Share on other sites

Hi Superdave,

 

I decided I want to install Java SE

 

Please advise which one should I install for my VISTA 32-bit?

 

Java SE Runtime Environment 6 Update 45

Download

Windows x86 Online 0.87 MB jre-6u45-windows-i586-iftw.exe

Windows x86 Offline 16.3 MB jre-6u45-windows-i586.exe

Windows x64 11 MB jre-6u45-windows-x64.exe

http://www.oracle.com/technetwork/ja...s-1902815.html

 

No, I meant did you decide to clean the computer or reformat?

Link to comment
Share on other sites

Hi Superdave,

 

Thank you for clarity.

 

Let me catch up with our "WIP" work in progress.

 

I did miss the BIG message under the JAVA info in your second to last msg.

 

Once I did get a chance to review your notes I realized you saw something that was foreign to me "root.mbr" viruses.

 

I spent hours doing research and came up with a plan of action that I am still in process of completing.

 

Currently, the best part is I'm pretty sure after triple checking that I do not have root.mbr issue.

 

In doing my research I also found horrible reports about JAVA security holes when I was bragging to one of my tech geek friends about all the hours of cleaning work I did on my machine and how fun it is to work with you, Superdave.

 

When I asked him which JAVA for Windows should I download out of the three Windows choices none of which said Vista (and that was one answer I did not get from you) he (annoyingly) nonchalantly said "oh I don't have JAVA on any one of my three machines due to its security issues" :roll: I'm like WHAT?

 

Superdave, I can now say that all the work we've done, plus I completely uninstalled any and all JAVA programs AND my machine is like brand new, fast, responsive, no quirks, where before I could not have more than 18-20 tabs open on chrome doing my virus root.mbr research I ended up with over 30 (don't ask) wary for the typical shockwave flash crash and NO crashes, NO issues, no delays, my machine is like brand new fast and smooth and cooperative! I am so happy!!! THANK YOU!!!

 

There are still some loose ends I need to complete with this machine before I can say this story is complete. Doing my best to take notes so I can provide a good conclusion hoping it helps others who may have similar situation.

 

In the meantime, I have huge projects for my business, and out of town relatives visiting one from Italy and one arriving in couple days from Denver.

 

No worries, I will be back with what I hope will be-a-final report-within-24-48-hours.

 

YOU ARE A ROCK STAR SUPERDAVE!!!

 

Thank You!!!

Laurie" :-D

Link to comment
Share on other sites

Resolved!

 

Hi Superdave :-D

 

Thank you for all your super guidance.

 

After test driving my laptop for several days it seems all glitches although a nuance, were not critical.

 

After working with you and the others on iOBIT Forum, my new Advanced System Care 6 Ultimate and more, I am now better educated to keep a cleaner, more well-tuned pc laptop than ever before.

 

I hope this helped others too.

 

In Gratitude,

Laurie"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...