Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USPO Email- Phoney Package Label


  • Please log in to reply
4 replies to this topic

#1 John25

John25

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 April 2014 - 05:18 PM

The other day I received an email from the U.S.P.O. that a package could not be delivered to me and to click on "Print a shipping label NOW" window in the email and take it to the nearest P.O.

Without thinking I clicked on it before checking the email more thoroughly. The email came from us_73@games.webhost31.ru which I doubt is the US Post Office.

 

Positioning the cursor on the "Print...NOW" window shows

http://highfive.It/lib.php?la=eMAgXT97ddxIEfFdIqvaY3N622uUHv9X6sUnVOHETiE%3D

 

I ran SAS, MAM, and TDS without finding anything amiss.

I had run RKILL many other times and it had never found anything until now.

When I ran RKILL it terminated "ezugbed.exe (PID: 3188) [UP-HEUR]" .

I reran RKILL and it did not find anything. I then shut down the system for the night.

 

Today I booted up and opened Autoruns and found "ezugbed.exe" in two (2) places and "jmnxpejl.exe". I unchecked the check box in front of each of them.

 

 I ran RKILL and it found "cifcckxp.exe (PID: 3012) [UP-HEUR] which it terminated. However I could not find it in Autoruns even though the unchecked "ezugbed.exe" and "jmnxpejl.exe" were still there.

 

A program with the name "puzzle" has tried to initiate an outbound connection several times today but I have blocked it each time.

 

I am afraid to access any of my financial sites.

I would have enclosed the RKILL texts but could not find an attachment button.

 

Can you help me remove whatever this is? 

John25

 



BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:26 PM

Posted 13 April 2014 - 06:35 PM

I would have enclosed the RKILL texts but could not find an attachment button.

Hi -

In security areas we ask you to Copy and Paste all logs.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

Now -

Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button. (only once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button. (only once)
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



#3 John25

John25
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 14 April 2014 - 09:52 PM

noknojon-

 

Here are the logs that you requested.  I ran them in the order that you had them listed.

 

checkup.txt

 

Results of screen317's Security Check version 0.99.81 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Secunia PSI (2.0.0.3001)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Java version out of Date!
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by owner (administrator) on 14-04-2014 at 22:05:28
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Business  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2014 05:37:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2014 03:00:58 PM) (Source: Application Error) (User: )
Description: Faulting application idxei.exe, version 0.0.63598.35056, time stamp 0x5349a356, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00048719,
process id 0x1ab0, application start time 0xidxei.exe0.

Error: (04/14/2014 02:27:29 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1708
Start Time: 01cf580dc09b15d0
Termination Time: 1315

Error: (04/14/2014 02:03:24 PM) (Source: Application Error) (User: )
Description: Faulting application idxei.exe, version 0.0.63598.35056, time stamp 0x5349a356, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01bcb296,
process id 0x3e4, application start time 0xidxei.exe0.

Error: (04/14/2014 02:00:27 PM) (Source: Application Error) (User: )
Description: Faulting application idxei.exe, version 0.0.63598.35056, time stamp 0x5349a356, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01a0b296,
process id 0x192c, application start time 0xidxei.exe0.

Error: (04/14/2014 00:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 11:51:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 11:32:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 10:41:51 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c48
Start Time: 01cf57260fbebbef
Termination Time: 47

Error: (04/13/2014 10:40:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/14/2014 06:38:11 PM) (Source: Service Control Manager) (User: )
Description: gupdate%%2

Error: (04/14/2014 06:38:11 PM) (Source: DCOM) (User: )
Description: 2gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (04/14/2014 05:40:00 PM) (Source: Service Control Manager) (User: )
Description: gupdate%%2

Error: (04/14/2014 01:38:47 PM) (Source: Service Control Manager) (User: )
Description: gupdate%%2

Error: (04/14/2014 01:38:46 PM) (Source: DCOM) (User: )
Description: 2gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (04/14/2014 01:02:07 PM) (Source: Service Control Manager) (User: )
Description: KFilter%%2

Error: (04/14/2014 01:00:28 PM) (Source: Service Control Manager) (User: )
Description: Protection Control Center Task Manager

Error: (04/14/2014 00:56:09 PM) (Source: Service Control Manager) (User: )
Description: Intuit Update Service v4%%1053

Error: (04/14/2014 00:56:09 PM) (Source: Service Control Manager) (User: )
Description: 30000Intuit Update Service v4

Error: (04/14/2014 00:55:08 PM) (Source: Service Control Manager) (User: )
Description: gupdate%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-14 21:44:31.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 21:44:30.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 21:44:29.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 21:44:28.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 18:43:16.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 18:43:15.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 18:43:13.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 18:43:12.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 12:57:41.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\AntiVirus\Drivers\i386\sbapifs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-14 12:57:40.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\AntiVirus\Drivers\i386\sbapifs.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
ACDSee
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
ASHRAE Duct Fitting Database
Bing Bar (Version: 7.0.619.0)
Canon Auto Update Service (Version: 1.1.0.13)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.6.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon MOV Decoder (Version: 1.9.0.8)
Canon MOV Encoder (Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.9.0.6)
Canon PowerShot ELPH 310 HS_IXUS 230 HS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (Version: 8.6.0.11)
Canon Utilities CameraWindow Launcher (Version: 7.6.0.1)
Canon Utilities Movie Uploader for YouTube (Version: 1.3.0.3)
Canon Utilities MyCamera (Version: 7.5.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.8.0.10)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.6.0.15)
D3DX10 (Version: 15.4.2368.0902)
Deal Info (Version: 2008.1.22.0)
EarthLink Common Authentication (Version: 1.0.87.0)
EarthLink FastLane (Version: 5.8.0.13)
EarthLink Protection Control Center (Version: 10.4.3.0)
EarthLink Software (Version: 2008.1.22.0)
EarthLink Toolbar
Eraser 6.0.8.2273 (Version: 6.0.2273)
ESET Online Scanner v3
FYZip 1.00 (Version: 1.00)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
HP Precisionscan Pro 3.1 (Version: 3.1.3.0000)
HP Share-to-Web
IsoBuster 2.8 (Version: 2.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Juniper Networks Host Checker (Version: 7.1.0.19525)
Juniper Networks, Inc. Setup Client (Version: 7.1.4.13103)
Junk Mail filter update (Version: 15.4.3502.0922)
Lexmark 6500 Series
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English (Version: 9.8.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Project 98
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Oracle JInitiator 1.3.1.17
Palm Desktop
PL-2303 USB-to-Serial
Protection Control Center (Version: 14.2.40.31)
Quicken 2009 (Version: 18.1.3.11)
Redistributed Files (Version: 2.0.46.0)
Secunia PSI (2.0.0.3001)
Segoe UI (Version: 15.4.2271.0615)
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.11 (Version: 6.11.102)
Smart Installer
SnagIt32 v4.3
StartNow Toolbar (Version: 2.3.0)
SUPERAntiSpyware (Version: 5.0.1144)
TotalAccess Core Applications (Version: 2008.1.22.0)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3906)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0445)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wnciper (Version: 010.000.1209)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2727)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210)
TurboTax 2011 wnciper (Version: 011.000.1333)
TurboTax 2011 wrapper (Version: 011.000.0120)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1983)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0442)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wnciper (Version: 012.000.1314)
TurboTax 2012 wokiper (Version: 012.000.1242)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax 2013 (Version: 2013.0)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1953)
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492)
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168)
TurboTax 2013 wnciper (Version: 013.000.1266)
TurboTax 2013 wokiper (Version: 013.000.1302)
TurboTax 2013 wrapper (Version: 013.000.0135)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VueScan
WD Drive Utilities (Version: 1.0.3.3)
WD Security (Version: 1.0.3.3)
WD SmartWare (Version: 1.6.4.7)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinGlucofacts 1.32 (Version: 1.32)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2941.76 MB
Available physical RAM: 1286.88 MB
Total Pagefile: 6109.74 MB
Available Pagefile: 4516.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.79 MB

========================= Partitions: =====================================

3 Drive c: () (Fixed) (Total:455.74 GB) (Free:333.2 GB) NTFS
4 Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:6.77 GB) NTFS
6 Drive f: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
12 Drive m: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1854.61 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator            Guest                    owner                   

**** End of log ****

 

RKILL

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/14/2014 10:08:54 PM in x86 mode.
Windows Version: Windows Vista ™ Business Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\owner\AppData\Roaming\Bizyseb\idxei.exe (PID: 6244) [UP-HEUR]
 * C:\Users\owner\AppData\Roaming\Modywi\hyixmiz.exe (PID: 3116) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

 * WPCSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 04/14/2014 10:12:23 PM
Execution time: 0 hours(s), 3 minute(s), and 28 seconds(s)

 

AdwCleaner-  I did not know what files should be reserved so I did not "clean". 

 

Let me know how I need to modify the report before cleaning.

 

 

***** [ Files / Folders ] *****

Folder Found C:\Program Files\Conduit
Folder Found C:\Users\owner\AppData\Local\PackageAware
Folder Found C:\Users\owner\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\StartNow Toolbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\Software\StartNow Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Google Chrome v

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2775 octets] - [14/04/2014 22:14:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2835 octets] ##########



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:26 PM

Posted 14 April 2014 - 11:29 PM

First uninstall programs from Programs and Features if they exist.
StartNow Toolbar (Version: 2.3.0)
Note :Warning, multiple anti-virus scanners have detected possible malware in StartNow Toolbar.

Bing Bar will NOT Be supported anymore because Microsoft has decided not to allow plugins in Windows 8. No Flash or anything!
Best to remove it now, even though you are only using Vista SP2.

 

You did the right thing if you were not sure -  :flowers: 
In AdwCleaner, these all need removal.
Conduit
PackageAware
PriceGong
StartNow Toolbar
YahooPartnerToolbar < Your choice, but I would remove it
Toolbar.BandObject < I would also remove this one.

Generally speaking, I would hit the Clean button now to remove all these items.

Unless I have missed it, the program "Puzzle" is not listed in these logs.
Please go - Start Orb > Programs  > Accessories > Windows Explorer > Your (C:) Drive > Program Files > and there you will look for a program with the name "Puzzle". Right click and select either Uninstall or Delete.

Your listed program, Has a Homeland mark of ".ru" - Russian Federation not from the USA.

us_73@games.webhost31.ru
hxxp://highfive.It/lib.php?la=eMAgXT97ddxIEfFdIqvaY3N622uUHv9X6sUnVOHETiE%3D

Not sure of even offering a guess on this second one - Fully delete the email -



#5 John25

John25
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 15 April 2014 - 12:50 PM

Noknojon-

I want to thank you for your assistance to date.

However, since I use this computer for all of my finances, I have decided to reformat any reload all of the operating programs from their original disks.

This will eliminate any possibility of missing a malware/virus that could be costly to me.

 

Again, thanks for all of your help.

John






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users