Gozy Trojan

Please rerun Hitman and remove these items:
Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0\ (BoxoreOU)
HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine\ (BoxoreOU)
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Next, rerun RogueKiller and remove these items:
¤¤¤ Registry : 7 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F9DFC07-0BA3-4864-943C-6612794F8488} | DhcpNameServer : 10.1.0.200 10.1.0.201 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A2111136-5270-4D28-9695-997B626CCFC6} | DhcpNameServer : 10.1.128.30 10.1.128.31 ([X][X]) -> Found

¤¤¤ Tasks : 9 ¤¤¤
[Hj.Shortcut] \{05B046D5-567D-413F-BE5B-9E10170C8E64} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.24.85.104/en/abandoninstall?page=tsProgressBar) -> Found
[Hj.Shortcut] \{4DAEAFDC-F7BC-499D-A56E-BF58F2F2725E} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=404) -> Found
[Hj.Shortcut] \{913AC713-A6C1-4409-8403-BE0A47E1F0B3} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.24.85.104/en/abandoninstall?page=tsProgressBar) -> Found
[Hj.Shortcut] \{C0BE3FDF-8679-47B8-A44C-23D051A491CC} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.24.85.104/en/abandoninstall?page=tsProgressBar) -> Found
[Hj.Shortcut] \{FF5F5ABC-DDCB-42AC-92C2-218D1DFBA7C1} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=404) -> Found

Reboot and rerun both Hitman and RogueKiller.

Please download Zemana Malware Removal to your desktop and run it please.

It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please, along with the Hitman and RogueKiller logs.

 

Yes.

 

Where did you install vegas pro from? Did you use a code breaker?

Please download and run Emsisoft Emergency Kit.

Double click EmergencyKitScanner.exe to install EEK
When the installation of EEK is complete the Emergency Kit scanner will run.
NOTE: Make sure to enable PUPs detection.
Click "Yes" to Update Emsisoft Emergency Kit
Under "Scan" click-on "Malware Scan".
IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted.
Save the scan log somewhere that you can find it (desktop).
Exit Emsisoft Emergency Kit.

Attach the log.

 

Additional software to run:
Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.

Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

No...however, .... will you please get me the logs I requested.

 

Please uninstall Zemana. Reboot and go here: https://www.zemana.com/Download

Scroll all the way to the bottom and at the bottom of column 2 you will find Free AntiMalware. Click on it and download Zemana....install and scan. Attach the log.

 

Please right click start / run and type in %appdata% and get me a screen shot of it.

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

 

Well, I am not seeing any evidence of Gozi. Have you gotten any other alerts from your ISP?

 

Not a clue.

Let's do this:
Let's see if we can figure out what is going on with this. We need this to run and create a log.

• Download TDSSKiller from Kaspersky directly onto your Desktop
• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7,8 and 10, do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).

 

Yes, Mac's can be infected. I don't know about apple devices. I also have no idea why Avast is reporting an issue with your router on this computer but not another computer running through the same router.

Your TDSSKiller log is clean. Let's wait until tomorrow for your ISP.

 

Right click your WiFi icon and choose Network and Internet Services...then click on show available networks. Tell me what you find.

 

Are your computers networked in a workgroup?

I would also like to see a screen shot of your "available networks".

 

There is a "hidden network" showing. Right click it and see if you can either disable or disconnect from it.

And you didn't answer about workgroup.

 

Networking is not my forte. Disregard my previous post.

 

No.

Is Avast a paid for version?

 

Good....uninstall it. Then run CCLeaner. Reboot and reinstall it. Do a scan.

 

Keep me informed.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome.