Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think we have an infection (or two) [Solved]


  • This topic is locked This topic is locked

#31
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

That was easy :-)

 

The type of the file system is NTFS.
Volume label is COMPAQ.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
  5623 large file records processed.                            

  0 bad file records processed.                              

  2 EA records processed.                                    

  88 reparse records processed.                               

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
  0 unindexed files processed.                               

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
  30264 data files processed.                                    

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

 196860928 KB total disk space.
 172096164 KB in 139475 files.
     84888 KB in 30265 indexes.
         0 KB in bad sectors.
    377836 KB in use by the system.
     65536 KB occupied by the log file.
  24302040 KB available on disk.

      4096 bytes in each allocation unit.
  49215232 total allocation units on disk.
   6075510 allocation units available on disk.
 


  • 0

Advertisements


#32
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, that's good news for your computer!

 

Now, here's what I think. We need to eliminate Norton. Some who do this type of work have a saying, when all else fails...remove Norton.

 

I'm going to let this part be your decision, but if you agree, I would like you to uninstall Norton completely. I suspect that something is either wrong with the product in general or your installation.

 

Sometimes is comes out easily using the Uninstall feature with Norton. If not, Symantic (makers of Norton) have a tool here that will uninstall Norton. Once it is uninstalled, then enable Defender (here is a Video).  Defender is a fine alternative until we can figure out what's what.

 

Ok, assuming Norton is out and Defender is in. I'd like you to disable Defender temporarily try and re-run aswMBR, GMER and RogueKiller (see previous instructions). Where I'm going with this is that none of these tools should cause your computer angst unless something is interfering, such as Malware (which I've not ruled out since we can't get clean runs of the tools) or some layered product (such as Norton, etc.).  

 

Let me know how this goes.


  • 0

#33
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

That was relatively simple...

 

Edit; I uninstalled Norton with their uninstall tool and am now running with defender.

I ran GMER first followed by aswMBR and Rogue Killer.

The GMER log looks very small.

I had a blue screen when I started aswMBR but once restarted it ran without problems.

Rogue Killer gave me a message that the version I had was out of date so I found their page online and got another one.  The link you pasted in one of your earlier replies didn’t work anymore, is that normal?

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-27 11:15:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.AHA 232,89GB
Running: eeqef0sv.exe; Driver: C:\Users\Siggi\AppData\Local\Temp\fwlyapob.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----

 

 

 

 

 

 

 

 

 

 

 

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-27 11:20:51
-----------------------------
11:20:51.200    OS Version: Windows 6.0.6002 Service Pack 2
11:20:51.200    Number of processors: 2 586 0xF0D
11:20:51.201    ComputerName: A-PROBLEM  UserName: Siggi
11:20:52.445    Initialize success
11:20:52.500    VM: initialized successfully
11:20:52.502    VM: Intel CPU virtualization not supported
11:20:55.900    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:20:55.907    Disk 0 Vendor: ST3250310AS 3.AHA Size: 238475MB BusType: 3
11:20:56.104    Disk 0 MBR read successfully
11:20:56.108    Disk 0 MBR scan
11:20:56.112    Disk 0 unknown MBR code
11:20:56.118    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       192247 MB offset 63
11:20:56.122    Disk 0 Partition - 00     05     Extended             36065 MB offset 393723902
11:20:56.154    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10158 MB offset 467586000
11:20:56.218    Disk 0 Partition 3 00     83        Linux             31981 MB offset 393723904
11:20:56.224    Disk 0 Partition - 00     05     Extended              4084 MB offset 459220992
11:20:56.256    Disk 0 scanning sectors +488391120
11:20:56.404    Disk 0 scanning C:\Windows\system32\drivers
11:21:11.468    Service scanning
11:21:22.378    Modules scanning
11:21:22.383    Disk 0 trace - called modules:
11:21:22.408    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
11:21:22.413    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e94ac8]
11:21:22.423    3 CLASSPNP.SYS[8b1c88b3] -> nt!IofCallDriver -> [0x856be918]
11:21:22.428    5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85699528]
11:21:22.438    Disk 0 statistics 63505/0/0 @ 2,02 MB/s
11:21:22.448    Scan finished successfully
11:23:37.703    Disk 0 MBR has been saved successfully to "C:\Users\Siggi\Desktop\MBR.dat"
11:23:37.713    The log file has been saved successfully to "C:\Users\Siggi\Desktop\aswMBR.txt"

 

 

 

 

 

 

 

 

 

 

 

 

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Siggi [Administrator]
Mode : Scan -- Date : 02/27/2015  11:37:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Siggi\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Siggi\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Siggi\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Siggi\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Siggi\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Siggi\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Siggi\AppData\Local\Temp\catchme.sys) -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] b9wt8fzb.default-1424953480022 : user_pref("browser.startup.homepage", "https://duckduckgo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] fdff0413f6057589f1bc53ee4051ada8
[BSP] 24803d242441969940a3213fd36f5f35 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 192247 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 393723902 | Size: 36065 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 467586000 | Size: 10158 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_02122015_110004.log - RKreport_DEL_02122015_112842.log - RKreport_DEL_02122015_112852.log - RKreport_DEL_02122015_112857.log
RKreport_DEL_02122015_112900.log - RKreport_DEL_02122015_112905.log - RKreport_DEL_02122015_112910.log - RKreport_DEL_02122015_112913.log
RKreport_DEL_02122015_112916.log - RKreport_DEL_02122015_112932.log - RKreport_DEL_02122015_112945.log - RKreport_DEL_02122015_112953.log
RKreport_DEL_02122015_113002.log - RKreport_DEL_02122015_113004.log - RKreport_DEL_02122015_113006.log - RKreport_DEL_02122015_113008.log
RKreport_DEL_02142015_115606.log - RKreport_SCN_02112015_172534.log - RKreport_SCN_02122015_105728.log - RKreport_SCN_02122015_111423.log
RKreport_SCN_02122015_112835.log - RKreport_SCN_02132015_173638.log - RKreport_SCN_02142015_114830.log


Edited by Barnys, 27 February 2015 - 05:30 AM.

  • 0

#34
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Well, that confirms it for me, Norton was holding us up. We can now finish the cleaning and then talk about Norton or other steps.

 

Let's re-visit Combofix and see how that goes. :thumbsup: 
 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

 

If Combofix completes without incident, then move on to Zoek. If not, stop and tell me what happens.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 


  • 0

#35
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Another easy scan, no problems :-)

 

 

 

 

 

ComboFix 15-02-16.01 - Siggi 28.02.2015  11:01:24.2.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.64.1031.18.3316.2010 [GMT 1:00]
Running from: c:\users\Siggi\Desktop\dwnldr\Dwnlds\Dwnlds\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1335884456.bdinstall.bin
c:\programdata\1347269589.bdinstall.bin
c:\programdata\1369462956.bdinstall.bin
c:\windows\msdownld.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-28 to 2015-02-28  )))))))))))))))))))))))))))))))
.
.
2015-02-28 10:08 . 2015-02-28 10:11    --------    d-----w-    c:\users\Siggi\AppData\Local\temp
2015-02-28 10:08 . 2015-02-28 10:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-28 04:46 . 2015-02-28 04:46    --------    d-----w-    c:\users\Siggi\AppData\Local\SkinSoft
2015-02-28 04:46 . 2015-02-28 04:46    --------    d-----w-    c:\program files\Free FLV to MP3 Converter
2015-02-28 04:45 . 2015-02-28 04:45    --------    d-----w-    c:\users\Siggi\AppData\Roaming\BrowserExtensions
2015-02-28 04:45 . 2015-02-28 04:45    --------    d-----w-    c:\users\Siggi\AppData\Roaming\Search Protection
2015-02-28 02:05 . 2014-11-26 02:05    564224    ----a-w-    c:\windows\system32\oleaut32.dll
2015-02-28 02:04 . 2015-01-09 00:20    2063360    ----a-w-    c:\windows\system32\win32k.sys
2015-02-28 02:04 . 2015-01-13 01:39    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-02-28 02:01 . 2015-01-15 04:13    440760    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-02-28 02:01 . 2014-12-08 01:59    306176    ----a-w-    c:\windows\system32\scesrv.dll
2015-02-27 09:36 . 2015-02-16 03:21    9041640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{529EF74D-FB4E-4020-B7A0-87527AD637CC}\mpengine.dll
2015-02-26 03:44 . 2015-02-26 03:44    --------    d-----w-    c:\users\Siggi\dwhelper
2015-02-18 16:35 . 2015-02-18 16:35    --------    d-----w-    c:\users\Siggi\{4837674a-6618-452b-b608-432b3290cafc}
2015-02-11 15:24 . 2015-02-27 10:32    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-02-11 15:23 . 2015-02-11 15:24    --------    d-----w-    c:\programdata\RogueKiller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-18 16:57 . 2015-01-14 12:15    35088    ----a-w-    c:\windows\system32\drivers\npf.sys
2015-02-05 06:02 . 2015-01-24 06:15    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 06:02 . 2015-01-24 06:15    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-02-05 06:02 . 2014-07-09 01:58    5070512    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-12-22 23:50 . 2012-05-01 10:19    249488    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-19 00:25 . 2015-01-19 03:22    115200    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14 . 2015-01-19 03:01    153600    ----a-w-    c:\windows\system32\profsvc.dll
2014-12-06 03:14 . 2015-01-19 03:01    48640    ----a-w-    c:\windows\system32\nlaapi.dll
2014-12-06 03:14 . 2015-01-19 03:01    174080    ----a-w-    c:\windows\system32\nlasvc.dll
2014-12-06 03:14 . 2015-01-19 03:01    93184    ----a-w-    c:\windows\system32\ncsi.dll
2014-12-03 02:06 . 2014-12-20 12:24    278528    ----a-w-    c:\windows\system32\schannel.dll
2013-07-15 09:49 . 2013-07-15 09:48    9842040    ----a-w-    c:\program files\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-11-06 602880]
"Search Protection"="c:\users\Siggi\AppData\Roaming\Search Protection\SP.EXE" [2015-02-11 892000]
"Browser Extensions"="c:\users\Siggi\AppData\Roaming\BrowserExtensions\BEHelper.exe" [2015-02-18 544720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk /p \??\g:\0autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24 06:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://de.search.ya...r=spigot-yhp-ie
uInternet Settings,ProxyServer = localhost:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-42003872.sys
SafeBoot-99055585.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-28 11:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\lpksetup.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NETGEAR Genie\bin\genie2_tray.exe
.
**************************************************************************
.
Completion time: 2015-02-28  11:16:32 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-28 10:16
.
Pre-Run: 29.750.317.056 bytes free
Post-Run: 29.298.491.392 bytes free
.
- - End Of File - - 7251F159628CA42FE4A6A1961458E6C2
FF1761EF7140665743A6D636F95DFD81
 


  • 0

#36
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

And, here is the zoek scan log

 

 

Zoek.exe v5.0.0.0 Updated 01-March-2015
Tool run by Siggi on 01.03.2015 at 12:47:59,08.
Microsoft® Windows Vista™ Ultimate  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Siggi\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

01.03.2015 12:49:09 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 16 NPAPI  
Adobe Reader X (10.1.6)  
Audacity 2.0  
Browser Extensions  
CCleaner  
Compatibility Pack for the 2007 Office system  
DriverNavigator 3.4.5  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
HTC Driver Installer  
ImgBurn  
Intel® Graphics Media Accelerator Driver  
LAME v3.99.3 (for Windows)  
Microsoft .NET Framework 3.5 Language Pack SP1 - deu  
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU  
Microsoft .NET Framework 3.5 SP1  
Microsoft .NET Framework 4.5.2  
Microsoft .NET Framework 4.5.2 (DEU)  
Microsoft .NET Framework 4.5.2 (Deutsch)  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office File Validation Add-In  
Microsoft Office Home and Student 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Mozilla Firefox 36.0 (x86 en-US)  
Mozilla Maintenance Service  
Mozilla Thunderbird 24.6.0 (x86 en-GB)  
MSXML 4.0 SP3 Parser  
MSXML 4.0 SP3 Parser (KB2758694)  
NETGEAR Genie  
Nokia Connectivity Cable Driver  
Norton Bootable Recovery Tool Wizard  
Realtek High Definition Audio Driver  
Search Protection  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition   
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition   
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition   
swMSM  
TrueCrypt  
TuneUp Utilities 2011  
TuneUp Utilities Language Pack (en-GB)  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
VLC media player  
WinRAR 4.11 (32-bit)  
Xvid Video Codec  

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Siggi\AppData\Roaming\Search Protection\SP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Siggi\Desktop\zoek.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 - [PassThru Service] - Internet Pass-Through Service - c:\program files\htc\internet pass-through\passthrusvr.exe
R2 - [slsvc] - Softwarelizenzierung - c:\windows\system32\slsvc.exe
R2 - [TuneUp.UtilitiesSvc] - TuneUp Utilities Service - c:\program files\tuneup utilities 2011\tuneuputilitiesservice32.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [VSS] - Volumeschattenkopie - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [NETGEARGenieDaemon] - NETGEARGenieDaemon - c:\program files\netgear genie\bin\netgeargeniedaemon.exe
S2 - [OAcat] - Online Armor Helper Service - c:\program files\online armor\oacat.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Gatewaydienst auf Anwendungsebene - c:\windows\system32\alg.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+-Systemanwendung - c:\windows\system32\dllhost.exe
S3 - [DFSR] - DFS-Replikation - c:\windows\system32\dfsr.exe
S3 - [ehRecvr] - Windows Media Center-Empfängerdienst - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center-Planerdienst - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation-Schriftartcache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office  Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - RPC-Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP-Trap - c:\windows\system32\snmptrap.exe
S3 - [SvcOnlineArmor] - Online Armor - c:\program files\online armor\oasrv.exe [x]
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtueller Datenträger - c:\windows\system32\vds.exe
S3 - [wbengine] - Blockebenen-Sicherungsmodul - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI-Leistungsadapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player-Netzwerkfreigabedienst - c:\program files\windows media player\wmpnetwk.exe
S3 - [WPFFontCache_v0400] - Windows Presentation Foundation Font Cache 4.0.0.0 - c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe
S4 - [aspnet_state] - ASP.NET-Zustandsdienst - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe

==== System Specs ======================

Windows: Windows Vista Ultimate Edition Service Pack 2 (Build 6002)
Memory (RAM): 3317 MB
CPU Info: Intel® Pentium® Dual  CPU  E2160  @ 1.80GHz
CPU Speed: 1794,4 MHz
Sound Card: Lautsprecher (Realtek High Defi |
Display Adapters: Intel® G33/G31 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8101-Familie-PCI-E-Fast-Ethernet-NIC (NDIS 6.0)
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-H653N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  187,7GB | D:  9,9GB
Hard Disks - Free: C:  27,8GB | D:  979,6MB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 02/29/08 | HPQOEM - 42302e31
Time Zone: Romance Standard Time
Motherboard *: MSI Boston
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    36.0
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 36.0 (x86 en-US)
Adobe Reader version: 10.1.6.1
Flash Player version: 16.0.0.305

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-02-13 12:07:29    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2015-02-13 12:07:29    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2015-02-13 12:07:29    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2015-02-13 12:07:29    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2015-02-13 12:07:29    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
====== C:\Users\Siggi\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-03-01 00:28:06    1A3778EBE361259C75D5D92D4119DB55    1810944    ----a-w-    C:\Windows\System32\jscript9.dll
2015-03-01 00:28:06    10C0DA063EEA438B73B60CE15BF8702B    717824    ----a-w-    C:\Windows\System32\jscript.dll
2015-02-28 02:05:06    0D8FBC644E556C40E06B7EB25A73F6E5    564224    ----a-w-    C:\Windows\System32\oleaut32.dll
2015-02-28 02:04:27    77036FE328B7A382A88DFBFE05ABBAC8    2063360    ----a-w-    C:\Windows\System32\win32k.sys
2015-02-28 02:04:15    55ADC2CB49975A92B954CFEB21C73E2E    974848    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2015-02-28 02:01:44    735B1EB4521724784A6C142CE923DBFC    306176    ----a-w-    C:\Windows\System32\scesrv.dll
2015-02-27 09:45:56    C9AEC0B252881C6372D4B252AAEFF1E0    421376    ----a-w-    C:\Windows\System32\vbscript.dll
2015-02-27 09:45:56    A1CC68D946EFEDAFCAFCC30F73069E54    176640    ----a-w-    C:\Windows\System32\ieui.dll
2015-02-27 09:45:56    79E75447CCEB8522756FCD1EA1B858FF    1129472    ----a-w-    C:\Windows\System32\wininet.dll
2015-02-27 09:45:56    009D017C0A32C1D10C1B731185ED7E7B    353792    ----a-w-    C:\Windows\System32\dxtmsft.dll
2015-02-27 09:45:55    C3A39726B1AB3EDCD3E71488531D7D62    73216    ----a-w-    C:\Windows\System32\mshtmled.dll
2015-02-27 09:45:55    90BFECC19CC9B8AD24879AF2D2EDD817    223232    ----a-w-    C:\Windows\System32\dxtrans.dll
2015-02-27 09:45:55    43EFB5C7EE9990A3FE51E38FD1A334EB    367104    ----a-w-    C:\Windows\System32\html.iec
2015-02-27 09:45:53    88DFFFE4A1C25C256A74629599292A2D    12371456    ----a-w-    C:\Windows\System32\mshtml.dll
2015-02-27 09:45:51    AEEDEE2C22971D086B244B818BC5E789    65024    ----a-w-    C:\Windows\System32\jsproxy.dll
2015-02-27 09:45:51    99AB7F4193275F8AA0A2E0CDDD787CCE    10752    ----a-w-    C:\Windows\System32\msfeedssync.exe
2015-02-27 09:45:51    8D45045DB8267BB3B86B06712FB676C3    11776    ----a-w-    C:\Windows\System32\mshta.exe
2015-02-27 09:45:51    61EFA6B58EBDE66BA4FE54FEC0BE6538    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2015-02-27 09:45:51    1C394C5CFA2769E7C95B99362B1C2131    41472    ----a-w-    C:\Windows\System32\msfeedsbs.dll
2015-02-27 09:45:51    14EA1AEF44A601DE1CC0EFD97690DEF1    1139712    ----a-w-    C:\Windows\System32\urlmon.dll
2015-02-27 09:45:50    F8A000CEB50A46BAED45101065635D84    607744    ----a-w-    C:\Windows\System32\msfeeds.dll
2015-02-27 09:45:49    60974C6E6B8456B5908A7650FC7C93DC    1802752    ----a-w-    C:\Windows\System32\iertutil.dll
2015-02-27 09:45:49    60652E280588712CFA1624D02C7139AA    142848    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-02-27 09:45:49    40F6C5763DA273F5BC30E17C4B3B011F    1427968    ----a-w-    C:\Windows\System32\inetcpl.cpl
2015-02-27 09:45:49    2B94917978DCC4DF10505FED0C6563F2    231936    ----a-w-    C:\Windows\System32\url.dll
2015-02-27 09:45:49    062C13975F34C1BBA43CD3BF01D8C899    9742336    ----a-w-    C:\Windows\System32\ieframe.dll
====== C:\Windows\system32\drivers =====
2015-02-28 02:01:53    5035EDF1F2E72F78BB1EC5BD9B97463F    440760    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-02-11 15:24:02    FD44FA80DA03EA144153A76DEBBB61B4    35064    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Siggi\AppData\Roaming ======
2015-02-28 10:16:35    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2015-02-28 10:16:35    --------    d-----w-    C:\Users\dub_cm_auto\AppData\Local\temp
2015-02-28 10:16:35    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-02-28 10:16:35    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2015-02-28 10:08:36    --------    d-----w-    C:\Users\Siggi\AppData\Local\temp
2015-02-28 04:46:39    --------    d-----w-    C:\Users\Siggi\AppData\Local\SkinSoft
2015-02-28 04:45:19    --------    d-----w-    C:\Users\Siggi\AppData\Roaming\BrowserExtensions
2015-02-28 04:45:08    --------    d-----w-    C:\Users\Siggi\AppData\Roaming\Search Protection
====== C:\Users\Siggi ======
2015-02-28 10:16:35    --------    d-----w-    C:\Users\Public\AppData
2015-02-28 10:16:35    --------    d-----w-    C:\Users\dub_cm_auto\AppData
2015-02-28 04:45:49    C4A1406148ED09773E6B77FF15B17256    4224745    ----a-w-    C:\Users\Siggi\Downloads\flvtomp3_setup [1].exe
2015-02-26 03:44:25    --------    d-----w-    C:\Users\Siggi\dwhelper
2015-02-18 16:35:19    --------    d-----w-    C:\Users\Siggi\{4837674a-6618-452b-b608-432b3290cafc}
2015-02-11 15:23:56    --------    d-----w-    C:\ProgramData\RogueKiller

====== C: exe-files ==
2015-02-28 04:45:49    C4A1406148ED09773E6B77FF15B17256    4224745    ----a-w-    C:\Users\Siggi\Downloads\flvtomp3_setup [1].exe
2015-02-28 04:45:19    794E74017C865D14B507EE18DD11FAE1    558108    ----a-w-    C:\Users\Siggi\AppData\Roaming\BrowserExtensions\Uninstall.exe
2015-02-28 04:45:08    29987CA8F6D75DCCF90E9E15E1920875    406450    ----a-w-    C:\Users\Siggi\AppData\Roaming\Search Protection\Uninstall.exe
2015-02-28 04:44:59    92D8C5FFFD766C1DC8AD14BA78727A34    762000    ----a-w-    C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup.exe
2015-02-28 04:44:00    A8E01DE44237963B34C102B5C0B8BBE7    232200    ----a-w-    C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup-26569489.exe
2015-02-27 09:45:51    C1A3532BE9CFD8569946FA5416B8AF59    22528    ----a-w-    C:\Program Files\Internet Explorer\ExtExport.exe
2015-02-27 09:45:51    99AB7F4193275F8AA0A2E0CDDD787CCE    10752    ----a-w-    C:\Windows\System32\msfeedssync.exe
2015-02-27 09:45:51    8D45045DB8267BB3B86B06712FB676C3    11776    ----a-w-    C:\Windows\System32\mshta.exe
2015-02-27 09:45:51    4FE66AC19646214A4A81D4A0BA88E823    223232    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2015-02-27 09:45:51    28CD51D6A908C6357F6F6E11EB6D9054    757968    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2015-02-27 09:45:50    F3D7399A8685388F205401DE5B8D3293    470016    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2015-02-27 09:45:49    60652E280588712CFA1624D02C7139AA    142848    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-02-27 09:11:15    9A8336796A7C71E9F33DE848B8320ED3    380416    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\27.02\Gmer\eeqef0sv.exe
2015-02-27 09:10:25    5024686202304CB2327DE18DFB6C88A9    15536728    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\27.02\Roguekiller\RogueKiller.exe
2015-02-27 09:09:43    8E3384C7A0CF27B15D786E665CE74308    5198336    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\27.02\aswMBR\aswMBR.exe
2015-02-26 04:37:25    9C5DAAED3B3C06DBC95228CC407B8B70    4197016    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\26.02 tdss\TDSSKiller.exe
2015-02-24 09:07:46    8E3384C7A0CF27B15D786E665CE74308    5198336    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\24.02\aswMBR.exe
=== C: other files ==
2015-02-28 02:04:27    77036FE328B7A382A88DFBFE05ABBAC8    2063360    ----a-w-    C:\Windows\System32\win32k.sys
2015-02-28 02:01:53    5035EDF1F2E72F78BB1EC5BD9B97463F    440760    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-02-26 13:46:50    A529ADDFDF092111B87ADB1714DBEE67    340922    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\[email protected]
2015-02-26 12:44:38    EFAC8CD8FE05BF0A7D173F92E481E65A    138614    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
2015-02-26 12:42:36    AA03E2C39C9E094798AD311040061004    168701    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\[email protected]
2015-02-26 12:29:56    E2FFA2355457397D5DF135B54D65C726    985112    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-02-26 12:29:28    756F7F0B7564478C0767DD81C1205BE8    84443    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\[email protected]
2015-02-26 12:29:16    17563DF9686A887591529BB4FEEA1291    1445887    ----a-w-    C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\extensions\[email protected]
2015-02-26 12:24:53    EFAC8CD8FE05BF0A7D173F92E481E65A    138614    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
2015-02-26 12:24:49    E2FFA2355457397D5DF135B54D65C726    985112    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-02-26 12:24:49    AA03E2C39C9E094798AD311040061004    168701    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\[email protected]
2015-02-26 12:24:49    221414201DC039F987DC7AAFB27E79AB    54500    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\[email protected]
2015-02-26 12:24:47    756F7F0B7564478C0767DD81C1205BE8    84443    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\[email protected]
2015-02-26 12:24:47    17563DF9686A887591529BB4FEEA1291    1445887    ----a-w-    C:\Users\Siggi\Desktop\Old Firefox Data\yhs7jja5.default-1421840432195\extensions\[email protected]
2015-02-26 04:34:11    E05770D0C2CD3B7A15FE0CA5EA5094C0    4176437    ----a-w-    C:\Users\Siggi\Desktop\Geeks to Go Forum\26.02 tdss\tdsskiller.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"NETGEARGenie"="C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe -mini -redirect"
"Search Protection"="C:\Users\Siggi\AppData\Roaming\Search Protection\SP.EXE /autostart"
"Browser Extensions"="C:\Users\Siggi\AppData\Roaming\BrowserExtensions\BEHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"NETGEARGenie"="C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe -mini -redirect"
"Search Protection"="C:\Users\Siggi\AppData\Roaming\Search Protection\SP.EXE /autostart"
"Browser Extensions"="C:\Users\Siggi\AppData\Roaming\BrowserExtensions\BEHelper.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\Adobe online update program" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2011" [C:\Program Files\TuneUp Utilities 2011\OneClick.exe]
"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022
user_pref("browser.startup.homepage", "https://duckduckgo.com/");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://de.search.ya...pe=523482&p=");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01.05.2012 12:53]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022
- Undetermined - [email protected]
- Undetermined - {d37dc5d0-431d-44e5-8c91-49419370caa1}
- Undetermined - [email protected]
- Undetermined - {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
- Undetermined - [email protected]
- Undetermined - {54FBE89E-C878-46bb-A064-AB327EE26EBC}
- Undetermined - {62DD0A97-FDD4-421b-94A5-D1A9434450C7}
- Undetermined - {CA8C84C6-3918-41b1-BE77-049B2BDD887C}
- NetVideoHunter - %ProfilePath%\extensions\[email protected]
- Slick Savings - %ProfilePath%\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}
- Start Page - %ProfilePath%\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}
- Ebay Shopping Assistant by Spigot - %ProfilePath%\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}
- FoxClocks - %ProfilePath%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
- Ghostery - %ProfilePath%\extensions\[email protected]
- Self-Destructing Cookies - %ProfilePath%\extensions\[email protected]
- Youtube Downloader - Media Downloader - %ProfilePath%\extensions\[email protected]
- Status-4-Evar - %ProfilePath%\extensions\[email protected]
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022
F647D0BEA553C1D0C251CE07DA6A5511    - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
DB988B4550DB9BCE86F9199D961057FC    - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
0CA4180B21C6B728578F3B0433BB740E    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
893BF7D2261C56C24F813405D9D018E0    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -    Silverlight Plug-In
C62322C77D1AAB77B1CF1130FCC3673A    - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll -    Shockwave Flash
8DA2ED6B04EA33F2EAE8BA883F903729    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://de.search.ya...=spigot-yhp-ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2EEBF53F-DE57-4693-9176-5932F3208BBC}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{2EEBF53F-DE57-4693-9176-5932F3208BBC} Yahoo  Url="https://de.search.ya...={searchTerms}"
{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} Yahoo! Search Url="http://de.search.yah...&fr=chr-comodo"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 01.03.2015 at 12:53:09,03 ======================
 


  • 0

#37
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Scan looks good. I'm going to remove my tools now. Hopefully that goes without incident.

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
  •  
    Include it for my review.

    • 0

    #38
    Barnys

    Barnys

      Member

    • Topic Starter
    • Member
    • PipPip
    • 51 posts

    Another easy scan, this process is so much simpler without Norton tripping everything up :-)

     

    I am not sure if this is relevant but running DelFix has improved the appearance of text in webpages, excel, word etc.  Text quality was getting progressively worse and had reached the point where small print was becoming unreadable. Although it is now significantly improved I am still seeing poor text quality (particularly when the text is bold), I can best describe it as being a lack of "sharpness" around the edges of the letters and, particularly when bold, rough edges around the top half of the letters outline.

     

     

     

    Sorry the report is in German, unfortunately it came from one of those increasingly popular websites that appear to tailor the visitors experience by identifying where the user is in the world and gives them a language "appropriate" version... want to know what frustrating is...  try using an Australian Paypal account in Germany...

     

    Anyway, here is the DelFix report.

     

     

     

     

     

    # DelFix v10.9 - Datei am 03/03/2015 um 05:25:13 erstellt
    # Aktualisiert am 27/02/2015 von Xplode
    # Benutzer : Siggi - A-PROBLEM
    # Betriebssystem : Windows Vista ™ Ultimate Service Pack 2 (32 bits)

    ~ Entferne die Bereinigungsprogramme ...

    Gelöscht : C:\Qoobox
    Gelöscht : C:\FRST
    Gelöscht : C:\zoek_backup
    Gelöscht : C:\AdwCleaner
    Gelöscht : C:\ComboFix.txt
    Gelöscht : C:\TDSSKiller.3.0.0.44_14.02.2015_11.59.12_log.txt
    Gelöscht : C:\TDSSKiller.3.0.0.44_14.02.2015_12.02.57_log.txt
    Gelöscht : C:\TDSSKiller.3.0.0.44_26.02.2015_05.45.33_log.txt
    Gelöscht : C:\TDSSKiller.3.0.0.44_26.02.2015_05.48.22_log.txt
    Gelöscht : C:\zoek-results.log
    Gelöscht : C:\Users\Siggi\Desktop\MBR.dat
    Gelöscht : C:\Windows\grep.exe
    Gelöscht : C:\Windows\PEV.exe
    Gelöscht : C:\Windows\NIRCMD.exe
    Gelöscht : C:\Windows\MBR.exe
    Gelöscht : C:\Windows\SED.exe
    Gelöscht : C:\Windows\SWREG.exe
    Gelöscht : C:\Windows\SWSC.exe
    Gelöscht : C:\Windows\SWXCACLS.exe
    Gelöscht : C:\Windows\Zip.exe
    Gelöscht : HKLM\SOFTWARE\AdwCleaner
    Gelöscht : HKLM\SOFTWARE\Swearware
    Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
    Gelöscht : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

    ~ Lösche die Wiederherstellungspunkte ...

    Gelöscht : RP #269 [Windows Update | 02/27/2015 09:33:15]
    Gelöscht : RP #270 [Windows Update | 02/28/2015 02:00:17]
    Gelöscht : RP #271 [Windows Update | 03/01/2015 02:00:12]
    Gelöscht : RP #272 [Installiert Motorola Device Manager | 03/01/2015 08:32:21]
    Gelöscht : RP #273 [Installiert Motorola Device Manager | 03/01/2015 08:34:36]
    Gelöscht : RP #274 [Entfernt Motorola Device Manager | 03/01/2015 08:36:01]
    Gelöscht : RP #275 [Removed Motorola Mobile Drivers Installation 6.4.0 | 03/01/2015 08:36:57]
    Gelöscht : RP #276 [zoek.exe restore point | 03/01/2015 11:48:50]

    Ein neuer Wiederherstellungspunkt wurde erstellt !

    ~ Stelle die Systemeinstellungen wieder her ... OK

    ########## - EOF - ##########
     


    • 0

    #39
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

     try using an Australian Paypal account in Germany...

     

    Uggh...being the typical American, one language is my limit and even that gives me trouble sometimes ;)

     

    Ok, it seems like we've got this machine whipped into shape. As for the Print, that's an odd one as is Delfix helping it. I'll ask around and see what my colleagues have to say.

     

    Anything else peculiar with the machine that I can help with?


    • 0

    #40
    Barnys

    Barnys

      Member

    • Topic Starter
    • Member
    • PipPip
    • 51 posts

    Hi

    After seeing your last post I went online and researched the font problem...

    I am not the only one experiencing this problem, it looks like it is another one of those MS update surprises.

     

    What is the view regarding reinstalling Norton?  I am not enthusiastic about defender, I have to keep an eye on it because it periodically becomes disabled, not ideal :-(

     

    Thanks for your work to date;

     

    Regards.


    Edited by Barnys, 04 March 2015 - 12:21 AM.

    • 0

    Advertisements


    #41
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

     

    After seeing your last post I went online and researched the font problem...

    I am not the only one experiencing this problem, it looks like it is another one of those MS update surprises.

     

     

    Nice job of researching :thumbsup:  First skill a Helper here needs. You're well on your way :)

     

    One of my peers here found what should be the solution. Have a go at either of these.

     

    You can uninstall the update and then hide it from installing again or install the hotfix. Here.

     

     

     

    What is the view regarding reinstalling Norton?  I am not enthusiastic about defender, I have to keep an eye on it because it periodically becomes disabled, not ideal :-(

    Hmmm...Defender should never disable itself unless it sees another product doing the same job. As it is only recommended to have one a/v operating on a machine, if Defender see a second, it will disable itself. So, the question should actually be...what other a/v-ish product is running. That's my job to figure out, so I'll get back to you on that.

     

    Norton...certainly you can try it again any time you'd like. Since you know what the down side is and what trouble it can be, you'll know when you've had enough ;)   If you're not sold on Defender, consider the free version of Avast. Superior product! Free (my favorite) and works wonderfully. If you absolutely feel like you must part with your hard earned money, they have paid versions of their product that automate some of the updating, etc. of the free version. Just so you know, I run the free Avast on several of my home machines and it's does a great job. I also run Defender on several as well. I look at Defender as likely the only "free" thing Microsoft might ever give you. ;)

     

    Ok, you have the blurred characters to tend to and I'll leg out the Defender issue.


    • 0

    #42
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Ok, this is what I get for trusting my aging "gray matter". Defender, when used on Vista is actually just an Anti-spyware. Microsoft Security Essentials (MSE) is the Anti-Virus. So, your options are, Free Download of Microsoft Security Essentials, Free Avast, or Norton or Paid Avast.

     

    For completeness, here's the full explanation. On Vista and W7, Defender is included as anti-spyware.  Once you download and install MSE (or any other A/V), Defender turns itself off and you go forward with the add-on a/v. In W8/8.1 Defender is installed and is an Anti-Virus (not just anti-spyware as with the Vista/W7 Defender). Hence, no MSE is needed (or allowed). You could leverage a different A/V and Defender would turn itself off.

     

    Sorry for the confusion!


    • 0

    #43
    Barnys

    Barnys

      Member

    • Topic Starter
    • Member
    • PipPip
    • 51 posts

    Hi

    The text problem is fixed, shockwave flash works again and the MS malicious software removal tool completed a full scan :-)

     

    Many thanks for your help.

     

     

    I have installed Avast free, my intinal reaction is that it is easy to install and use (but Web Shield did not get on well with windows firewall).

    I think I will leave Norton, this is the seccond time in many years that I have used norton and although it did cost some cash, (and this may just be my impression) it again has come across as resourse heavy and, well just a bit to "difficult".

     

    Regards.


    • 0

    #44
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    The text problem is fixed, shockwave flash works again and the MS malicious software removal tool completed a full scan :-)

    Excellent news! :thumbsup:

    Many thanks for your help.

    You are quite welcome! The pleasure was mine :)

     

     

    I have installed Avast free, my intinal reaction is that it is easy to install and use (but Web Shield did not get on well with windows firewall).

    Yes, the Vista F/W seems to be a common complaint. Now this is just me and not a recommendation, but I don't invoke an OS F/W at my house. I do though, have a router nest and that is essentially is a Firewall. It used to be that nefarious actions occurred on all sorts of odd port addresses and a F/W shored all that up. Now, the bad guys can do their worst via Ports 80 and 443. Can't really block those or the Internet becomes a fairly uninteresting experience.  I think if you make sure everything is patching and updated, practice safe computing (no P2P, no nefarious sites, etc.) use caution when opening attachments in email, etc. you should be in good shape. I'll add some further recommendations below.

     

    I think I will leave Norton, this is the seccond time in many years that I have used norton and although it did cost some cash, (and this may just be my impression) it again has come across as resourse heavy and, well just a bit to "difficult".

    I never want to be the one that makes that conclusion, but you've come to the same conclusion that many others have. It's upsetting as you've paid for the product. However, its not serving you well, so I think you're quite right in moving on.

     

    Ok, I'm going to post my finish up text. However, I'll leave the topic open for a few days in case you have some questions. Also, I did not have you run MalwareBytes scanner, however, the instructions are below. It's a great tool to use and to hang onto. It will always find small items; tracking cookies, etc., so only be alarmed if it finds large issues feel free to ping me with questions.

     

    Last...sorry to keep pounding on this, the majors threat vectors are as follows, Java, Adobe, OS updates, Word and Excel updates. Make sure you always keep these up to date.

     

    Again, it's been a pleasure! Please stop back if you need anything :thumbsup:     :wave:

     

    Preventing Re-Infection

    An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

    WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

    I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you still want to keep Java

    • Click the Start button
    • Click Control Panel
    • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
    • Click the Update tab
    • Click Update Now
    • Allow any updates to be downloaded and installed
    • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

    Adobe products have to always be updated, because they also are being used to infect your computer.

    • If you want to update Adobe Flash Player, visit this site.
    • If you want to update Adobe Reader, visit this site.
    • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

    Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

    • Click Start > Control Panel > System and Security > Windows Update
    • Under Windows Update click Turn automatic updating on or off
    • Make sure that your settings are set so that you will receive updates automatically and click OK.

    FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

    Recommendations for security programs

    • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
    • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    For some good tips about how to prevent infection in the future, visit this site.


    • 0

    #45
    Barnys

    Barnys

      Member

    • Topic Starter
    • Member
    • PipPip
    • 51 posts

    Hi

    I have worked through the to do list, WinPatrol Explorer is a little fun :-)

    As for java;

    I don’t see Java either in the control panel or in the Firefox Add-Ons page, should I be seeing Java listed or was that step a precaution?

     

    Regards


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP