david777

I was afraid you'd say that. I already changed passwards, etc. I think I'll have to reformat. Thanks for the help. I'm used to reformatting...

I just ran a scan using rogue killer. Here are the results: ----------------------------- RogueKiller V7.6.2 [07/02/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: David Moerschel [Admin rights] Mode: Scan -- Date: 07/05/2012 10:04:10 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 13 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Utiroqo ("C:\Users\David Moerschel\AppData\Roaming\Ocozaf\ozygo.exe") -> FOUND [sUSP PATH] HKCU\[...]\Run : Fyhiz ("C:\Users\David Moerschel\AppData\Roaming\Binaur\opip.exe") -> FOUND [bLACKLIST DLL] HKLM\[...]\Run : izinec ("C:\Windows\System32\rundll32.exe" "C:\Users\David Moerschel\AppData\Roaming\izinec.dll",SHRotateZ) -> FOUND [sUSP PATH] HKUS\S-1-5-21-3822217949-1633032186-3584141650-1000[...]\Run : Utiroqo ("C:\Users\David Moerschel\AppData\Roaming\Ocozaf\ozygo.exe") -> FOUND [sUSP PATH] HKUS\S-1-5-21-3822217949-1633032186-3584141650-1000[...]\Run : Fyhiz ("C:\Users\David Moerschel\AppData\Roaming\Binaur\opip.exe") -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\david moerschel\appdata\local\{4ed2900c-4d83-6285-2c40-4ecb334c4f32}\L --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX [ZeroAccess][sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541660J9SA00 ATA Device +++++ --- User --- [MBR] a5907dab3341c17ef95b627731c3eec1 [bSP] 6e09ef48b2e89b0ce36ecc338d6f2192 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 2048 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4339712 | Size: 55111 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hi, I've got some issues: 1) Browser hijack: I do a search and sometimes (not every) it will redirect to some ad page. I always get redirected to a windows live login page when trying to access site (e.g., Microsoft, or malwarebytes) that will help get rid of viruses. P.S. I'm accessing this forum from a 2nd computer. 2) Can't install programs: I tried to install various programs and an error pops up immediately saying the installer has stopped working and will close. I've already run the dds and attached the two files. Also attached are 2 MWB logs. One shows a couple viruses from an early scan run in regular vista mode. The other is a log running from safe mode and shows the Rootkit.0Access. Other than the hassle of browser hijack and not installing programs, the computer runs fine (albeit a little slowly). Occasionally I get a command line interface error, which ends itself. And maybe 3 times it has spontaneously restarted. But no black or blue screens, etc. Any suggestions? Thanks! David attach.txt dds.txt mbam-log-2012-07-01.txt mbam-log-2012-07-04_SAFE-MODE.txt