Jump to content

I have run MAMB and after my WiFi has changed its WEB code ..


Recommended Posts

Hi I have run the MAMB and it seems that it has cleaned my computer from a virus I picked up on facebook.

But then when I restarted my wifi has changed because I can't even connect to it from my iPhone.

Also the computer picked up a wifi connection that I am using at the moment but not sure if it is mine but with out security code in it.

Confused. I don't know what that DDS run is so I am attaching the log from MAMB

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.28.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Monika :: MONIKA-PC [administrator]

2/28/2012 5:17:23 PM

mbam-log-2012-02-28 (17-17-23).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 358710

Time elapsed: 1 hour(s), 23 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Monika\AppData\Local\Temp\~nsu.tmp\whitesmoke-silent.exe (PUP.BHO) -> Quarantined and deleted successfully.

C:\Users\Monika\Downloads\PDFConverterSetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

HA! found the DDS thing here is the report

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Monika at 22:30:09 on 2012-02-28

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1607 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MediaMall\MediaMallServer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RTHDCPL.exe

C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\dps.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\pl.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\epservice.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\ep.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Squeezebox\SqueezeTray.exe

C:\Users\Monika\AppData\Local\Temp\RtkBtMnt.exe

C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE

C:\Windows\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\UI0Detect.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\MediaMall\MediaMallServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TrustedID Secure Browse: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\trustedid\trustedid secure browse\epbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

BHO: TrustedID Secure Browse: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\trustedid\trustedid secure browse\plbho.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [Google Update] "c:\users\monika\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [spyware Doctor with AntiVirus] c:\users\monika\desktop\sdasetup_revwire207.exe -min

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [TrustedID Secure Browse] "c:\program files\trustedid secure browse\sss.exe"

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Data Protection Suite] "c:\program files\trustedid\trustedid secure browse\dps.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [PhishLock] "c:\program files\trustedid\trustedid secure browse\pl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\monika\appdata\roaming\micros~1\windows\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\squeezebox\SqueezeTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\0527F64657364796F6E6370275962756C65637370225F657475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\D656C666275646F6 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{FEC1F568-0142-484C-87C3-765B651A5097} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\FFExternalAlert.dll

FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\RadioWMPCore.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\monika\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\monika\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 EntryProtect;TrustedID Secure Browse;c:\program files\trustedid\trustedid secure browse\epservice.exe [2011-8-21 46952]

R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2010-10-29 3994480]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-3-2 23200]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-1-29 18240]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-2-15 1097216]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 sbupdate;TrustedID Update Service;c:\program files\sentrybay\update\SentryBayUpdate.exe [2011-4-29 138080]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-26 30192]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

.

=============== Created Last 30 ================

.

2012-02-28 22:16:21 -------- d-----w- c:\users\monika\appdata\roaming\Malwarebytes

2012-02-28 22:16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-02-28 22:16:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-28 22:16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 21:08:32 -------- d-----w- c:\programdata\PC Tools

2012-02-15 12:33:03 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 12:32:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 12:32:54 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 12:32:53 2343424 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 22:30:55.68 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/16/2009 7:04:34 AM

System Uptime: 2/28/2012 7:45:20 PM (3 hours ago)

.

Motherboard: Acer, Inc. | | Bodensee

Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U2E1 | 1667/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 148 GiB total, 81.924 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 1 GiB total, 0.934 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID:

Description: Mass Storage Controller

Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Service:

.

==== System Restore Points ===================

.

RP259: 1/19/2012 3:00:14 AM - Windows Update

RP260: 1/28/2012 4:02:37 PM - Scheduled Checkpoint

RP261: 2/4/2012 8:22:06 PM - Windows Backup

RP262: 2/16/2012 3:00:18 AM - Windows Update

RP263: 2/27/2012 1:05:40 PM - Removed Garmin WebUpdater

RP264: 2/27/2012 1:06:23 PM - Removed Facebook Messenger 2.0.4430.0

RP265: 2/28/2012 7:11:07 PM - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.5.0

Adobe SVG Viewer

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

AVG PC Tuneup 2011

Belarc Advisor 8.1

BlackBerry Desktop Software 6.0

BlackBerry Device Software Updater

BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone

Bonjour

Cisco AnyConnect VPN Client

CIT200

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Facebook Plug-In

Fiddler2

FlashFXP v3

Garmin Communicator Plugin

Garmin USB Drivers

Google Chrome

Google Desktop

Google Talk Plugin

HDAUDIO Soft Data Fax Modem with SmartCP

Horizon Medical Imaging Update Service

HRS 11.6 Distributed

iCloud

iPod To Computer Transfer 6.2

iTunes

Java Auto Updater

Java 6 Update 29

Logitech Media Server 7.7.0

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2003 Web Components

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

mIRC

MobileMe Control Panel

Mozilla Firefox (3.6.8)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

OGA Notifier 2.0.0048.0

OneTouch 4.6

PhysExam (Palm) v 6.0.152 by Skyscape

PlayOn

Prism Video File Converter

Quicken 2004

QuickTime

Realtek High Definition Audio Driver

Redist

Review for the PHYSICIAN ASSISTANT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SentryBay Update Helper

Skype™ 5.5

StartNow Toolbar

TrustedID Secure Browse

Uniblue RegistryBooster 2010

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Verizon Download Manager

Verizon High Speed Internet

Verizon Media Manager

Visioneer 8100 Scanner

WIDCOMM Bluetooth Software 6.0.1.3500

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/28/2012 7:48:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/28/2012 7:46:47 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

2/28/2012 6:49:45 PM, Error: NetBT [4321] - The name "MONIKA-PC :0" could not be registered on the interface with IP address 192.168.1.112. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.

2/28/2012 6:49:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

2/28/2012 10:30:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

2/28/2012 10:26:49 PM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/28/2012 10:26:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/28/2012 10:26:48 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/27/2012 4:18:47 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

2/27/2012 4:18:47 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

2/27/2012 4:18:47 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi thanks for putting an idea into my head my router sometimes needs reboot I guess I did not connect the two once I ran

MAMB.

So I am back on line. The only thing that still worries me is if there is still something hidden on my PC

if anyone can review my scan and tell me if I am clean clean I would appreciate it thank you :)

Link to post
Share on other sites

Hello and welcome to Malwarebytes

MBAM will not change your WiFi settings on your router, that being said, you need to have your computer checked out to make sure all infections and traces are gone. Now that you figured out how to do the DDS logs, you need to post them in the right place. Please follow the instructions below.

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the

Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here (http://www.malwarebytes.org/forums/index.php?showtopic=9573), skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
  • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home)

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site here (http://www.malwarebytes.org/premium-support.php)

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Reply to this topic" oeXUf.png button not the Reply button when you start replying.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.