Jump to content

(PUP.Optional.Bandoo)


Recommended Posts

Hi I am having problems getting rid of this can you help me please?

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2725A334-1726-438E-99AE-EDEB54688BD0} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-26 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-7 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-7 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 38144]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-4 63472]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-27 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-23 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2009-12-10 266240]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-26 656624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-27 215040]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-4 56816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
S3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-4 526320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-08-09 13:22:16    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AA01638-546A-4B14-BC6E-BC23AAE8E8A7}\mpengine.dll
2013-08-09 11:47:01    --------    d-----w-    C:\Users\iut044\AppData\Local\{AE2B8D17-C366-4FFC-8242-5A423FD4E3AA}
.
==================== Find3M  ====================
.
2013-07-09 18:41:56    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 18:41:56    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 21:23:17    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:23:00    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-15 10:25:26    24064    ----a-w-    C:\Windows\zoek-delete.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 18:29:54.71 ===============

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2725A334-1726-438E-99AE-EDEB54688BD0} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-26 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-7 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-7 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 38144]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-4 63472]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-27 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-23 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2009-12-10 266240]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-26 656624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-27 215040]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-4 56816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
S3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-4 526320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-08-09 13:22:16    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AA01638-546A-4B14-BC6E-BC23AAE8E8A7}\mpengine.dll
2013-08-09 11:47:01    --------    d-----w-    C:\Users\iut044\AppData\Local\{AE2B8D17-C366-4FFC-8242-5A423FD4E3AA}
.
==================== Find3M  ====================
.
2013-07-09 18:41:56    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 18:41:56    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 21:23:17    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:23:00    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-15 10:25:26    24064    ----a-w-    C:\Windows\zoek-delete.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 18:29:54.71 ===============
 

Link to post
Share on other sites

Opps I double posted one and not the other

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/10/2009 16:06:58
System Uptime: 09/08/2013 12:01:18 (6 hours ago)
.
Motherboard: Dell Inc. |  | 0N826N
Processor: Intel® Core2 Quad CPU    Q8300  @ 2.50GHz | Socket 775 | 1973/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 587 GiB total, 406.347 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: RapportPG64
Device ID: ROOT\LEGACY_RAPPORTPG64\0000
Manufacturer:
Name: RapportPG64
PNP Device ID: ROOT\LEGACY_RAPPORTPG64\0000
Service: RapportPG64
.
==== System Restore Points ===================
.
RP438: 16/07/2013 07:28:56 - Windows Update
RP439: 19/07/2013 09:26:23 - Windows Update
RP440: 23/07/2013 08:18:13 - Windows Update
RP441: 30/07/2013 07:19:45 - Windows Update
RP442: 02/08/2013 07:36:36 - Windows Update
RP443: 06/08/2013 06:57:50 - Windows Update
RP444: 09/08/2013 14:21:47 - Windows Update
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Amazon MP3 Downloader 1.0.17
AMD DnD V1.0.19
ATI Catalyst Install Manager
ATI Catalyst Registration
avast! Free Antivirus
Avi2Dvd 0.5
AviSynth 2.5
BlackBerry Desktop Software 7.0
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer Driver Add-On Module V2.00
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MX330 series MP Drivers
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
CCleaner
Comodo Dragon
COMODO Internet Security
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
ffdshow [rev 2844] [2009-03-30]
Google Chrome
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
ImgBurn
Junk Mail filter update
K-Lite Codec Pack 5.3.0 (Basic)
Magic ISO Maker v5.5 (build 0276)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Pidgin
Plants vs. Zombies
PowerDVD DX
Rapport
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
USB 3G Super GSM Reader II v2.8.10
VLC media player 2.0.8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.0
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
09/08/2013 12:01:45, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
09/08/2013 12:01:32, Error: Service Control Manager [7000]  - The Rapport Management Service service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
.
==== End Of File ===========================
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by iut044 at 18:29:17 on 2013-08-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6142.4086 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\CSHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\iut044\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll


TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2725A334-1726-438E-99AE-EDEB54688BD0} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-26 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-7 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-7 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 38144]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-4 63472]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-27 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-23 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2009-12-10 266240]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-26 656624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-27 215040]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-4 56816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
S3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-4 526320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-08-09 13:22:16    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AA01638-546A-4B14-BC6E-BC23AAE8E8A7}\mpengine.dll
2013-08-09 11:47:01    --------    d-----w-    C:\Users\iut044\AppData\Local\{AE2B8D17-C366-4FFC-8242-5A423FD4E3AA}
.
==================== Find3M  ====================
.
2013-07-09 18:41:56    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 18:41:56    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 21:23:17    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:23:00    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-15 10:25:26    24064    ----a-w-    C:\Windows\zoek-delete.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 18:29:54.71 ===============
 

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 19:19:03
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : iut044 - IUT044-PC
# Boot Mode : Normal
# Running from : C:\Users\iut044\Desktop\adwcleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1022 octets] - [09/08/2013 01:04:56]
AdwCleaner[R2].txt - [888 octets] - [09/08/2013 19:19:03]
AdwCleaner[s1].txt - [10141 octets] - [20/05/2013 01:11:45]
AdwCleaner[s2].txt - [1083 octets] - [09/08/2013 01:06:01]

########## EOF - C:\AdwCleaner[R2].txt - [1068 octets] ##########
 

Link to post
Share on other sites

Some adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 19:46:10
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : iut044 - IUT044-PC
# Boot Mode : Normal
# Running from : C:\Users\iut044\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
iut044 :: IUT044-PC [administrator]

09/08/2013 20:17:25
mbam-log-2013-08-09 (20-17-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221884
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.9 (08.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by iut044 on 09/08/2013 at 19:50:57.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\iut044\appdata\local\{AE2B8D17-C366-4FFC-8242-5A423FD4E3AA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



***** [Files / Folders] *****


***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1022 octets] - [09/08/2013 01:04:56]
AdwCleaner[R2].txt - [1137 octets] - [09/08/2013 19:19:03]
AdwCleaner[s1].txt - [10141 octets] - [20/05/2013 01:11:45]
AdwCleaner[s2].txt - [1083 octets] - [09/08/2013 01:06:01]
AdwCleaner[s3].txt - [1069 octets] - [09/08/2013 19:46:10]

########## EOF - C:\AdwCleaner[s3].txt - [1129 octets] ##########
 

Link to post
Share on other sites

Database version: v2013.08.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
iut044 :: IUT044-PC [administrator]

09/08/2013 20:17:25
mbam-log-2013-08-09 (20-17-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221884
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (64 bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by iut044 (administrator) on 09-08-2013 23:34:07
Running from C:\Users\iut044\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Windows\SysWOW64\CSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKCU\...\Run: [Google Update] - C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-15] (Google Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [iSUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe [210208 2008-09-26] (Acresso Corporation)
MountPoints2: I - I:\LaunchU3.exe -a
MountPoints2: {5220d13c-c638-11de-bad9-002564d37d9d} - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs:       C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 CSHelper; C:\Windows\SysWOW64\CSHelper.exe [266240 2009-12-10] ()
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S3 RapportLaunService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [526320 2010-10-04] (Trusteer Ltd.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [767208 2010-10-04] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
R1 RapportKE64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [63472 2010-10-04] (Trusteer Ltd.)
R1 RapportKE64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [63472 2010-10-04] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [56816 2010-10-04] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [56816 2010-10-04] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 23:32 - 2013-08-09 23:32 - 01790633 _____ (Farbar) C:\Users\iut044\Desktop\FRST64.exe
2013-08-09 19:58 - 2013-08-09 19:58 - 00000735 _____ C:\Users\iut044\Desktop\JRT.txt
2013-08-09 19:50 - 2013-08-09 19:50 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\iut044\Desktop\JRT.exe
2013-08-09 19:46 - 2013-08-09 19:46 - 00001198 _____ C:\AdwCleaner[s3].txt
2013-08-09 19:19 - 2013-08-09 19:19 - 00001137 _____ C:\AdwCleaner[R2].txt
2013-08-09 19:18 - 2013-08-09 19:18 - 00666633 _____ C:\Users\iut044\Desktop\adwcleaner.exe
2013-08-09 18:30 - 2013-08-09 18:30 - 00007094 _____ C:\Users\iut044\Desktop\attach.txt
2013-08-09 18:30 - 2013-08-09 18:29 - 00013334 _____ C:\Users\iut044\Desktop\dds.txt
2013-08-09 18:28 - 2013-08-09 18:28 - 00688992 _____ (Swearware) C:\Users\iut044\Downloads\dds.com
2013-08-09 18:26 - 2013-08-09 18:26 - 00688992 ____R (Swearware) C:\Users\iut044\Desktop\dds.scr
2013-08-09 15:59 - 2013-08-09 16:05 - 00000000 ____D C:\Users\iut044\Desktop\Burn.Notice.S07E09.720p.HDTV.x264-IMMERSE
2013-08-09 15:54 - 2013-08-09 15:54 - 00000000 ____D C:\Users\iut044\Desktop\Under.the.Dome.S01E07.720p.HDTV.X264-DIMENSION
2013-08-09 05:54 - 2013-08-09 05:54 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\iut044\Downloads\JRT.exe
2013-08-09 01:06 - 2013-08-09 01:06 - 00001083 _____ C:\AdwCleaner[s2].txt
2013-08-09 01:05 - 2013-08-09 01:05 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (3).exe
2013-08-09 01:04 - 2013-08-09 01:05 - 00001022 _____ C:\AdwCleaner[R1].txt
2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (2).exe
2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (1).exe
2013-08-09 00:51 - 2013-08-09 00:51 - 00000000 ____D C:\Users\iut044\Desktop\Old Firefox Data
2013-08-09 00:49 - 2013-08-09 00:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-06 08:29 - 2013-08-09 22:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 08:29 - 2013-08-09 21:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 08:29 - 2013-08-06 21:57 - 00000000 ____D C:\Program Files\Google
2013-08-06 08:29 - 2013-08-06 21:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 08:29 - 2013-08-06 11:40 - 00000000 ____D C:\ProgramData\Google
2013-08-06 08:29 - 2013-08-06 08:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-06 08:29 - 2013-08-06 08:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-05 23:40 - 2013-08-05 23:40 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-05 23:37 - 2013-08-05 23:37 - 23003252 _____ C:\Users\iut044\Downloads\vlc-2.0.8-win32.exe
2013-07-23 19:40 - 2013-07-23 19:40 - 00000000 ____D C:\Users\iut044\Desktop\the.killing.s03e09.720p.hdtv.x264-2hd
2013-07-12 13:20 - 2013-07-12 13:20 - 01972516 _____ C:\Users\iut044\Documents\dwp-reform-story-overview-notes.pptm

==================== One Month Modified Files and Folders =======

2013-08-09 23:33 - 2013-08-09 23:33 - 00000000 ____D C:\FRST
2013-08-09 23:32 - 2013-08-09 23:32 - 01790633 _____ (Farbar) C:\Users\iut044\Desktop\FRST64.exe
2013-08-09 23:30 - 2010-10-26 10:11 - 00000000 ____D C:\Users\iut044\AppData\Roaming\vlc
2013-08-09 23:24 - 2012-07-05 11:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 23:14 - 2010-01-15 18:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA.job
2013-08-09 22:42 - 2013-08-06 08:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 21:29 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 21:29 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 21:25 - 2009-07-14 06:10 - 01953829 _____ C:\Windows\WindowsUpdate.log
2013-08-09 21:23 - 2013-03-07 14:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-09 21:23 - 2009-11-02 08:31 - 00000000 ____D C:\Users\iut044\Tracing
2013-08-09 21:22 - 2013-08-06 08:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 21:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 21:21 - 2013-05-20 01:07 - 00011312 _____ C:\Windows\setupact.log
2013-08-09 19:58 - 2013-08-09 19:58 - 00000735 _____ C:\Users\iut044\Desktop\JRT.txt
2013-08-09 19:50 - 2013-08-09 19:50 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\iut044\Desktop\JRT.exe
2013-08-09 19:46 - 2013-08-09 19:46 - 00001198 _____ C:\AdwCleaner[s3].txt
2013-08-09 19:19 - 2013-08-09 19:19 - 00001137 _____ C:\AdwCleaner[R2].txt
2013-08-09 19:18 - 2013-08-09 19:18 - 00666633 _____ C:\Users\iut044\Desktop\adwcleaner.exe
2013-08-09 18:30 - 2013-08-09 18:30 - 00007094 _____ C:\Users\iut044\Desktop\attach.txt
2013-08-09 18:29 - 2013-08-09 18:30 - 00013334 _____ C:\Users\iut044\Desktop\dds.txt
2013-08-09 18:28 - 2013-08-09 18:28 - 00688992 _____ (Swearware) C:\Users\iut044\Downloads\dds.com
2013-08-09 18:26 - 2013-08-09 18:26 - 00688992 ____R (Swearware) C:\Users\iut044\Desktop\dds.scr
2013-08-09 16:05 - 2013-08-09 15:59 - 00000000 ____D C:\Users\iut044\Desktop\Burn.Notice.S07E09.720p.HDTV.x264-IMMERSE
2013-08-09 15:54 - 2013-08-09 15:54 - 00000000 ____D C:\Users\iut044\Desktop\Under.the.Dome.S01E07.720p.HDTV.X264-DIMENSION
2013-08-09 13:14 - 2010-01-15 18:39 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core.job
2013-08-09 05:55 - 2013-05-15 11:41 - 00000000 ____D C:\Windows\ERUNT
2013-08-09 05:54 - 2013-08-09 05:54 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\iut044\Downloads\JRT.exe
2013-08-09 01:06 - 2013-08-09 01:06 - 00001083 _____ C:\AdwCleaner[s2].txt
2013-08-09 01:06 - 2013-05-21 01:40 - 00004974 _____ C:\Windows\PFRO.log
2013-08-09 01:06 - 2012-11-01 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-09 01:05 - 2013-08-09 01:05 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (3).exe
2013-08-09 01:05 - 2013-08-09 01:04 - 00001022 _____ C:\AdwCleaner[R1].txt
2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (2).exe
2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (1).exe
2013-08-09 00:51 - 2013-08-09 00:51 - 00000000 ____D C:\Users\iut044\Desktop\Old Firefox Data
2013-08-09 00:49 - 2013-08-09 00:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-06 21:57 - 2013-08-06 08:29 - 00000000 ____D C:\Program Files\Google
2013-08-06 21:57 - 2013-08-06 08:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 11:40 - 2013-08-06 08:29 - 00000000 ____D C:\ProgramData\Google
2013-08-06 11:40 - 2010-01-15 18:38 - 00000000 ____D C:\Users\iut044\AppData\Local\Google
2013-08-06 08:37 - 2013-08-06 08:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-06 08:37 - 2013-08-06 08:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-06 08:29 - 2009-11-01 16:55 - 00000000 ____D C:\Users\iut044\AppData\Local\Adobe
2013-08-06 00:01 - 2013-02-10 14:55 - 00000000 ____D C:\Users\iut044\Desktop\Match.com photos
2013-08-05 23:40 - 2013-08-05 23:40 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-05 23:37 - 2013-08-05 23:37 - 23003252 _____ C:\Users\iut044\Downloads\vlc-2.0.8-win32.exe
2013-08-01 22:18 - 2010-01-15 18:39 - 00002374 _____ C:\Users\iut044\Desktop\Google Chrome.lnk
2013-07-30 16:44 - 2012-01-30 10:48 - 00000000 ____D C:\Users\iut044\Desktop\jobs including cab applications
2013-07-23 19:40 - 2013-07-23 19:40 - 00000000 ____D C:\Users\iut044\Desktop\the.killing.s03e09.720p.hdtv.x264-2hd
2013-07-23 00:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-18 18:29 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 13:09 - 2010-01-15 18:39 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA
2013-07-13 13:09 - 2010-01-15 18:39 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core
2013-07-12 13:20 - 2013-07-12 13:20 - 01972516 _____ C:\Users\iut044\Documents\dwp-reform-story-overview-notes.pptm

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 00:55

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by iut044 at 2013-08-09 23:34:41
Running from C:\Users\iut044\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Download Manager (x32 Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD DnD V1.0.19 (x32 Version: 1.0.19)
ATI Catalyst Install Manager (Version: 3.0.745.0)
ATI Catalyst Registration (x32 Version: 2.01.0000)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Avi2Dvd 0.5 (x32 Version: 0.5)
AviSynth 2.5 (x32)
BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.0.8)
Canon MX330 series MP Drivers
Canon Utilities CameraWindow (x32 Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.0.0.11)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.0.14)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Core Implementation (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Light (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center HydraVision Full (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Localization All (x32 Version: 2009.0925.1707.28889)
CCC Help Chinese Standard (x32 Version: 2009.0925.1706.28889)
CCC Help Chinese Traditional (x32 Version: 2009.0925.1706.28889)
CCC Help English (x32 Version: 2009.0614.2130.36800)
CCC Help English (x32 Version: 2009.0925.1706.28889)
CCC Help Japanese (x32 Version: 2009.0925.1706.28889)
CCC Help Korean (x32 Version: 2009.0925.1706.28889)
CCC Help Thai (x32 Version: 2009.0925.1706.28889)
ccc-core-static (x32 Version: 2009.0614.2131.36800)
ccc-core-static (x32 Version: 2009.0925.1707.28889)
ccc-utility64 (Version: 2009.0614.2131.36800)
ccc-utility64 (Version: 2009.0925.1707.28889)
CCleaner (Version: 4.01)
Comodo Dragon (x32 Version: 15.0)
COMODO Internet Security (Version: 5.9.23255.2196)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 2.25)
Dell DataSafe Local Backup (x32 Version: 9.3.36)
Dell DataSafe Online (x32 Version: 1.1.0029)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager (HKCU Version: 1.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Support Software) (x32 Version: 2.5.09100)
ffdshow [rev 2844] [2009-03-30] (x32 Version: 1.0)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
GTK+ Runtime 2.14.7 rev a (remove only) (x32)
ImgBurn (x32 Version: 2.5.0.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Codec Pack 5.3.0 (Basic) (x32 Version: 5.3.0)
Magic ISO Maker v5.5 (build 0276) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 Premium (x32 Version: 9.00.2720)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
on Inkjet Printer Driver Add-On Module V2.00
Pidgin (x32 Version: 2.6.4)
Plants vs. Zombies (x32)
PowerDVD DX (x32 Version: 8.3.5424)
Rapport (x32 Version: 3.5.1005.71)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5864)
Roxio Burn (x32 Version: 1.0)
Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
USB 3G Super GSM Reader II v2.8.10 (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 14.0 (x32 Version: 14.0.8652)
Xvid 1.2.1 final uninstall (x32 Version: 1.2)

==================== Restore Points  =========================

16-07-2013 06:28:56 Windows Update
19-07-2013 08:26:23 Windows Update
23-07-2013 07:18:13 Windows Update
30-07-2013 06:19:45 Windows Update
02-08-2013 06:36:36 Windows Update
06-08-2013 05:57:50 Windows Update
09-08-2013 13:21:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-05-20 11:29 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {088D096D-2B30-4D51-AE4F-A86E60C0CB2D} - System32\Tasks\{D18B414E-E36F-4C3F-9FE6-A87BF49F763F} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion)
Task: {10F45384-127D-4AB6-BA27-F95BFBD8229D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2ED84FA2-E0E7-4A21-8162-D7D8DF1D3672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {60C4D632-277E-463E-87F2-C7F2496687AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {923DE986-88F4-49BC-9F6B-A9E0897D4C66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09] (Adobe Systems Incorporated)
Task: {93A890D6-1E81-450D-B5E8-851E925C52FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {94141230-4F9E-4E96-B5AD-ECA97255DCF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15] (Google Inc.)
Task: {C93F83A2-421E-417F-8A9F-98A1825C9F2B} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe No File
Task: {DDEE36B4-3F41-4B93-9F41-83FF17CBF56F} - System32\Tasks\{9D2B8237-4A8E-4B7A-A1DC-32CEDADB95CE} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion)
Task: {E66C88A5-7375-40A2-A10B-C9C46CD9BA7E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {EC9C3718-FFA6-41AE-8860-4E96AB8FAE1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {EEBFC3A7-9315-4F1D-A335-01F4CC53B78B} - System32\Tasks\{2C60A107-92DF-43F8-B7D6-C490524A4EF9} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion)
Task: {FB985129-414B-4F00-961E-4DA5DAD88FC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core.job => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA.job => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: RapportPG64
Description: RapportPG64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportPG64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/09/2013 09:22:28 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/09/2013 09:21:56 PM) (Source: Service Control Manager) (User: )
Description: The Rapport Management Service service failed to start due to the following error:
%%14001


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 6142.18 MB
Available physical RAM: 3881.05 MB
Total Pagefile: 12282.54 MB
Available Pagefile: 9825.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.97 GB) (Free:408.49 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS)

==================== End Of Log ==========================

Link to post
Share on other sites

I'm not seeing anything, usually Adware/Foistware is downloaded with other free programs that you install on your system.
If you can think of any such program, let me know.

For now......Download, install, update and run a scan with SUPERAntiSpyware Portable Scanner:

http://www.superantispyware.com/portablescanner.html

Let me know what it finds (it's going to find a lot of cookies)

MrC

Link to post
Share on other sites

did a quick scan

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/10/2013 at 00:02 AM

Application Version : 5.6.1020

Core Rules Database Version : 10678
Trace Rules Database Version: 8490

Scan type       : Quick Scan
Total Scan Time : 00:03:50

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 724
Memory threats detected   : 0
Registry items scanned    : 59724
Registry threats detected : 0
File items scanned        : 11701
File threats detected     : 55

Adware.Tracking Cookie
    .imrworldwide.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\TZZDOOBH.txt [ /serving-sys.com ]
    .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\KUDOD04Y.txt [ /advertising.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\WTBMN82Z.txt [ /ads.undertone.com ]
    .invitemedia.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\V0R7N7T1.txt [ /media6degrees.com ]
    .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\505O87JB.txt [ /ad.yieldmanager.com ]
    .lucidmedia.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\77SAFDEY.txt [ /h.atdmt.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\ARIYYQY5.txt [ /invitemedia.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\U38MPY78.txt [ /tribalfusion.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\E3XPC1GO.txt [ /atdmt.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\3EAUQKDN.txt [ /revsci.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\NGYFRHBC.txt [ /adviva.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\KAMXSU9A.txt [ /doubleclick.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\1X1YWMYK.txt [ /adform.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\52T8FKPG.txt [ /imrworldwide.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\M0C2GTRG.txt [ /specificclick.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\SPOCCWPF.txt [ /findlaw.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\R253S6U9.txt [ /ads.p161.net ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\S853IACU.txt [ /ru4.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\WKAS7773.txt [ /lucidmedia.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\PJBCMT3X.txt [ /casalemedia.com ]
    C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\O8Q3HRSS.txt [ /track.adform.net ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

Link to post
Share on other sites

One more scan and we'll see how it is.....

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.