Email been hacked

Solved
By CC0008
Mar 29, 2013
Topic Status:
Not open for further replies.
  1. Can someone take a look at things for me

    ty

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.28.11

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: DELL-530 [administrator]

    Protection: Enabled

    29/03/2013 19:02:35
    mbam-log-2013-03-29 (19-02-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198214
    Time elapsed: 3 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/02/2011 10:32:19
    System Uptime: 28/03/2013 22:30:29 (21 hours ago)
    .
    Motherboard: Dell Inc. | | 0K216C
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 175.035 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: GoTrusted TAP Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: GoTrusted TAP Provider
    Name: GoTrusted TAP Adapter
    PNP Device ID: ROOT\NET\0000
    Service: gttap1
    .
    ==== System Restore Points ===================
    .
    RP542: 24/02/2013 16:06:13 - Scheduled Checkpoint
    RP543: 26/02/2013 06:10:42 - Scheduled Checkpoint
    RP544: 26/02/2013 21:03:55 - Scheduled Checkpoint
    RP545: 28/02/2013 23:00:14 - Scheduled Checkpoint
    RP546: 02/03/2013 01:20:04 - Scheduled Checkpoint
    RP547: 03/03/2013 01:23:22 - Scheduled Checkpoint
    RP548: 03/03/2013 19:11:32 - Installed Microsoft Fix it 50195
    RP549: 07/03/2013 00:23:24 - Scheduled Checkpoint
    RP550: 08/03/2013 14:35:52 - Scheduled Checkpoint
    RP551: 09/03/2013 14:19:02 - Removed Java 7 Update 17
    RP552: 09/03/2013 14:21:49 - Installed Java 7 Update 17
    RP553: 10/03/2013 10:40:40 - Scheduled Checkpoint
    RP554: 13/03/2013 22:25:54 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
    RP555: 13/03/2013 22:34:11 - Windows Update
    RP556: 15/03/2013 00:29:51 - Scheduled Checkpoint
    RP557: 15/03/2013 22:30:10 - Removed Ask Toolbar
    RP558: 16/03/2013 13:14:35 - Scheduled Checkpoint
    RP559: 16/03/2013 15:42:43 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
    RP560: 17/03/2013 23:23:09 - Windows Update
    RP561: 18/03/2013 12:13:19 - Removed Samsung Kies
    RP562: 18/03/2013 21:00:42 - Installed Samsung Kies
    RP563: 20/03/2013 00:03:28 - Scheduled Checkpoint
    RP564: 21/03/2013 01:21:00 - Scheduled Checkpoint
    RP565: 21/03/2013 13:31:38 - Scheduled Checkpoint
    RP566: 22/03/2013 13:35:05 - Scheduled Checkpoint
    RP567: 22/03/2013 22:20:00 - Removed Java 7 Update 17
    RP568: 22/03/2013 22:23:00 - Installed Java 7 Update 17
    RP570: 22/03/2013 22:31:47 - Revo Uninstaller's restore point - Java 7 Update 17
    RP571: 22/03/2013 22:31:57 - Removed Java 7 Update 17
    RP573: 22/03/2013 22:53:33 - Revo Uninstaller's restore point - Java 7 Update 17
    RP574: 23/03/2013 13:20:36 - Windows Update
    RP575: 24/03/2013 01:43:33 - Scheduled Checkpoint
    RP576: 29/03/2013 01:15:00 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Leawo Video Converter version 5.1.0.0
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Internet Security
    CCleaner
    ConvertXtoDVD 4.0.9.322
    D3DX10
    EasyBCD 1.7
    ESET Online Scanner v3
    ffdshow [rev 2180] [2008-10-04]
    FileHippo.com Update Checker
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel(R) Graphics Media Accelerator Driver
    K-Lite Codec Pack 7.0.0 (Standard)
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee SiteAdvisor
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Excel Viewer 2003
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    MyFreeCodec
    Nero 7 Lite 7.10.1.2
    Panda Cloud Cleaner
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Revo Uninstaller 1.94
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Segoe UI
    Skitch
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR 4.20 (32-bit)
    YouTube Downloader App 3.00
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/03/2013 22:32:32, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    28/03/2013 22:32:32, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    28/03/2013 22:30:53, Error: EventLog [6008] - The previous system shutdown at 22:28:47 on 28/03/2013 was unexpected.
    22/03/2013 11:55:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    22/03/2013 11:47:52, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16470
    Run by Chris at 19:06:51 on 2013-03-29
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1288 [GMT 0:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
    TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q908vuqn.default-1364514302772\
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
    FF - ExtSQL: 2013-03-10 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: 2013-03-18 13:42; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
    FF - ExtSQL: 2013-03-28 21:56; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-9-23 21576]
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-9-23 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-9-23 199384]
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-1 49248]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-9-23 101656]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-23 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-23 368176]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-23 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-23 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-23 45248]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-9-23 136912]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-22 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-22 682344]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-8-29 95232]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-22 21104]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-1 164736]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-3-18 83168]
    S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-3-18 181344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-03-22 23:05:30 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-22 23:05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-03-22 19:27:27 -------- d-----w- c:\program files\ESET
    2013-03-22 11:57:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-03-22 11:57:31 -------- d-----w- c:\users\chris\appdata\local\temp
    2013-03-20 17:46:14 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2013-03-18 21:09:17 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2013-03-18 21:09:17 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2013-03-18 21:02:20 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2013-03-18 21:02:20 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
    2013-03-18 21:02:20 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    2013-03-18 13:42:27 -------- d-----w- c:\program files\RealNetworks
    2013-03-18 13:42:26 -------- d-----w- c:\programdata\RealNetworks
    2013-03-18 13:41:46 -------- d-----w- c:\program files\common files\xing shared
    2013-03-17 23:23:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-16 15:41:33 -------- d-----w- c:\program files\TunnelBear
    2013-03-08 01:50:21 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2013-03-01 23:36:42 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-01 23:36:41 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-01 08:53:04 -------- d-----w- C:\LeG_VGRs_Installation
    .
    ==================== Find3M ====================
    .
    2013-03-22 22:23:38 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-03-22 22:23:38 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-15 22:58:55 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-15 22:58:55 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 23:33:23 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2013-03-06 23:33:22 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-03-06 23:33:22 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-03 19:50:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-02-05 17:53:34 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2013-02-05 17:52:54 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2013-02-05 17:52:54 330240 ----a-w- c:\windows\MASetupCaller.dll
    2013-02-05 17:52:54 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 19:07:18.18 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Keep getting the error on here when I try to log in Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    also when I try and access sites it tells me server not found and hard to log into sites

    ComboFix 13-03-28.01 - Chris 29/03/2013 21:13:06.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1540 [GMT 0:00]
    Running from: c:\users\Chris\Desktop\ComboFix.exe
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Chris\AppData\Local\temp\ppcrlui_2212_2
    c:\users\Chris\AppData\Roaming\vso_ts_preview.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-29 21:17 . 2013-03-29 21:18 -------- d-----w- c:\users\Chris\AppData\Local\temp
    2013-03-29 21:17 . 2013-03-29 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-03-29 21:17 . 2013-03-29 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-20 17:46 . 2013-03-21 21:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2013-03-18 21:09 . 2013-01-31 08:19 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2013-03-18 21:09 . 2013-01-31 08:19 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2013-03-18 21:02 . 2013-02-05 17:52 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2013-03-18 21:02 . 2013-02-05 17:52 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
    2013-03-18 21:02 . 2013-02-05 17:52 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\program files\RealNetworks
    2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\programdata\RealNetworks
    2013-03-18 13:41 . 2013-03-18 13:41 -------- d-----w- c:\program files\Common Files\xing shared
    2013-03-17 23:23 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-16 15:41 . 2013-03-16 15:56 -------- d-----w- c:\program files\TunnelBear
    2013-03-01 23:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-01 23:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-01 08:53 . 2013-03-01 08:53 -------- d-----w- C:\LeG_VGRs_Installation
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-22 22:23 . 2011-12-26 22:04 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-03-22 22:23 . 2011-12-26 22:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-15 22:58 . 2012-12-13 19:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-15 22:58 . 2012-12-13 19:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-06 23:33 . 2012-09-23 23:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-06 23:33 . 2012-09-23 23:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-03-06 23:33 . 2012-09-23 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-06 23:33 . 2012-09-23 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 23:33 . 2012-09-23 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2013-03-06 23:33 . 2012-09-23 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 23:33 . 2012-09-23 23:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-06 23:33 . 2012-09-23 23:34 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2013-03-06 23:33 . 2012-09-23 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-03-06 23:32 . 2012-04-17 11:53 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-06 23:32 . 2012-09-23 23:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
    2013-03-03 19:50 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-02-05 17:53 . 2012-01-22 18:59 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2013-02-05 17:52 . 2013-02-05 17:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2013-02-05 17:52 . 2013-02-05 17:52 330240 ----a-w- c:\windows\MASetupCaller.dll
    2013-02-05 17:52 . 2013-02-05 17:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2013-01-05 05:26 . 2013-02-14 19:10 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-05 05:26 . 2013-02-14 19:10 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-04 11:28 . 2013-02-14 19:10 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-04 01:38 . 2013-02-14 19:10 2048512 ----a-w- c:\windows\system32\win32k.sys
    2013-03-08 01:50 . 2013-03-08 01:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 22:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q908vuqn.default-1364514302772\
    FF - ExtSQL: 2013-03-10 09:49; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2013-03-18 13:42; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: 2013-03-28 21:56; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-27579090.sys
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-29 21:18
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-03-29 21:19:47
    ComboFix-quarantined-files.txt 2013-03-29 21:19
    .
    Pre-Run: 187,882,135,552 bytes free
    Post-Run: 187,826,946,048 bytes free
    .
    - - End Of File - - 1226376E4CBD4E4FB72F6DD527745D8B
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, let's do the following please:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  5. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Tds was clear
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Chris [Admin rights]
    Mode : Remove -- Date : 03/30/2013 14:54:50
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] tdsskiller.exe -- C:\Users\Chris\Desktop\tdsskiller.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320613AS ATA Device +++++
    --- User ---
    [MBR] 75cea1566f37ed5202eeca8f75d9ee40
    [BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_03302013_02d1454.txt >>
    RKreport[1]_S_03302013_02d1451.txt ; RKreport[2]_D_03302013_02d1454.txt
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    This isn't all of the logs from RogueKiller. Could you get the remainder of the logs, please.
  7. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Sorry my bad

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Chris [Admin rights]
    Mode : Shortcuts HJfix -- Date : 03/30/2013 22:10:35
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 1 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 49 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 8 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped

    Finished : << RKreport[5]_SC_03302013_02d2210.txt >>
    RKreport[1]_S_03302013_02d2206.txt ; RKreport[2]_D_03302013_02d2206.txt ; RKreport[3]_S_03302013_02d2209.txt ; RKreport[4]_D_03302013_02d2210.txt ; RKreport[5]_SC_03302013_02d2210.txt
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  9. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    OTL logfile created on: 30/03/2013 23:21:13 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.42% Memory free
    6.19 Gb Paging File | 4.93 Gb Available in Paging File | 79.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.32 Gb Total Space | 175.21 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
    Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/30 23:20:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    PRC - [2013/03/06 23:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/03/06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/02/25 17:48:46 | 003,288,856 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
    PRC - [2013/02/13 19:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - [2013/03/15 22:58:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/08 01:50:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/03/06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gttap1.sys -- (gttap1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/03/06 23:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/03/06 23:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/03/06 23:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/03/06 23:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/03/06 23:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/03/06 23:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/03/06 23:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2013/03/06 23:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/03/06 23:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2013/03/06 23:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/03/06 23:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2013/01/31 08:19:50 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2013/01/31 08:19:50 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/07/13 10:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
    DRV - [2011/12/15 17:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009/12/10 20:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
    DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 A3 F6 A7 F9 27 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/21 16:23:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/16 11:02:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/10 09:49:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/18 13:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/18 13:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 01:50:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/07/03 04:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
    [2013/03/08 01:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/08 01:50:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/20 06:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/08/29 10:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2013/02/19 19:29:44 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://google.co.uk/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Adblock Plus = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
    CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: SiteAdvisor = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
    CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: NotScripts = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
    CHR - Extension: ScriptNo = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
    CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/03/29 21:18:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/30 23:20:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2013/03/30 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
    [2013/03/30 14:48:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
    [2013/03/29 21:19:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/03/29 21:19:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/03/29 21:19:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
    [2013/03/29 21:12:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/03/29 21:12:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/03/29 21:12:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/03/29 21:12:18 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/03/29 21:11:38 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
    [2013/03/29 19:02:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.com
    [2013/03/28 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data
    [2013/03/28 22:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    [2013/03/22 23:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/22 23:05:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/03/22 23:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/03/22 22:21:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2013/03/22 22:20:28 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Chris\Desktop\revosetup(1).exe
    [2013/03/22 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/03/21 18:23:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/03/20 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
    [2013/03/20 17:46:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Anti-Malware
    [2013/03/18 22:58:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
    [2013/03/18 21:10:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
    [2013/03/18 21:09:17 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
    [2013/03/18 21:09:17 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
    [2013/03/18 21:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2013/03/18 21:02:20 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
    [2013/03/18 21:02:20 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
    [2013/03/18 20:58:09 | 068,912,208 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\Chris\Desktop\KiesSetup.exe
    [2013/03/18 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2013/03/18 13:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
    [2013/03/18 13:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2013/03/16 15:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
    [2013/03/16 15:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\TunnelBear
    [2013/03/13 22:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CactusVPN
    [2013/03/08 01:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/03/07 13:35:27 | 019,734,176 | ---- | C] (Panda Security ) -- C:\Users\Chris\Desktop\PandaCloudCleaner(1).exe
    [2013/03/01 08:53:04 | 000,000,000 | ---D | C] -- C:\LeG_VGRs_Installation
    [2011/12/28 14:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/03/30 23:21:52 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/30 23:21:52 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/30 23:20:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2013/03/30 22:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/30 14:50:07 | 000,816,128 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
    [2013/03/30 14:48:11 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
    [2013/03/29 21:21:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/29 21:18:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/03/29 21:11:09 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
    [2013/03/29 19:02:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.com
    [2013/03/28 22:53:48 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    [2013/03/27 11:12:49 | 000,033,792 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/27 10:53:34 | 002,692,611 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(1).pdf
    [2013/03/25 17:01:29 | 000,204,869 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-03-25-16-54-27.png
    [2013/03/23 22:02:37 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/03/23 19:30:24 | 000,096,653 | ---- | M] () -- C:\Users\Chris\Desktop\TFCplayerlist2013-v11.pdf
    [2013/03/22 23:05:33 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/22 22:56:59 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/22 22:21:14 | 000,001,057 | ---- | M] () -- C:\Users\Chris\Desktop\Revo Uninstaller.lnk
    [2013/03/22 22:20:34 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Chris\Desktop\revosetup(1).exe
    [2013/03/21 21:14:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/03/20 20:24:46 | 000,844,822 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
    [2013/03/20 20:24:31 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
    [2013/03/20 17:14:57 | 000,001,754 | ---- | M] () -- C:\Users\Chris\Desktop\Update Checker.lnk
    [2013/03/18 21:09:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    [2013/03/18 21:09:52 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
    [2013/03/18 21:02:41 | 000,001,807 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
    [2013/03/18 21:02:41 | 000,001,797 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2013/03/18 20:59:34 | 068,912,208 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Chris\Desktop\KiesSetup.exe
    [2013/03/18 13:41:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2013/03/16 12:01:48 | 008,770,197 | ---- | M] () -- C:\Users\Chris\Desktop\sat22.pdf
    [2013/03/10 09:49:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/03/07 13:35:48 | 019,734,176 | ---- | M] (Panda Security ) -- C:\Users\Chris\Desktop\PandaCloudCleaner(1).exe
    [2013/03/06 23:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013/03/06 23:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013/03/06 23:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/06 23:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013/03/06 23:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2013/03/06 23:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/03/06 23:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
    [2013/03/06 23:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013/03/06 23:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
    [2013/03/06 23:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013/03/06 23:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
    [2013/03/06 23:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/03/06 23:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/03/06 23:26:12 | 003,510,314 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost.pdf
    [2013/03/04 10:09:56 | 000,350,832 | R--- | M] () -- C:\Users\Chris\Desktop\LIFE ON THE LINE_D92YFBEAEJFJ7.exe

    ========== Files Created - No Company Name ==========

    [2013/03/30 14:50:07 | 000,816,128 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
    [2013/03/29 21:12:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/03/29 21:12:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/03/29 21:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/03/29 21:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/03/29 21:12:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/03/28 22:53:48 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    [2013/03/27 10:53:33 | 002,692,611 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(1).pdf
    [2013/03/25 16:59:00 | 000,204,869 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-03-25-16-54-27.png
    [2013/03/23 19:30:23 | 000,096,653 | ---- | C] () -- C:\Users\Chris\Desktop\TFCplayerlist2013-v11.pdf
    [2013/03/22 23:05:33 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/18 21:09:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    [2013/03/18 21:09:52 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
    [2013/03/18 21:02:41 | 000,001,807 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
    [2013/03/18 21:02:41 | 000,001,797 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2013/03/16 12:01:47 | 008,770,197 | ---- | C] () -- C:\Users\Chris\Desktop\sat22.pdf
    [2013/03/06 23:26:11 | 003,510,314 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost.pdf
    [2013/03/04 10:09:56 | 000,350,832 | R--- | C] () -- C:\Users\Chris\Desktop\LIFE ON THE LINE_D92YFBEAEJFJ7.exe
    [2013/03/01 23:36:42 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/01 23:36:41 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2013/01/13 17:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/16 14:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
    [2012/06/03 08:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/11 10:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
    [2012/03/18 20:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012/01/13 08:10:03 | 000,844,822 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
    [2012/01/13 08:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
    [2012/01/13 07:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
    [2011/12/28 14:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
    [2011/12/28 14:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
    [2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/02/04 12:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/03/30 07:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/03/18 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
    [2012/03/19 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
    [2013/01/14 18:49:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
    [2012/09/12 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
    [2012/06/15 23:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
    [2012/03/18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
    [2013/02/19 17:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
    [2013/03/28 22:24:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
    [2012/04/17 09:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV

    < End of report >
  10. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    There is a file on my destkop from roguekiller
    quarantine file that has files including tdskiller.exe vir
    in it?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That can be deleted at the end...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
     
  12. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    No virus found with eset


    computer doesnt seem that slow
    no error messages,
    how do I find out about schost running at 100%
    no blue screen

    I do keep getting an error telling me that server cannot be found and mbam tells me its blocked a malicious site from host avast scvhost.eve

    have you found anything bad ?


    thanks
  13. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Mouse keeps moving on its own too
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Seems to be looking and sounding pretty good. :)
  15. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Any idea about the server not found and avast scv host problem

    was any malware found please?
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  17. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Thanks
    so am clean? any idea about moving mouse?
  18. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    My avast secuirty suite is nearly expire, which paid for anti virus security do you recommend?

    also did what you suggested about MBAM but still getting the error page has been reset and cannot be displayed when I am firefox
    Server not found
    Firefox can't find the server at mlb.mlb.com.
    Check the address for typing errors such as
    ww.example.com instead of
    www.example.com
    If you are unable to load any pages, check your computer's network
    connection.
    If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web


    thanks
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  20. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Many thanks for all your help
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome! It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.
    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  22. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    The OTL didnt reboot and got the not responding error, when it restarted it was still there?
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Seems like OTL has had issues lately.

    Let's do this instead, in its place, then move on to Security Check...

    CCleaner Temporary Files Cleaning

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
  24. CC0008

    CC0008 Newcomer, in training Topic Starter Posts: 17

    Nex Results of screen317's Security Check version 0.99.61
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    avast! Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee SiteAdvisor
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Adobe Flash Player 11.6.602.180
    Adobe Reader XI
    Mozilla Firefox (20.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast afwServ.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good!

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.