MandaNJ

Getting redirected :(

30 posts in this topic

Ok, so I am getting redirected to BS websites when I click on links in Google. The sites I am being redirected to include: bisleadin.net, click.get-amazing-results.com, rumaccess.in. I have searched for resolves to this problem but haven't done much of any of them except for running CCleaner.. I am usually REALLY careful with my laptop and have not had any problems that I couldn't fix before this.

If anyone could help me squash this problem it would be greatly appreciated!!

Oh and as a warning I am NOT capable of doing any crazy complicated (or what I consider complicated) fixes like removing the hard drive.

Thank you!!!!!

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Amanda at 15:43:31 on 2012-09-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.831 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\vds.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\notepad.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Easy Dock]

uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BP485RZ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Easy Dock]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Amanda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FLIPTO~1.LNK - C:\Program Files (x86)\fliptoast\fliptoast.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{144A93BD-A71D-4C2F-B7AA-C06E50642D9C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EA375135-5939-4D33-AC92-872E8B6D041B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EA375135-5939-4D33-AC92-872E8B6D041B}\C696E6B6379737 : DhcpNameServer = 66.153.128.98 66.153.162.98

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Easy Dock]

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce-x64: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-4 655944]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-7 656624]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250568]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-09-04 20:30:12 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Malwarebytes

2012-09-04 20:29:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-04 20:29:59 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-04 20:29:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-01 15:39:59 -------- d-----w- C:\Users\Amanda\AppData\Roaming\ViquaSoft

2012-09-01 15:00:15 -------- d-----w- C:\ProgramData\SnowGlobe

2012-08-28 04:24:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-25 22:03:26 -------- d-----w- C:\Program Files (x86)\Snow Globe - Farm World

2012-08-25 22:00:42 -------- d-----w- C:\Program Files (x86)\Shop-n-Spree - Shopping Paradise

2012-08-24 09:02:41 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1165D67D-659A-47E4-A4DA-2D2040C06C92}\mpengine.dll

2012-08-15 14:18:17 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 14:18:16 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 14:18:16 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 14:18:16 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 14:18:15 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 14:18:15 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 14:18:14 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 14:18:14 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 14:18:14 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 14:18:13 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 14:18:13 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-12 20:28:56 -------- d-----w- C:\Program Files (x86)\Jo's Dream - Organic Coffee

.

==================== Find3M ====================

.

2012-08-30 03:29:33 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-30 03:29:32 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

.

============= FINISH: 15:44:38.79 ===============

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/24/2010 3:10:08 PM

System Uptime: 9/3/2012 8:25:31 AM (31 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 145.683 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050A J611 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Deskjet 3050A J611 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart Premium C309g-m

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP277: 8/19/2012 10:23:07 PM - Windows Backup

RP278: 8/21/2012 7:30:59 PM - Windows Update

RP279: 8/28/2012 10:46:48 PM - Scheduled Checkpoint

RP280: 9/1/2012 8:52:31 AM - Installed Java 6 Update 35

RP281: 9/2/2012 9:38:22 PM - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1.2

Apple Application Support

Apple Software Update

Avery Template - U_0332_01_L

Big Fish Games: Game Manager

BufferChm

Build-a-lot: Fairy Tales

Burger Bustle: Ellie's Organics

C309g-m

Campgrounds

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Cooking Academy 2: World Cuisine

Cooking Academy 3: Recipe for Success

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

Destinations

DeviceDiscovery

EA Download Manager

GoToAssist 8.0.0.514

GPBaseService2

HP Deskjet 3050A J611 series Help

HP Photo Creations

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

Island Tribe 3

Java Auto Updater

Jo's Dream: Organic Coffee

Junk Mail filter update

Katy and Bob: Way Back Home

kSolo Recorder

LeapFrog Connect

LeapFrog My Pals Plugin

LeapFrog MyOwnLeaptop Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Monument Builders: Eiffel Tower

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PowerDVD DX

PS_AIO_06_C309g-m_SW_Min

QuickTime

RCA Detective™ 2.0.0.99

RCA easyRip 2.3.9.0

Roxio Burn

Roxio Update Manager

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shop-n-Spree: Shopping Paradise

SmartWebPrinting

Snow Globe: Farm World

SolutionCenter

Status

System Requirements Lab

The Promised Land

The Sims™ 3

Toolbox

TrayApp

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)

Virtual City 2: Paradise Resort

Weather Lord

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

9/4/2012 9:32:59 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

9/4/2012 9:32:59 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/31/2012 10:07:54 PM, Error: Service Control Manager [7023] - The PnP-X IP Bus Enumerator service terminated with the following error: %%-2147023728

8/31/2012 10:06:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/31/2012 10:06:44 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2012 10:06:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/31/2012 10:06:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/31/2012 10:06:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/31/2012 10:06:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/31/2012 10:05:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/31/2012 10:05:47 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/31/2012 10:05:46 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/29/2012 10:47:15 PM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

8/28/2012 8:46:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Amanda [Admin rights]

Mode : Scan -- Date : 09/04/2012 15:50:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] At1.job : C:\Windows\hhh.exe -> FOUND

[TASK][sUSP PATH] At1 : C:\Windows\hhh.exe -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> FOUND

[ZeroAccess][FILE] n : C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n --> FOUND

[ZeroAccess][FILE] @ : C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++

--- User ---

[MBR] 2dbc9862d931294e7119278110e1b0c1

[bSP] f2554e82efed46df96eec1d04c45713e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~~~~~~~~

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2012

Ran by SYSTEM at 04-09-2012 23:19:35

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [Easy Dock] [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Amanda\...\Run: [Easy Dock] [x]

HKU\Amanda\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BP485RZ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2547048 2011-03-30] (Hewlett-Packard Co.)

HKLM\...\RunOnce: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-10-02] (Softthinks)

HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-10-02] ()

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs:

Startup: C:\Users\Amanda\Start Menu\Programs\Startup\fliptoast.lnk

ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ===================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)

3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-05 00:00 - 2012-09-05 00:00 - 01454599 ____A (Farbar) C:\Users\Amanda\Desktop\FRST64.exe

2012-09-04 23:19 - 2012-09-04 23:19 - 00000000 ____D C:\FRST

2012-09-04 16:50 - 2012-09-04 16:50 - 00002747 ____A C:\Users\Amanda\Desktop\RKreport[1].txt

2012-09-04 16:48 - 2012-09-04 16:50 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine

2012-09-04 16:48 - 2012-09-04 16:48 - 01378816 ____A C:\Users\Amanda\Desktop\RogueKiller.exe

2012-09-04 16:43 - 2012-09-04 16:43 - 00607260 ____R (Swearware) C:\Users\Amanda\Desktop\dds.scr

2012-09-04 16:42 - 2012-09-04 16:42 - 00607260 ____R (Swearware) C:\Users\Amanda\Desktop\dds.com

2012-09-04 16:30 - 2012-09-04 16:30 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-04 16:30 - 2012-09-04 16:30 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-04 16:30 - 2012-09-04 16:30 - 00000000 ____D C:\Users\Amanda\Application Data\Malwarebytes

2012-09-04 16:30 - 2012-09-04 16:30 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes

2012-09-04 16:29 - 2012-09-04 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-04 16:29 - 2012-09-04 16:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Desktop\mbam-setup-1.62.0.1300.exe

2012-09-04 16:29 - 2012-09-04 16:29 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-04 16:29 - 2012-09-04 16:29 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-09-04 16:29 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-01 11:39 - 2012-09-01 11:39 - 00000000 ____D C:\Users\Amanda\Application Data\ViquaSoft

2012-09-01 11:39 - 2012-09-01 11:39 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\ViquaSoft

2012-09-01 11:00 - 2012-09-01 11:39 - 00000000 ____D C:\Users\All Users\SnowGlobe

2012-09-01 11:00 - 2012-09-01 11:39 - 00000000 ____D C:\Users\All Users\Application Data\SnowGlobe

2012-08-28 23:16 - 2012-09-05 00:17 - 00000448 ____A C:\Windows\setupact.log

2012-08-28 23:16 - 2012-09-04 23:45 - 00006534 ____A C:\Windows\PFRO.log

2012-08-28 23:16 - 2012-08-28 23:16 - 00000000 ____A C:\Windows\setuperr.log

2012-08-28 21:55 - 2012-08-28 21:55 - 00000356 ____A C:\Users\Amanda\Desktop\songs.txt

2012-08-28 13:24 - 2012-08-28 13:25 - 00000000 ____D C:\Users\Amanda\Desktop\Massage stuff

2012-08-28 00:24 - 2012-08-28 00:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-25 18:04 - 2012-08-25 18:04 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk

2012-08-25 18:04 - 2012-08-25 18:04 - 00001276 ____A C:\Users\All Users\Desktop\More Great Games.lnk

2012-08-25 18:03 - 2012-08-25 18:04 - 00000000 ____D C:\Program Files (x86)\Snow Globe - Farm World

2012-08-25 18:00 - 2012-08-25 18:01 - 00000000 ____D C:\Program Files (x86)\Shop-n-Spree - Shopping Paradise

2012-08-16 04:06 - 2012-06-29 00:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-16 04:06 - 2012-06-29 00:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-16 04:06 - 2012-06-28 23:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-16 04:06 - 2012-06-28 23:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-16 04:06 - 2012-06-28 23:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-16 04:06 - 2012-06-28 23:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-16 04:06 - 2012-06-28 23:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-16 04:06 - 2012-06-28 23:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-16 04:06 - 2012-06-28 23:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-16 04:06 - 2012-06-28 23:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-16 04:06 - 2012-06-28 23:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-16 04:06 - 2012-06-28 23:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-16 04:06 - 2012-06-28 23:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-16 04:06 - 2012-06-28 23:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-16 04:06 - 2012-06-28 20:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-16 04:06 - 2012-06-28 20:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-16 04:06 - 2012-06-28 20:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-16 04:06 - 2012-06-28 20:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-16 04:06 - 2012-06-28 20:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-16 04:06 - 2012-06-28 20:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-16 04:06 - 2012-06-28 20:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-16 04:06 - 2012-06-28 20:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-16 04:06 - 2012-06-28 20:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-16 04:06 - 2012-06-28 20:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-16 04:06 - 2012-06-28 20:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-16 04:06 - 2012-06-28 20:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-16 04:06 - 2012-06-28 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-16 04:06 - 2012-06-28 19:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-15 10:18 - 2012-07-18 14:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-15 10:18 - 2012-07-04 18:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-15 10:18 - 2012-07-04 18:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-15 10:18 - 2012-07-04 18:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-15 10:18 - 2012-07-04 17:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-15 10:18 - 2012-07-04 17:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-15 10:18 - 2012-05-14 01:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-15 10:18 - 2012-05-05 04:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-15 10:18 - 2012-05-05 03:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-15 10:18 - 2012-02-11 02:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-15 10:18 - 2012-02-11 02:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-15 10:18 - 2012-02-11 02:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-15 10:18 - 2012-02-11 01:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-12 16:28 - 2012-08-12 16:29 - 00000000 ____D C:\Program Files (x86)\Jo's Dream - Organic Coffee

==================== 3 Months Modified Files ================================

2012-09-05 00:17 - 2012-08-28 23:16 - 00000448 ____A C:\Windows\setupact.log

2012-09-05 00:17 - 2009-11-07 20:56 - 00000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log

2012-09-05 00:17 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-05 00:00 - 2012-09-05 00:00 - 01454599 ____A (Farbar) C:\Users\Amanda\Desktop\FRST64.exe

2012-09-05 00:00 - 2009-07-14 01:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-04 23:59 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-04 23:59 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-04 23:53 - 2009-07-14 01:10 - 01276736 ____A C:\Windows\WindowsUpdate.log

2012-09-04 23:45 - 2012-08-28 23:16 - 00006534 ____A C:\Windows\PFRO.log

2012-09-04 23:12 - 2012-03-29 21:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-04 16:50 - 2012-09-04 16:50 - 00002747 ____A C:\Users\Amanda\Desktop\RKreport[1].txt

2012-09-04 16:48 - 2012-09-04 16:48 - 01378816 ____A C:\Users\Amanda\Desktop\RogueKiller.exe

2012-09-04 16:43 - 2012-09-04 16:43 - 00607260 ____R (Swearware) C:\Users\Amanda\Desktop\dds.scr

2012-09-04 16:42 - 2012-09-04 16:42 - 00607260 ____R (Swearware) C:\Users\Amanda\Desktop\dds.com

2012-09-04 16:30 - 2012-09-04 16:30 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-04 16:30 - 2012-09-04 16:30 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-04 16:29 - 2012-09-04 16:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Desktop\mbam-setup-1.62.0.1300.exe

2012-08-31 22:58 - 2012-05-01 22:28 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-08-31 22:58 - 2012-05-01 22:28 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk

2012-08-29 23:29 - 2012-03-29 21:58 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-29 23:29 - 2011-06-10 19:10 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-29 23:27 - 2010-12-29 09:02 - 00000322 ____A C:\Windows\Tasks\At1.job

2012-08-28 23:16 - 2012-08-28 23:16 - 00000000 ____A C:\Windows\setuperr.log

2012-08-28 23:16 - 2011-05-28 12:05 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-08-28 21:55 - 2012-08-28 21:55 - 00000356 ____A C:\Users\Amanda\Desktop\songs.txt

2012-08-28 13:21 - 2010-03-24 17:44 - 00000712 ____A C:\Users\Amanda\Application Data\wklnhst.dat

2012-08-28 13:21 - 2010-03-24 17:44 - 00000712 ____A C:\Users\Amanda\AppData\Roaming\wklnhst.dat

2012-08-25 18:04 - 2012-08-25 18:04 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk

2012-08-25 18:04 - 2012-08-25 18:04 - 00001276 ____A C:\Users\All Users\Desktop\More Great Games.lnk

2012-08-16 04:27 - 2009-07-14 00:45 - 00343576 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-16 04:01 - 2010-03-25 07:48 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-18 14:15 - 2012-08-15 10:18 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-06 15:07 - 2012-07-05 17:37 - 00013312 ____A C:\Users\Amanda\My Documents\july meal planner 2012.xlr

2012-07-06 15:07 - 2012-07-05 17:37 - 00013312 ____A C:\Users\Amanda\Documents\july meal planner 2012.xlr

2012-07-04 18:16 - 2012-08-15 10:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 18:13 - 2012-08-15 10:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 18:13 - 2012-08-15 10:18 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 17:16 - 2012-08-15 10:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 17:14 - 2012-08-15 10:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-03 14:46 - 2012-09-04 16:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-29 00:55 - 2012-08-16 04:06 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-29 00:09 - 2012-08-16 04:06 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 23:56 - 2012-08-16 04:06 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 23:49 - 2012-08-16 04:06 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 23:49 - 2012-08-16 04:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 23:48 - 2012-08-16 04:06 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 23:47 - 2012-08-16 04:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 23:45 - 2012-08-16 04:06 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 23:44 - 2012-08-16 04:06 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 23:43 - 2012-08-16 04:06 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 23:42 - 2012-08-16 04:06 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 23:40 - 2012-08-16 04:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 23:39 - 2012-08-16 04:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 23:35 - 2012-08-16 04:06 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 20:52 - 2012-08-16 04:06 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 20:27 - 2012-08-16 04:06 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 20:16 - 2012-08-16 04:06 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 20:09 - 2012-08-16 04:06 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 20:09 - 2012-08-16 04:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 20:08 - 2012-08-16 04:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 20:07 - 2012-08-16 04:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 20:06 - 2012-08-16 04:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 20:04 - 2012-08-16 04:06 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 20:04 - 2012-08-16 04:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 20:01 - 2012-08-16 04:06 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 20:01 - 2012-08-16 04:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 20:00 - 2012-08-16 04:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 19:57 - 2012-08-16 04:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-25 14:46 - 2012-06-25 14:46 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini

2012-06-25 14:46 - 2012-06-25 14:46 - 00000057 ____A C:\Users\All Users\Ament.ini

2012-06-12 12:38 - 2012-06-12 12:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-12 12:38 - 2012-06-12 12:38 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-09 01:43 - 2012-07-11 19:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-09 00:41 - 2012-07-11 19:44 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

ZeroAccess:

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L\00000004.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L\201d3dde

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\00000004.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\00000008.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\000000cb.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000000.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000032.@

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000064.@

ZeroAccess:

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-19 23:23:29

Restore point made on: 2012-08-21 20:31:22

Restore point made on: 2012-08-28 23:47:03

Restore point made on: 2012-09-01 09:52:52

Restore point made on: 2012-09-02 22:39:12

Restore point made on: 2012-09-04 23:47:45

==================== Memory info ===========================

Percentage of memory in use: 25%

Total physical RAM: 2008.36 MB

Available physical RAM: 1496.88 MB

Total Pagefile: 2008.36 MB

Available Pagefile: 1493.24 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:145.58 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.26 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: (USB DISK) (Removable) (Total:3.73 GB) (Free:1.78 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3820 MB 4032 KB

==================================================================================

Disk: 2

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 E USB DISK FAT32 Removable 3820 MB Healthy

==================================================================================

Last Boot: 2012-08-27 18:47

==================== End Of Log =============================

Share this post


Link to post
Share on other sites

Didn't let it search all the way through but it went for over 5 minutes

Farbar Recovery Scan Tool (x64) Version: 04-09-2012

Ran by SYSTEM at 2012-09-04 23:27:21

Running from E:\

================== Search: "services.exe" ===================

Share this post


Link to post
Share on other sites

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

We have to find a replacement for services.exe as it is infected also.

Please do this...........

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :Filefind
    services.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 20:50 on 06/09/2012 by Amanda

Administrator - Elevation successful

========== Filefind ==========

Searching for "services.exe"

C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

SOrry this took so long to get back..... 2 kids, homework, and 9-5 school schedule :/

Share this post


Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Topic re-opened per member request.

Share this post


Link to post
Share on other sites

Alright, sorry for the delay!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-09-2012

Ran by SYSTEM at 2012-09-11 08:34:03 Run:1

Running from E:\

==============================================

C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e} moved successfully.

C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and scan the system with RogueKiller and post the new log.

Download a fresh copy: RogueKiller

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Amanda :: AMANDA-PC [administrator]

Protection: Enabled

9/11/2012 2:33:41 PM

mbam-log-2012-09-11 (14-33-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196559

Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Amanda [Admin rights]

Mode : Scan -- Date : 09/11/2012 14:46:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] At1.job : C:\Windows\hhh.exe -> FOUND

[TASK][sUSP PATH] At1 : C:\Windows\hhh.exe -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++

--- User ---

[MBR] 2dbc9862d931294e7119278110e1b0c1

[bSP] f2554e82efed46df96eec1d04c45713e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 535103b99c1c3a7a77bffe0e3f00e171

[bSP] ea4d395a7aa1e36e0d9ae6c5e9f68a58 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3820 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Share this post


Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[TASK][sUSP PATH] At1.job : C:\Windows\hhh.exe -> FOUND

[TASK][sUSP PATH] At1 : C:\Windows\hhh.exe -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Amanda\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n.) -> FOUND

Now click Delete on the right hand column under Options

Reboot and run a new scan with RogueKiller and post the new log, MrC

Share this post


Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Amanda [Admin rights]

Mode : Scan -- Date : 09/11/2012 15:58:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++

--- User ---

[MBR] 2dbc9862d931294e7119278110e1b0c1

[bSP] f2554e82efed46df96eec1d04c45713e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 535103b99c1c3a7a77bffe0e3f00e171

[bSP] ea4d395a7aa1e36e0d9ae6c5e9f68a58 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3820 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Share this post


Link to post
Share on other sites

It's working great now! Haven't been redirected at all today! Thank you so much for all your help!

Share this post


Link to post
Share on other sites

Great!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Share this post


Link to post
Share on other sites

I will do this just as soon as I get home from school tomorrow. Probably like 6pm est

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java version out of Date!

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.