Jump to content

Need some help please


Recommended Posts

Hi

I've been having probs for about a week with Avira alerts, google redirecting and malware. I think windows update has been hijacked or turned off?

I've been running avira and malware bytes, both of them are showing no problems, but I'm at the point where I dont trust anything.

I'd be grateful for any help pls.

heres the dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421

Run by Angie at 17:07:32 on 2012-08-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.1335 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Users\Angie\Downloads\RogueKiller.exe

C:\Windows\system32\taskmgr.exe

E:\CCleaner\CCleaner.exe

c:\windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: {00000000-0000-0000-0000-000000000000} - No File

uRun: [Yfukaqe] c:\users\angie\appdata\roaming\unuhd\ydcae.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.nationalexpress.com/coach/index.cfm"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA

mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{A83F6A62-0DEC-4631-9BC7-08A84DE59BF5} : NameServer = 192.168.0.1

TCP: Interfaces\{EE06F5B7-6A9A-406F-A9EF-2C2B87A132DC} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-10 242240]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-3-27 20384]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]

S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-18 36000]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-7 214024]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-18 86224]

S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-18 110032]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-18 83392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2012-6-8 521344]

S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-3-31 13224]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-3-27 954368]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-7 79880]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-7 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-7 34216]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-7 40552]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-3-31 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-3-31 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-3-31 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-3-31 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-3-31 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-3-31 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-3-31 109736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-05 15:31:30 -------- d-----w- c:\programdata\SecTaskMan

2012-08-05 15:31:26 -------- d-----w- c:\program files\Security Task Manager

2012-08-05 15:24:26 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-08-04 13:05:47 -------- d-----w- c:\users\angie\appdata\roaming\Unuhd

2012-08-04 13:05:47 -------- d-----w- c:\users\angie\appdata\roaming\Otyc

2012-08-04 13:05:47 -------- d-----w- c:\users\angie\appdata\roaming\Awyph

2012-08-03 09:34:02 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-02 18:40:53 -------- d-----w- c:\programdata\OrganicCoffee

2012-07-28 23:14:43 -------- d-----w- c:\programdata\036DFF980046DE2C9B8032142F3B707C

2012-07-28 23:13:27 -------- d-----w- c:\users\angie\appdata\roaming\Fatyby

2012-07-28 23:13:26 -------- d-----w- c:\users\angie\appdata\roaming\Maihx

2012-07-28 23:13:26 -------- d-----w- c:\users\angie\appdata\roaming\Fuaw

2012-07-28 20:33:23 -------- d-----w- c:\users\angie\appdata\roaming\YoudaGames

2012-07-27 08:35:11 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{96a96992-caee-4ca7-b453-aedbdfe9cc15}\mpengine.dll

2012-07-25 18:42:11 -------- d-----w- c:\users\angie\appdata\roaming\T1 Games

2012-07-25 18:42:11 -------- d-----w- c:\programdata\T1 Games

2012-07-24 21:35:57 -------- d-----w- c:\users\angie\appdata\local\JollyBear

2012-07-24 21:35:57 -------- d-----w- c:\programdata\JollyBear

2012-07-24 19:38:59 -------- d-----w- c:\users\angie\appdata\roaming\Funlinker

2012-07-23 20:11:51 -------- d-----w- c:\users\angie\appdata\roaming\AlawarEntertainment

2012-07-23 19:17:42 -------- d-----w- c:\users\angie\appdata\roaming\GO Games

2012-07-22 20:32:45 -------- d-----w- c:\users\angie\appdata\roaming\AtlanticJourney

2012-07-22 17:03:32 -------- d-----w- c:\users\angie\appdata\roaming\Gunnar Games

2012-07-22 16:31:26 -------- d-----w- c:\users\angie\appdata\roaming\PetRush

2012-07-22 16:30:32 -------- d-----w- c:\programdata\Pet Rush

2012-07-22 13:38:33 -------- d-----w- c:\users\angie\appdata\roaming\aliasworlds

2012-07-20 19:44:21 -------- d-----w- c:\users\angie\appdata\roaming\PlayWay

2012-07-20 17:30:03 -------- d-----w- c:\users\angie\appdata\roaming\DAVA

2012-07-20 17:27:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-20 17:27:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-20 17:27:44 -------- d-----w- c:\program files\OpenAL

2012-07-19 20:34:57 -------- d-----w- c:\programdata\Pets Fun House

2012-07-19 20:33:55 -------- d-----w- C:\PetsFunHouse

2012-07-18 22:32:14 -------- d-----w- c:\users\angie\appdata\roaming\OurshowGames

2012-07-17 21:56:58 -------- d-----w- c:\users\angie\appdata\local\MaFarm

2012-07-17 21:56:43 -------- d-----w- c:\users\angie\appdata\roaming\FarmFables

2012-07-17 21:52:36 -------- d-----w- c:\program files\Microsoft XNA

2012-07-16 17:36:34 -------- d-----w- c:\users\angie\appdata\roaming\Elephant Games

2012-07-16 17:36:34 -------- d-----w- c:\programdata\Elephant Games

2012-07-15 14:42:30 -------- d-----w- c:\programdata\GameHouse

2012-07-15 14:21:19 -------- d-----w- c:\program files\Online Games Manager

2012-07-12 22:06:55 -------- d-----w- c:\users\angie\appdata\roaming\Hidden Objects Romance

2012-07-11 21:33:30 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 20:11:49 -------- d-----w- c:\users\angie\appdata\roaming\ReelTen

2012-07-11 08:30:20 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 08:30:17 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 08:30:17 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 08:30:15 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 08:30:15 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 08:30:15 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-08 19:09:32 -------- d-----w- c:\programdata\Arizona Rose

2012-07-08 16:27:47 -------- d-----w- c:\users\angie\appdata\roaming\Seven Sails

2012-07-07 19:16:45 -------- d-----w- c:\programdata\Deep Shadows

.

==================== Find3M ====================

.

2012-07-18 17:05:10 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-10 10:16:02 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-05-08 16:40:07 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

============= FINISH: 17:09:19.74 ===============

Heres the attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 27/03/2009 13:44:12

System Uptime: 05/08/2012 16:22:56 (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2161/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 26.608 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 55 GiB total, 13.205 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Akamai NetSession Interface Service

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

Avira Free Antivirus

Big Fish Games: Game Manager

Brother MFL-Pro Suite DCP-195C

Canon Utilities ZoomBrowser EX

CCleaner

CD/DVD Drive Acoustic Silencer

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

D3DX10

DAEMON Tools Lite

Easy Duplicate Finder v. 3.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IrfanView (remove only)

Java Auto Updater

Java 6 Update 32

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

MSVCRT

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultiResource Client 2.17.0 (Standard)

OGA Notifier 2.0.0048.0

Online Games Manager v1.10

OpenAL

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PaperPort Image Printer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Rescue Team

ScanSoft PaperPort 11

Security Task Manager 1.8d

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Segoe UI

swMSM

Synaptics Pointing Device Driver

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

Toshiba Online Product Information

TOSHIBA Recovery Disc Creator

TOSHIBA Software Modem

TOSHIBA Supervisor Password

Toshiba TEMPRO

TOSHIBA Value Added Package

TRDCReminder

TRORDCLauncher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

.

==== Event Viewer Messages From Past Week ========

.

29/07/2012 12:51:41, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

29/07/2012 00:46:06, Error: EventLog [6008] - The previous system shutdown at 00:43:12 on 29/07/2012 was unexpected.

29/07/2012 00:25:41, Error: EventLog [6008] - The previous system shutdown at 00:23:17 on 29/07/2012 was unexpected.

05/08/2012 16:29:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

05/08/2012 16:24:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

05/08/2012 16:24:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr mfehidk spldr ssmdrv Wanarpv6

05/08/2012 16:24:57, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 16:23:52, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

05/08/2012 16:23:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

05/08/2012 16:23:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

05/08/2012 14:20:09, Error: EventLog [6008] - The previous system shutdown at 14:18:13 on 05/08/2012 was unexpected.

05/08/2012 14:19:45, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

04/08/2012 21:01:39, Error: EventLog [6008] - The previous system shutdown at 20:59:14 on 04/08/2012 was unexpected.

03/08/2012 09:20:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

02/08/2012 22:26:07, Error: EventLog [6008] - The previous system shutdown at 22:23:44 on 02/08/2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

found this on the desk top called RKreport1, is this it?

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Angie [Admin rights]

Mode: Scan -- Date: 08/03/2012 10:12:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\users\angie\appdata\local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\angie\appdata\local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\angie\appdata\local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[75] : NtCreateSection @ 0x8223DDE5 -> HOOKED (Unknown @ 0x89D0894E)

SSDT[276] : NtRequestWaitReplyPort @ 0x8224FF90 -> HOOKED (Unknown @ 0x89D08958)

SSDT[289] : NtSetContextThread @ 0x8229F06F -> HOOKED (Unknown @ 0x89D08953)

SSDT[314] : NtSetSecurityObject @ 0x821CC038 -> HOOKED (Unknown @ 0x89D0895D)

SSDT[332] : NtSystemDebugControl @ 0x82204EC1 -> HOOKED (Unknown @ 0x89D08962)

SSDT[334] : NtTerminateProcess @ 0x821FD143 -> HOOKED (Unknown @ 0x89D088EF)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x89D08976)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x89D0897B)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++

--- User ---

[MBR] 1f1ee4b29a49bf9f81391be88b090fe1

[bSP] f611d865664414150e8eb2c88cd4860b : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 57077 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 119967744 | Size: 55894 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Being you have Vista, you may or may not be able to do this but please give it a try,

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

Link to post
Share on other sites

ok, done that.

heres frst.txt

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012

Ran by SYSTEM at 05-08-2012 18:30:47

Running from H:\

Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)

HKLM\...\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA [20480 2008-05-28] ( )

HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [150040 2008-06-25] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [170520 2008-06-25] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [145944 2008-06-25] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [skytel] Skytel.exe [x]

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)

HKU\Angie\...\Run: [Yfukaqe] C:\Users\Angie\AppData\Roaming\Unuhd\ydcae.exe [183296 2012-01-16] ()

HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)

HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\..\Interfaces\{A83F6A62-0DEC-4631-9BC7-08A84DE59BF5}: [NameServer]192.168.0.1

Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

================================ Services (Whitelisted) ==================

2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)

3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)

2 ogmservice; "C:\Program Files\Online Games Manager\ogmservice.exe" --service-run [521344 2012-06-07] (RealNetworks, Inc.)

3 PACSPTISVR; "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [57344 2006-12-13] ()

3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [69632 2006-12-13] (Sony Corporation)

2 TempoMonitoringService; "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe" [99720 2008-04-24] (Toshiba Europe GmbH)

2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2008-02-06] (TOSHIBA Corporation)

2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)

1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)

1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-07-18] (Avira GmbH)

1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-10] (DT Soft Ltd)

3 ggflt; C:\Windows\System32\DRIVERS\ggflt.sys [13224 2009-03-31] (Sony Ericsson Mobile Communications)

3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [24616 2009-03-31] (Sony Ericsson Mobile Communications)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)

1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)

3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)

3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)

3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)

3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)

3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)

3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)

3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)

3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)

1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x]

========================== NetSvcs (Whitelisted) ===========

 

============ One Month Created Files and Folders ==============

2012-08-05 09:08 - 2012-08-05 09:08 - 00000000 ____D C:\FRST

2012-08-05 09:07 - 2012-08-05 09:07 - 00001428 ____A C:\Windows\setupact.log

2012-08-05 09:07 - 2012-08-05 09:07 - 00000000 ____A C:\Windows\setuperr.log

2012-08-05 08:48 - 2012-08-05 08:48 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-08-05 08:07 - 2012-08-05 08:07 - 00607260 ____R (Swearware) C:\Users\Angie\Downloads\dds.com

2012-08-05 07:53 - 2012-08-05 07:53 - 00002450 ____A C:\Users\Angie\Desktop\RKreport[3].txt

2012-08-05 07:31 - 2012-08-05 07:35 - 00000000 ____D C:\Users\All Users\SecTaskMan

2012-08-05 07:31 - 2012-08-05 07:31 - 00000000 ____D C:\Program Files\Security Task Manager

2012-08-05 07:24 - 2012-08-05 07:24 - 00002432 ____A C:\Users\Angie\Desktop\RKreport[2].txt

2012-08-05 05:42 - 2012-08-05 05:46 - 90098552 ____A C:\Users\Angie\Downloads\avira_free_antivirus_en.exe

2012-08-04 11:57 - 2012-08-04 11:57 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\tdsskiller (1).exe

2012-08-04 05:05 - 2012-08-04 05:17 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Otyc

2012-08-04 05:05 - 2012-08-04 05:05 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Unuhd

2012-08-04 05:05 - 2012-08-04 05:05 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Awyph

2012-08-03 01:41 - 2012-08-03 01:41 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\tdsskiller.exe

2012-08-03 01:34 - 2012-08-03 01:34 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-08-03 01:12 - 2012-08-03 01:12 - 00002651 ____A C:\Users\Angie\Desktop\RKreport[1].txt

2012-08-03 01:07 - 2012-08-05 07:24 - 00000000 ____D C:\Users\Angie\Desktop\RK_Quarantine

2012-08-03 01:07 - 2012-08-03 01:07 - 01552384 ____A C:\Users\Angie\Downloads\RogueKiller.exe

2012-08-03 00:40 - 2012-08-03 00:40 - 02095024 ____A C:\Users\Angie\Downloads\SecurityTaskManager_Setup (1).exe

2012-08-03 00:39 - 2012-08-03 00:39 - 02095024 ____A C:\Users\Angie\Downloads\SecurityTaskManager_Setup.exe

2012-08-02 13:12 - 2012-08-02 13:12 - 00001230 ____A C:\Users\Public\Desktop\More Great Games.lnk

2012-08-02 10:40 - 2012-08-02 10:41 - 00000000 ____D C:\Users\All Users\OrganicCoffee

2012-07-28 15:14 - 2012-07-29 04:13 - 00000000 ____D C:\Users\All Users\036DFF980046DE2C9B8032142F3B707C

2012-07-28 15:13 - 2012-07-28 15:43 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Fuaw

2012-07-28 15:13 - 2012-07-28 15:20 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Maihx

2012-07-28 15:13 - 2012-07-28 15:13 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Fatyby

2012-07-28 12:33 - 2012-07-28 12:33 - 00000000 ____D C:\Users\Angie\AppData\Roaming\YoudaGames

2012-07-28 12:31 - 2012-07-28 13:48 - 00001164 ____A C:\Users\Angie\Desktop\MSN Games.lnk

2012-07-25 10:42 - 2012-07-25 10:42 - 00000000 ____D C:\Users\Angie\AppData\Roaming\T1 Games

2012-07-25 10:42 - 2012-07-25 10:42 - 00000000 ____D C:\Users\All Users\T1 Games

2012-07-24 13:35 - 2012-07-24 13:35 - 00000000 ____D C:\Users\Angie\AppData\Local\JollyBear

2012-07-24 13:35 - 2012-07-24 13:35 - 00000000 ____D C:\Users\All Users\JollyBear

2012-07-24 11:38 - 2012-08-01 11:00 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Funlinker

2012-07-23 12:11 - 2012-07-23 12:11 - 00000000 ____D C:\Users\Angie\AppData\Roaming\AlawarEntertainment

2012-07-23 11:17 - 2012-07-23 11:17 - 00000000 ____D C:\Users\Angie\AppData\Roaming\GO Games

2012-07-22 12:32 - 2012-07-22 12:33 - 00000000 ____D C:\Users\Angie\AppData\Roaming\AtlanticJourney

2012-07-22 09:03 - 2012-07-22 09:03 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Gunnar Games

2012-07-22 08:31 - 2012-07-22 08:31 - 00000000 ____D C:\Users\Angie\AppData\Roaming\PetRush

2012-07-22 08:30 - 2012-07-22 08:30 - 00000000 ____D C:\Users\All Users\Pet Rush

2012-07-22 05:38 - 2012-07-22 05:38 - 00000000 ____D C:\Users\Angie\AppData\Roaming\aliasworlds

2012-07-20 11:44 - 2012-07-20 11:44 - 00000000 ____D C:\Users\Angie\AppData\Roaming\PlayWay

2012-07-20 09:30 - 2012-07-20 09:30 - 00000000 ____D C:\Users\Angie\AppData\Roaming\DAVA

2012-07-20 09:27 - 2012-07-20 09:27 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-07-20 09:27 - 2012-07-20 09:27 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-07-20 09:27 - 2012-07-20 09:27 - 00000000 ____D C:\Program Files\OpenAL

2012-07-19 12:34 - 2012-07-19 12:34 - 00000000 ____D C:\Users\All Users\Pets Fun House

2012-07-19 12:33 - 2012-07-19 12:33 - 00000000 ____D C:\PetsFunHouse

2012-07-18 14:32 - 2012-07-18 14:32 - 00000000 ____D C:\Users\Angie\AppData\Roaming\OurshowGames

2012-07-17 13:56 - 2012-07-17 13:59 - 00000000 ____D C:\Users\Angie\AppData\Roaming\FarmFables

2012-07-17 13:56 - 2012-07-17 13:56 - 00000000 ____D C:\Users\Angie\AppData\Local\MaFarm

2012-07-17 13:52 - 2012-07-17 13:52 - 00000000 ____D C:\Program Files\Microsoft XNA

2012-07-16 09:36 - 2012-07-31 13:09 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Elephant Games

2012-07-16 09:36 - 2012-07-31 13:09 - 00000000 ____D C:\Users\All Users\Elephant Games

2012-07-15 06:42 - 2012-07-15 06:42 - 00000000 ____D C:\Users\All Users\GameHouse

2012-07-15 06:21 - 2012-07-15 06:21 - 00000000 ____D C:\Program Files\Online Games Manager

2012-07-12 14:06 - 2012-07-12 14:06 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Hidden Objects Romance

2012-07-11 13:33 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 13:26 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 13:26 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 13:26 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 13:26 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 13:26 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 13:26 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 13:26 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 13:26 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 13:26 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 13:26 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 13:26 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 13:26 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 13:26 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 13:26 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 00:30 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 00:30 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 00:30 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 00:30 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 00:30 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 00:30 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-08 11:09 - 2012-07-08 11:09 - 00000000 ____D C:\Users\All Users\Arizona Rose

2012-07-08 08:27 - 2012-07-08 08:27 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Seven Sails

2012-07-07 11:16 - 2012-07-07 11:17 - 00000000 ____D C:\Users\All Users\Deep Shadows

============ 3 Months Modified Files ========================

2012-08-05 09:24 - 2006-11-02 05:01 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-05 09:24 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-05 09:21 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-05 09:21 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-05 09:08 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-05 09:07 - 2012-08-05 09:07 - 00001428 ____A C:\Windows\setupact.log

2012-08-05 09:07 - 2012-08-05 09:07 - 00000000 ____A C:\Windows\setuperr.log

2012-08-05 08:48 - 2012-08-05 08:48 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-08-05 08:46 - 2009-05-16 03:17 - 00001356 ____A C:\Users\Angie\AppData\Local\d3d9caps.dat

2012-08-05 08:07 - 2012-08-05 08:07 - 00607260 ____R (Swearware) C:\Users\Angie\Downloads\dds.com

2012-08-05 07:53 - 2012-08-05 07:53 - 00002450 ____A C:\Users\Angie\Desktop\RKreport[3].txt

2012-08-05 07:24 - 2012-08-05 07:24 - 00002432 ____A C:\Users\Angie\Desktop\RKreport[2].txt

2012-08-05 07:21 - 2012-03-18 03:50 - 00001852 ____A C:\Users\Public\Desktop\Avira Control Center.lnk

2012-08-05 05:46 - 2012-08-05 05:42 - 90098552 ____A C:\Users\Angie\Downloads\avira_free_antivirus_en.exe

2012-08-04 11:57 - 2012-08-04 11:57 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\tdsskiller (1).exe

2012-08-03 01:41 - 2012-08-03 01:41 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\tdsskiller.exe

2012-08-03 01:12 - 2012-08-03 01:12 - 00002651 ____A C:\Users\Angie\Desktop\RKreport[1].txt

2012-08-03 01:07 - 2012-08-03 01:07 - 01552384 ____A C:\Users\Angie\Downloads\RogueKiller.exe

2012-08-03 00:40 - 2012-08-03 00:40 - 02095024 ____A C:\Users\Angie\Downloads\SecurityTaskManager_Setup (1).exe

2012-08-03 00:39 - 2012-08-03 00:39 - 02095024 ____A C:\Users\Angie\Downloads\SecurityTaskManager_Setup.exe

2012-08-02 13:12 - 2012-08-02 13:12 - 00001230 ____A C:\Users\Public\Desktop\More Great Games.lnk

2012-07-28 13:48 - 2012-07-28 12:31 - 00001164 ____A C:\Users\Angie\Desktop\MSN Games.lnk

2012-07-20 09:27 - 2012-07-20 09:27 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll

2012-07-20 09:27 - 2012-07-20 09:27 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2012-07-18 09:05 - 2012-03-18 03:50 - 00036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys

2012-07-12 00:12 - 2006-11-02 04:47 - 00403776 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 13:32 - 2006-11-02 02:23 - 00000367 ____A C:\Windows\win.ini

2012-07-11 13:27 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-06-29 03:28 - 2012-03-25 07:28 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-13 05:40 - 2012-07-11 13:33 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 09:47 - 2012-07-11 00:30 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-05 08:47 - 2012-07-11 00:30 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 08:47 - 2012-07-11 00:30 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-04 07:26 - 2012-07-11 00:30 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 14:19 - 2012-06-21 01:36 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 01:36 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 01:36 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 01:35 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 01:35 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-21 01:36 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-21 01:35 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 06:19 - 2012-06-21 01:35 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 06:12 - 2012-06-21 01:35 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-11 13:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-11 13:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-11 13:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-11 13:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-11 13:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 13:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-11 13:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-11 13:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 13:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 13:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-11 13:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-11 13:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 13:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 13:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 16:04 - 2012-07-11 00:30 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 16:03 - 2012-07-11 00:30 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-31 03:25 - 2009-10-03 01:23 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-10 02:18 - 2012-05-10 02:18 - 00001740 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

2012-05-10 02:16 - 2012-05-10 02:16 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys

2012-05-08 08:40 - 2012-03-18 03:50 - 00137928 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys

2012-05-08 08:40 - 2012-03-18 03:50 - 00083392 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

 

ZeroAccess:

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\@

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\L

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\U

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}\U\00000001.@

========================= Known DLLs (Whitelisted) ============

 

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%

Total physical RAM: 1915.25 MB

Available physical RAM: 1471.82 MB

Total Pagefile: 1665.2 MB

Available Pagefile: 1537.81 MB

Total Virtual: 2047.88 MB

Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: (Vista) (Fixed) (Total:55.74 GB) (Free:26.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (Data) (Fixed) (Total:54.58 GB) (Free:13.21 GB) NTFS

4 Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS

5 Drive g: () (Removable) (Total:0.02 GB) (Free:0.01 GB) FAT

6 Drive h: () (Removable) (Total:0.22 GB) (Free:0.22 GB) FAT

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 112 GB 0 B

Disk 1 Online 20 MB 0 B

Disk 2 Online 226 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 1500 MB 1024 KB

Partition 2 Primary 56 GB 1501 MB

Partition 3 Primary 55 GB 57 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 F WinRE NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C Vista NTFS Partition 56 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D Data NTFS Partition 55 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 20 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 G FAT Removable 20 MB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 226 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 H FAT Removable 226 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-05 09:03

======================= End Of Log ==========================

and search.txt

Farbar Recovery Scan Tool Version: 05-08-2012

Ran by SYSTEM at 2012-08-05 18:33:22

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-08-18 13:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe

[2009-08-18 13:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

Link to post
Share on other sites

Not too bad!!

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Thank you. Heres the fixlog. Just to let you know I'm in safe mode at the moment, incase it affects any thing.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012

Ran by SYSTEM at 2012-08-05 19:34:27 Run:1

Running from H:\

==============================================

C:\Users\Angie\AppData\Local\{343bf20c-d951-445b-3fba-3f50dbfe7c2e} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

You can boot into normal mode.

------------------------

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ok, done that. here is the log

ComboFix 12-08-05.02 - Angie 05/08/2012 20:04:21.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.1044 [GMT 1:00]

Running from: c:\users\Angie\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\38067960

c:\users\Angie\AppData\Local\Windows Server

c:\users\Angie\AppData\Local\Windows Server\flags.ini

c:\users\Angie\AppData\Local\Windows Server\server.dat

c:\users\Angie\AppData\Local\Windows Server\uses32.dat

c:\users\Angie\AppData\Roaming\.#

c:\users\Angie\AppData\Roaming\.#\MBX@1498@17528F8.###

c:\users\Angie\AppData\Roaming\.#\MBX@1498@1752928.###

c:\users\Angie\AppData\Roaming\.#\MBX@1498@1752958.###

c:\users\Angie\AppData\Roaming\Fatyby

c:\users\Angie\AppData\Roaming\Fatyby\epuw.peb

c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery

c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk

c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk

c:\users\Angie\AppData\Roaming\Unuhd

c:\users\Angie\AppData\Roaming\Unuhd\ydcae.exe

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-08-05 19:14 . 2012-08-05 19:15 -------- d-----w- c:\users\Angie\AppData\Local\temp

2012-08-05 19:14 . 2012-08-05 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-05 17:08 . 2012-08-06 02:30 -------- d-----w- C:\FRST

2012-08-05 15:31 . 2012-08-05 15:35 -------- d-----w- c:\programdata\SecTaskMan

2012-08-05 15:31 . 2012-08-05 15:31 -------- d-----w- c:\program files\Security Task Manager

2012-08-04 13:05 . 2012-08-04 13:17 -------- d-----w- c:\users\Angie\AppData\Roaming\Otyc

2012-08-04 13:05 . 2012-08-04 13:05 -------- d-----w- c:\users\Angie\AppData\Roaming\Awyph

2012-08-03 09:34 . 2012-08-03 09:34 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-02 18:40 . 2012-08-02 18:41 -------- d-----w- c:\programdata\OrganicCoffee

2012-07-28 23:14 . 2012-07-29 12:13 -------- d-----w- c:\programdata\036DFF980046DE2C9B8032142F3B707C

2012-07-28 23:13 . 2012-07-28 23:43 -------- d-----w- c:\users\Angie\AppData\Roaming\Fuaw

2012-07-28 23:13 . 2012-07-28 23:20 -------- d-----w- c:\users\Angie\AppData\Roaming\Maihx

2012-07-28 20:33 . 2012-07-28 20:33 -------- d-----w- c:\users\Angie\AppData\Roaming\YoudaGames

2012-07-27 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96A96992-CAEE-4CA7-B453-AEDBDFE9CC15}\mpengine.dll

2012-07-25 18:42 . 2012-07-25 18:42 -------- d-----w- c:\users\Angie\AppData\Roaming\T1 Games

2012-07-25 18:42 . 2012-07-25 18:42 -------- d-----w- c:\programdata\T1 Games

2012-07-24 21:35 . 2012-07-24 21:35 -------- d-----w- c:\users\Angie\AppData\Local\JollyBear

2012-07-24 21:35 . 2012-07-24 21:35 -------- d-----w- c:\programdata\JollyBear

2012-07-24 19:38 . 2012-08-01 19:00 -------- d-----w- c:\users\Angie\AppData\Roaming\Funlinker

2012-07-23 20:11 . 2012-07-23 20:11 -------- d-----w- c:\users\Angie\AppData\Roaming\AlawarEntertainment

2012-07-23 19:17 . 2012-07-23 19:17 -------- d-----w- c:\users\Angie\AppData\Roaming\GO Games

2012-07-22 20:32 . 2012-07-22 20:33 -------- d-----w- c:\users\Angie\AppData\Roaming\AtlanticJourney

2012-07-22 17:03 . 2012-07-22 17:03 -------- d-----w- c:\users\Angie\AppData\Roaming\Gunnar Games

2012-07-22 16:31 . 2012-07-22 16:31 -------- d-----w- c:\users\Angie\AppData\Roaming\PetRush

2012-07-22 16:30 . 2012-07-22 16:30 -------- d-----w- c:\programdata\Pet Rush

2012-07-22 13:38 . 2012-07-22 13:38 -------- d-----w- c:\users\Angie\AppData\Roaming\aliasworlds

2012-07-20 19:44 . 2012-07-20 19:44 -------- d-----w- c:\users\Angie\AppData\Roaming\PlayWay

2012-07-20 17:30 . 2012-07-20 17:30 -------- d-----w- c:\users\Angie\AppData\Roaming\DAVA

2012-07-20 17:27 . 2012-07-20 17:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-20 17:27 . 2012-07-20 17:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-20 17:27 . 2012-07-20 17:27 -------- d-----w- c:\program files\OpenAL

2012-07-19 20:34 . 2012-07-19 20:34 -------- d-----w- c:\programdata\Pets Fun House

2012-07-19 20:33 . 2012-07-19 20:33 -------- d-----w- C:\PetsFunHouse

2012-07-18 22:32 . 2012-07-18 22:32 -------- d-----w- c:\users\Angie\AppData\Roaming\OurshowGames

2012-07-17 21:56 . 2012-07-17 21:56 -------- d-----w- c:\users\Angie\AppData\Local\MaFarm

2012-07-17 21:56 . 2012-07-17 21:59 -------- d-----w- c:\users\Angie\AppData\Roaming\FarmFables

2012-07-17 21:52 . 2012-07-17 21:52 -------- d-----w- c:\program files\Microsoft XNA

2012-07-16 17:36 . 2012-07-31 21:09 -------- d-----w- c:\users\Angie\AppData\Roaming\Elephant Games

2012-07-16 17:36 . 2012-07-31 21:09 -------- d-----w- c:\programdata\Elephant Games

2012-07-15 14:42 . 2012-07-15 14:42 -------- d-----w- c:\programdata\GameHouse

2012-07-15 14:21 . 2012-07-15 14:21 -------- d-----w- c:\program files\Online Games Manager

2012-07-12 22:06 . 2012-07-12 22:06 -------- d-----w- c:\users\Angie\AppData\Roaming\Hidden Objects Romance

2012-07-11 21:33 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 20:11 . 2012-07-11 20:11 -------- d-----w- c:\users\Angie\AppData\Roaming\ReelTen

2012-07-11 08:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 08:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 08:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 08:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 08:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 08:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-08 19:09 . 2012-07-08 19:09 -------- d-----w- c:\programdata\Arizona Rose

2012-07-08 16:27 . 2012-07-08 16:27 -------- d-----w- c:\users\Angie\AppData\Roaming\Seven Sails

2012-07-07 19:16 . 2012-07-07 19:17 -------- d-----w- c:\programdata\Deep Shadows

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 17:05 . 2012-03-18 11:50 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-06-02 22:19 . 2012-06-21 09:36 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 09:36 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 09:35 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 09:35 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 09:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 09:36 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 09:35 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-21 09:35 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12 . 2012-06-21 09:35 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 11:25 . 2009-10-03 09:23 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-10 10:16 . 2012-05-10 10:16 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-05-08 16:40 . 2012-03-18 11:50 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 16:40 . 2012-03-18 11:50 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Users^Angie^AppData^Local^Windows^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Angie\AppData\Local\Windows\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]

2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]

2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: Interfaces\{A83F6A62-0DEC-4631-9BC7-08A84DE59BF5}: NameServer = 192.168.0.1

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKCU-Run-Yfukaqe - c:\users\Angie\AppData\Roaming\Unuhd\ydcae.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe

MSConfigStartUp-lxdnmon - c:\program files\Lexmark 2600 Series\lxdnmon.exe

MSConfigStartUp-pronto - c:\program files\Wimba\Pronto\pronto.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-05 20:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-08-05 20:19:00

ComboFix-quarantined-files.txt 2012-08-05 19:18

.

Pre-Run: 27,703,025,664 bytes free

Post-Run: 27,560,579,072 bytes free

.

- - End Of File - - 129C30F357167D5BEBED10401DF83070

Link to post
Share on other sites

log pasted below. things are feeling much better.I've not had any suspicious activity.

I havent changed any of my passwords on a clean computer yet, what do you suggest I do. Can I reset them all on here or is that not advisable. Do I need to change passwords that I havent used recently? thanks again for all your help

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.08.05.08

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Angie :: ANGIELAPTOP [administrator]

05/08/2012 21:35:53

mbam-log-2012-08-05 (21-35-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195921

Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Yes you can change them from this computer.

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.