Omg stupid mouse lag!

[richc46]

Malwarebytes is looking for something different. Use MB in conjuction with your AV.

 

[kesume]

Richc I'm sure Michal has also learned a lesson, as we all have in computer security & its importance?

 

[kesume]

Wow! Just noticed,
Richard may I congratulate you on reaching the total of 10000 posts on Vista Forum.
Incredible achievement.
Kesume

 

[richc46]

TY Keith
I have a shot of this and the one in Seven saved.

 

[michalodzien]

Here is my driver out of date :

Uploaded with ImageShack.us

 

[Jacee]

you mean my computer cent be trust and a trojan is delete system files cent i reinstall all just clean my disk c d e and reinstal windows?

Yes, that's what I mean. Please read all the information in my last post to you. Especially about doing a clean install and changing all passwords using a 'known' clean computer, not the infected one.

 

[kesume]

Please take note of what Jacee recommends & I would act on her valuable advice.

It's down to you now!
What started as a possible problem with your mouse, ends with finding 100 'nasties' & valuable advice how to continue.

 

[Jacee]

These are a few descritions of what's on your computer .... you've been hacked!

Bifrose
The Bifrose trojan family is highly configurable. Thus, the locations of their installed files on an infected computer and the TCP ports they use to connect may vary. They allow an attacker to perform any of the following actions on the affected machine:
Manage running processes
Manipulate files or registry data
Obtain installed program details
Log keystrokes
Screen capturing
System shutdown or reboot
Command shell

stolen.data
Stolen-data trove offers look inside a botnet

Trojan.Orsam
Hacktool.Rootkit
W32/OnlineGames.61CD!tr.rkit

Backdoor.IRCBot
Backdoor.Win32.IRCBot - Wikipedia, the free encyclopedia

 

[michalodzien]

I dont thinks ive ben hacked caus my pc did newer self reboot or shutdown i ben never hacked on facebook hotmail and all like this

 

[Dwarf]

I dont thinks ive ben hacked caus my pc did newer self reboot or shutdown i ben never hacked on facebook hotmail and all like this

Don't be complacent. Whilst it is true that social networking sites are key targets for malware perpetrators, they also target many others, including those that you would think are the least unlikely.

 

[michalodzien]

i fount a program name registryboster This program cen:


• Clean Your System and Boost Performance. Boost system performance by cleaning out all missing, unwanted, obsolete and corrupt registry entries automatically with RegistryBooster.

• Repair Your PC and Keep It Tuned. Dramatically improve your computing experience by repairing all registry problems and minimizing application seizures and crashes.

• Exceptionally Simple to Use. Set in a highly intuitive, attractive, logical and user-friendly graphical user interface, Uniblue's registry cleaner sets the standard for ease-of-use.

• More Scanning Options. Due to the improvements made to the scanning engine you are now able to scan for more sections within the registry.



Link & Key removed


Lots of peple is saying it works

 

[Jacee]

 

[Dwarf]

I've had another look at your MBAM results that you posted. It is quite possible that all your troubles stem from the keygens and cracks that you installed for the games Battlefield and COD4. My advice remains as before - a clean reinstallation with a full reformat (not quick) of all your partitions. Don't be tempted to use such patches in the future. They cause far more damage than they are worth, as each can download and install multiple malware programs in the background without you knowing a thing about it..

 

[Jacee]

michalodzien

• Download MGADiag.exe from here & save this to your Desktop
• Double-click on MGADiag.exe
• When the program has finished, click on the Validation tab then click on Copy to Clipboard
• Post the results in your next reply

Download CKScanner by askey127 from Here & save it to your Desktop.

• Doubleclick CKScanner.exe then click Search For Files
• When the cursor hourglass disappears, click Save List To File
• A message box will verify the file saved
• Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

To post in next reply:
MGADiag log
CKFiles log

 

[kesume]

Michal,
HAVE YOU NOT BEEN LISTENING WHAT THE EXPERTS HAVE BEEN SAYING?

Well if you download the program you will still have the problem, it will not clear all your problems.

Only Jacee's & others advice will you be safe from the troubles.

Do you really want to risk all your financial details, for example being stolen, along with your money?

The final choice is yours of course, but you have had many members today helping you solve a major problem, all volunteers, to help you the best they can.

You are with your present thoughts going to throw away that specialist advice, for an advert?

THINK ABOUT WHAT YOU'RE DOING!!

 

[michalodzien]

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-TV7QR-F9DMM-QBPJH
Windows Product Key Hash: csDDWjLIUOyybD1B6+mpHgvSdes=
Windows Product ID: 89578-OEM-7412536-28617
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {78BB2C49-35A0-43A5-B94C-0C00A9F703B5}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\google\chrome\application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{78BB2C49-35A0-43A5-B94C-0C00A9F703B5}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QBPJH</PKey><PID>89578-OEM-7412536-28617</PID><PIDType>8</PIDType><SID>S-1-5-21-245859088-1545262951-2289615419</SID><SYSTEM><Manufacturer>Packard Bell BV</Manufacturer><Model>PBBGL00 </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>PBBGL00.P05</Version><SMBIOSVersion major="2" minor="5"/><Date>20080805000000.000000+000</Date></BIOS><HWID>6C313507018400F2</HWID><UserLCID>0415</UserLCID><SystemLCID>0415</SystemLCID><TimeZone>Środkowoeuropejski czas stand.(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>PacBel</OEMID><OEMTableID>PBDT0004</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65226</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults> 
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Błąd CScript: Nie można znaleźć aparatu skryptów "VBScript" dla skryptu "C:\Windows\system32\slmgr.vbs".
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: RAAAAAIABAABAAEAAgACAAAABwABAAEA6GF4nmQuVZLiGtxjEDNU8sK4ZFuN7/L0+rZdRoDjrFbusHqxkCg2szez1sc=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC PacBel PBDT0014
FACP PacBel PBDT0014
HPET PacBel OEMHPET 
MCFG PacBel OEMMCFG 
SLIC PacBel PBDT0004
OEMB PacBel PBDT0014
ASF! AMD SB600ASF
SSDT A M I POWERNOW

 

[michalodzien]

There is nothink in CKFiles.txt

 

[michalodzien]

sorry but i will be away for 15 hours

 

[Dwarf]

Do you mean that it is an empty file?

 

[michalodzien]

Yes