Jump to content

iut044

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. thank you for your help

  2. Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader XI Mozilla Firefox (23.0) Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. You can check with the image the only log is the one that I posted before . I remember that it found somethings related about ask toolbar and something hiddenstart for for dell datasafe .
  4. the only log that I can find is this which did not seem right right ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  5. did a quick scan SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/10/2013 at 00:02 AM Application Version : 5.6.1020 Core Rules Database Version : 10678 Trace Rules Database Version: 8490 Scan type : Quick Scan Total Scan Time : 00:03:50 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 724 Memory threats detected : 0 Registry items scanned : 59724 Registry threats detected : 0 File items scanned : 11701 File threats detected : 55 Adware.Tracking Cookie .imrworldwide.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .c.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .h.atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] vlc-media-player.en.softonic.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\TZZDOOBH.txt [ /serving-sys.com ] .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .advertising.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\KUDOD04Y.txt [ /advertising.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\WTBMN82Z.txt [ /ads.undertone.com ] .invitemedia.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\V0R7N7T1.txt [ /media6degrees.com ] .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\505O87JB.txt [ /ad.yieldmanager.com ] .lucidmedia.com [ C:\USERS\IUT044\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8QJSQNKL.DEFAULT-1376005866982\COOKIES.SQLITE ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\77SAFDEY.txt [ /h.atdmt.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\ARIYYQY5.txt [ /invitemedia.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\U38MPY78.txt [ /tribalfusion.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\E3XPC1GO.txt [ /atdmt.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\3EAUQKDN.txt [ /revsci.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\NGYFRHBC.txt [ /adviva.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\KAMXSU9A.txt [ /doubleclick.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\1X1YWMYK.txt [ /adform.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\52T8FKPG.txt [ /imrworldwide.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\M0C2GTRG.txt [ /specificclick.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\SPOCCWPF.txt [ /findlaw.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\R253S6U9.txt [ /ads.p161.net ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\S853IACU.txt [ /ru4.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\WKAS7773.txt [ /lucidmedia.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\PJBCMT3X.txt [ /casalemedia.com ] C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Cookies\O8Q3HRSS.txt [ /track.adform.net ] .atdmt.com [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\IUT044\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
  6. I got the original infection from a free program that I unistalled straight after that .
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013 Ran by iut044 (administrator) on 09-08-2013 23:34:07 Running from C:\Users\iut044\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe () C:\Windows\SysWOW64\CSHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x] HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO) HKCU\...\Run: [Google Update] - C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-15] (Google Inc.) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [iSUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe [210208 2008-09-26] (Acresso Corporation) MountPoints2: I - I:\LaunchU3.exe -a MountPoints2: {5220d13c-c638-11de-bad9-002564d37d9d} - I:\LaunchU3.exe -a HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] () HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] () HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO) AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\iut044\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\iut044\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\iut044\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Docs) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO) R2 CSHelper; C:\Windows\SysWOW64\CSHelper.exe [266240 2009-12-10] () S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) S3 RapportLaunService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [526320 2010-10-04] (Trusteer Ltd.) S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [767208 2010-10-04] (Trusteer Ltd.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO) R1 RapportKE64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [63472 2010-10-04] (Trusteer Ltd.) R1 RapportKE64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [63472 2010-10-04] (Trusteer Ltd.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [56816 2010-10-04] (Trusteer Ltd.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [56816 2010-10-04] (Trusteer Ltd.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-09 23:32 - 2013-08-09 23:32 - 01790633 _____ (Farbar) C:\Users\iut044\Desktop\FRST64.exe 2013-08-09 19:58 - 2013-08-09 19:58 - 00000735 _____ C:\Users\iut044\Desktop\JRT.txt 2013-08-09 19:50 - 2013-08-09 19:50 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\iut044\Desktop\JRT.exe 2013-08-09 19:46 - 2013-08-09 19:46 - 00001198 _____ C:\AdwCleaner[s3].txt 2013-08-09 19:19 - 2013-08-09 19:19 - 00001137 _____ C:\AdwCleaner[R2].txt 2013-08-09 19:18 - 2013-08-09 19:18 - 00666633 _____ C:\Users\iut044\Desktop\adwcleaner.exe 2013-08-09 18:30 - 2013-08-09 18:30 - 00007094 _____ C:\Users\iut044\Desktop\attach.txt 2013-08-09 18:30 - 2013-08-09 18:29 - 00013334 _____ C:\Users\iut044\Desktop\dds.txt 2013-08-09 18:28 - 2013-08-09 18:28 - 00688992 _____ (Swearware) C:\Users\iut044\Downloads\dds.com 2013-08-09 18:26 - 2013-08-09 18:26 - 00688992 ____R (Swearware) C:\Users\iut044\Desktop\dds.scr 2013-08-09 15:59 - 2013-08-09 16:05 - 00000000 ____D C:\Users\iut044\Desktop\Burn.Notice.S07E09.720p.HDTV.x264-IMMERSE 2013-08-09 15:54 - 2013-08-09 15:54 - 00000000 ____D C:\Users\iut044\Desktop\Under.the.Dome.S01E07.720p.HDTV.X264-DIMENSION 2013-08-09 05:54 - 2013-08-09 05:54 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\iut044\Downloads\JRT.exe 2013-08-09 01:06 - 2013-08-09 01:06 - 00001083 _____ C:\AdwCleaner[s2].txt 2013-08-09 01:05 - 2013-08-09 01:05 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (3).exe 2013-08-09 01:04 - 2013-08-09 01:05 - 00001022 _____ C:\AdwCleaner[R1].txt 2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (2).exe 2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (1).exe 2013-08-09 00:51 - 2013-08-09 00:51 - 00000000 ____D C:\Users\iut044\Desktop\Old Firefox Data 2013-08-09 00:49 - 2013-08-09 00:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-06 08:29 - 2013-08-09 22:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-06 08:29 - 2013-08-09 21:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-06 08:29 - 2013-08-06 21:57 - 00000000 ____D C:\Program Files\Google 2013-08-06 08:29 - 2013-08-06 21:57 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-06 08:29 - 2013-08-06 11:40 - 00000000 ____D C:\ProgramData\Google 2013-08-06 08:29 - 2013-08-06 08:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-06 08:29 - 2013-08-06 08:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-08-05 23:40 - 2013-08-05 23:40 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-05 23:37 - 2013-08-05 23:37 - 23003252 _____ C:\Users\iut044\Downloads\vlc-2.0.8-win32.exe 2013-07-23 19:40 - 2013-07-23 19:40 - 00000000 ____D C:\Users\iut044\Desktop\the.killing.s03e09.720p.hdtv.x264-2hd 2013-07-12 13:20 - 2013-07-12 13:20 - 01972516 _____ C:\Users\iut044\Documents\dwp-reform-story-overview-notes.pptm ==================== One Month Modified Files and Folders ======= 2013-08-09 23:33 - 2013-08-09 23:33 - 00000000 ____D C:\FRST 2013-08-09 23:32 - 2013-08-09 23:32 - 01790633 _____ (Farbar) C:\Users\iut044\Desktop\FRST64.exe 2013-08-09 23:30 - 2010-10-26 10:11 - 00000000 ____D C:\Users\iut044\AppData\Roaming\vlc 2013-08-09 23:24 - 2012-07-05 11:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-09 23:14 - 2010-01-15 18:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA.job 2013-08-09 22:42 - 2013-08-06 08:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-09 21:29 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-09 21:29 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-09 21:25 - 2009-07-14 06:10 - 01953829 _____ C:\Windows\WindowsUpdate.log 2013-08-09 21:23 - 2013-03-07 14:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-09 21:23 - 2009-11-02 08:31 - 00000000 ____D C:\Users\iut044\Tracing 2013-08-09 21:22 - 2013-08-06 08:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-09 21:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-09 21:21 - 2013-05-20 01:07 - 00011312 _____ C:\Windows\setupact.log 2013-08-09 19:58 - 2013-08-09 19:58 - 00000735 _____ C:\Users\iut044\Desktop\JRT.txt 2013-08-09 19:50 - 2013-08-09 19:50 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\iut044\Desktop\JRT.exe 2013-08-09 19:46 - 2013-08-09 19:46 - 00001198 _____ C:\AdwCleaner[s3].txt 2013-08-09 19:19 - 2013-08-09 19:19 - 00001137 _____ C:\AdwCleaner[R2].txt 2013-08-09 19:18 - 2013-08-09 19:18 - 00666633 _____ C:\Users\iut044\Desktop\adwcleaner.exe 2013-08-09 18:30 - 2013-08-09 18:30 - 00007094 _____ C:\Users\iut044\Desktop\attach.txt 2013-08-09 18:29 - 2013-08-09 18:30 - 00013334 _____ C:\Users\iut044\Desktop\dds.txt 2013-08-09 18:28 - 2013-08-09 18:28 - 00688992 _____ (Swearware) C:\Users\iut044\Downloads\dds.com 2013-08-09 18:26 - 2013-08-09 18:26 - 00688992 ____R (Swearware) C:\Users\iut044\Desktop\dds.scr 2013-08-09 16:05 - 2013-08-09 15:59 - 00000000 ____D C:\Users\iut044\Desktop\Burn.Notice.S07E09.720p.HDTV.x264-IMMERSE 2013-08-09 15:54 - 2013-08-09 15:54 - 00000000 ____D C:\Users\iut044\Desktop\Under.the.Dome.S01E07.720p.HDTV.X264-DIMENSION 2013-08-09 13:14 - 2010-01-15 18:39 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core.job 2013-08-09 05:55 - 2013-05-15 11:41 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 05:54 - 2013-08-09 05:54 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\iut044\Downloads\JRT.exe 2013-08-09 01:06 - 2013-08-09 01:06 - 00001083 _____ C:\AdwCleaner[s2].txt 2013-08-09 01:06 - 2013-05-21 01:40 - 00004974 _____ C:\Windows\PFRO.log 2013-08-09 01:06 - 2012-11-01 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-09 01:05 - 2013-08-09 01:05 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (3).exe 2013-08-09 01:05 - 2013-08-09 01:04 - 00001022 _____ C:\AdwCleaner[R1].txt 2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (2).exe 2013-08-09 01:04 - 2013-08-09 01:04 - 00666633 _____ C:\Users\iut044\Downloads\adwcleaner (1).exe 2013-08-09 00:51 - 2013-08-09 00:51 - 00000000 ____D C:\Users\iut044\Desktop\Old Firefox Data 2013-08-09 00:49 - 2013-08-09 00:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-06 21:57 - 2013-08-06 08:29 - 00000000 ____D C:\Program Files\Google 2013-08-06 21:57 - 2013-08-06 08:29 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-06 11:40 - 2013-08-06 08:29 - 00000000 ____D C:\ProgramData\Google 2013-08-06 11:40 - 2010-01-15 18:38 - 00000000 ____D C:\Users\iut044\AppData\Local\Google 2013-08-06 08:37 - 2013-08-06 08:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-06 08:37 - 2013-08-06 08:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-08-06 08:29 - 2009-11-01 16:55 - 00000000 ____D C:\Users\iut044\AppData\Local\Adobe 2013-08-06 00:01 - 2013-02-10 14:55 - 00000000 ____D C:\Users\iut044\Desktop\Match.com photos 2013-08-05 23:40 - 2013-08-05 23:40 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-08-05 23:37 - 2013-08-05 23:37 - 23003252 _____ C:\Users\iut044\Downloads\vlc-2.0.8-win32.exe 2013-08-01 22:18 - 2010-01-15 18:39 - 00002374 _____ C:\Users\iut044\Desktop\Google Chrome.lnk 2013-07-30 16:44 - 2012-01-30 10:48 - 00000000 ____D C:\Users\iut044\Desktop\jobs including cab applications 2013-07-23 19:40 - 2013-07-23 19:40 - 00000000 ____D C:\Users\iut044\Desktop\the.killing.s03e09.720p.hdtv.x264-2hd 2013-07-23 00:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-18 18:29 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-13 13:09 - 2010-01-15 18:39 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA 2013-07-13 13:09 - 2010-01-15 18:39 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core 2013-07-12 13:20 - 2013-07-12 13:20 - 01972516 _____ C:\Users\iut044\Documents\dwp-reform-story-overview-notes.pptm ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-02 00:55 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013 Ran by iut044 at 2013-08-09 23:34:41 Running from C:\Users\iut044\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Download Manager (x32 Version: 1.6.2.63) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17) AMD DnD V1.0.19 (x32 Version: 1.0.19) ATI Catalyst Install Manager (Version: 3.0.745.0) ATI Catalyst Registration (x32 Version: 2.01.0000) avast! Free Antivirus (x32 Version: 8.0.1489.0) Avi2Dvd 0.5 (x32 Version: 0.5) AviSynth 2.5 (x32) BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11) Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.0.8) Canon MX330 series MP Drivers Canon Utilities CameraWindow (x32 Version: 7.4.0.7) Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11) Canon Utilities Movie Uploader for YouTube (x32 Version: 1.0.0.11) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (x32 Version: 6.5.0.14) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Core Implementation (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Full New (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Light (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0925.1707.28889) Catalyst Control Center HydraVision Full (x32 Version: 2009.0925.1707.28889) Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800) Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889) Catalyst Control Center Localization All (x32 Version: 2009.0925.1707.28889) CCC Help Chinese Standard (x32 Version: 2009.0925.1706.28889) CCC Help Chinese Traditional (x32 Version: 2009.0925.1706.28889) CCC Help English (x32 Version: 2009.0614.2130.36800) CCC Help English (x32 Version: 2009.0925.1706.28889) CCC Help Japanese (x32 Version: 2009.0925.1706.28889) CCC Help Korean (x32 Version: 2009.0925.1706.28889) CCC Help Thai (x32 Version: 2009.0925.1706.28889) ccc-core-static (x32 Version: 2009.0614.2131.36800) ccc-core-static (x32 Version: 2009.0925.1707.28889) ccc-utility64 (Version: 2009.0614.2131.36800) ccc-utility64 (Version: 2009.0925.1707.28889) CCleaner (Version: 4.01) Comodo Dragon (x32 Version: 15.0) COMODO Internet Security (Version: 5.9.23255.2196) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) D3DX10 (x32 Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (x32 Version: 2.25) Dell DataSafe Local Backup (x32 Version: 9.3.36) Dell DataSafe Online (x32 Version: 1.1.0029) Dell Dock (Version: 2.0.0) Dell Driver Download Manager (HKCU Version: 1.1.0.0) Dell Edoc Viewer (Version: 1.0.0) Dell Getting Started Guide (x32 Version: 1.00.0000) Dell Support Center (Support Software) (x32 Version: 2.5.09100) ffdshow [rev 2844] [2009-03-30] (x32 Version: 1.0) Google Chrome (HKCU Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) GTK+ Runtime 2.14.7 rev a (remove only) (x32) ImgBurn (x32 Version: 2.5.0.0) Junk Mail filter update (x32 Version: 15.4.3502.0922) K-Lite Codec Pack 5.3.0 (Basic) (x32 Version: 5.3.0) Magic ISO Maker v5.5 (build 0276) (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2000 Premium (x32 Version: 9.00.2720) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0) Mozilla Maintenance Service (x32 Version: 23.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) on Inkjet Printer Driver Add-On Module V2.00 Pidgin (x32 Version: 2.6.4) Plants vs. Zombies (x32) PowerDVD DX (x32 Version: 8.3.5424) Rapport (x32 Version: 3.5.1005.71) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5864) Roxio Burn (x32 Version: 1.0) Roxio Burn (x32 Version: 1.0.0) Roxio Update Manager (x32 Version: 6.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) USB 3G Super GSM Reader II v2.8.10 (x32) VLC media player 2.0.8 (x32 Version: 2.0.8) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinZip 14.0 (x32 Version: 14.0.8652) Xvid 1.2.1 final uninstall (x32 Version: 1.2) ==================== Restore Points ========================= 16-07-2013 06:28:56 Windows Update 19-07-2013 08:26:23 Windows Update 23-07-2013 07:18:13 Windows Update 30-07-2013 06:19:45 Windows Update 02-08-2013 06:36:36 Windows Update 06-08-2013 05:57:50 Windows Update 09-08-2013 13:21:47 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-05-20 11:29 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {088D096D-2B30-4D51-AE4F-A86E60C0CB2D} - System32\Tasks\{D18B414E-E36F-4C3F-9FE6-A87BF49F763F} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion) Task: {10F45384-127D-4AB6-BA27-F95BFBD8229D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {2ED84FA2-E0E7-4A21-8162-D7D8DF1D3672} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.) Task: {60C4D632-277E-463E-87F2-C7F2496687AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.) Task: {923DE986-88F4-49BC-9F6B-A9E0897D4C66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09] (Adobe Systems Incorporated) Task: {93A890D6-1E81-450D-B5E8-851E925C52FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {94141230-4F9E-4E96-B5AD-ECA97255DCF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15] (Google Inc.) Task: {C93F83A2-421E-417F-8A9F-98A1825C9F2B} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe No File Task: {DDEE36B4-3F41-4B93-9F41-83FF17CBF56F} - System32\Tasks\{9D2B8237-4A8E-4B7A-A1DC-32CEDADB95CE} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion) Task: {E66C88A5-7375-40A2-A10B-C9C46CD9BA7E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {EC9C3718-FFA6-41AE-8860-4E96AB8FAE1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {EEBFC3A7-9315-4F1D-A335-01F4CC53B78B} - System32\Tasks\{2C60A107-92DF-43F8-B7D6-C490524A4EF9} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2012-05-17] (Research In Motion) Task: {FB985129-414B-4F00-961E-4DA5DAD88FC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001Core.job => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1309787043-2456607959-234418474-1001UA.job => C:\Users\iut044\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: RapportPG64 Description: RapportPG64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RapportPG64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/09/2013 09:22:28 PM) (Source: VDS Basic Provider) (User: ) Description: Unexpected failure. Error code: D@01010004 Error: (08/09/2013 09:21:56 PM) (Source: Service Control Manager) (User: ) Description: The Rapport Management Service service failed to start due to the following error: %%14001 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 6142.18 MB Available physical RAM: 3881.05 MB Total Pagefile: 12282.54 MB Available Pagefile: 9825.17 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:586.97 GB) (Free:408.49 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 18000000) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS) ==================== End Of Log ==========================
  8. also I had iLivid and torch on computer programs which I unistalled .
  9. there was also PUP.Optional.Vid on the first infection scan
  10. I was getting adchoices toolbar on outlook.com and malwarebytes was finding PUP.Optional.Bandoo on scans
  11. It seems fine but it felt fine before and it came back that why I am asking for help
  12. Database version: v2013.08.09.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 iut044 :: IUT044-PC [administrator] 09/08/2013 20:17:25 mbam-log-2013-08-09 (20-17-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221884 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. # AdwCleaner v2.306 - Logfile created 08/09/2013 at 19:46:10 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : iut044 - IUT044-PC # Boot Mode : Normal # Running from : C:\Users\iut044\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.09.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 iut044 :: IUT044-PC [administrator] 09/08/2013 20:17:25 mbam-log-2013-08-09 (20-17-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221884 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.9 (08.09.2013:1) OS: Windows 7 Home Premium x64 Ran by iut044 on 09/08/2013 at 19:50:57.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\iut044\appdata\local\{AE2B8D17-C366-4FFC-8242-5A423FD4E3AA} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v23.0 (en-US) File : C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1022 octets] - [09/08/2013 01:04:56] AdwCleaner[R2].txt - [1137 octets] - [09/08/2013 19:19:03] AdwCleaner[s1].txt - [10141 octets] - [20/05/2013 01:11:45] AdwCleaner[s2].txt - [1083 octets] - [09/08/2013 01:06:01] AdwCleaner[s3].txt - [1069 octets] - [09/08/2013 19:46:10] ########## EOF - C:\AdwCleaner[s3].txt - [1129 octets] ##########
  14. # AdwCleaner v2.306 - Logfile created 08/09/2013 at 19:19:03 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : iut044 - IUT044-PC # Boot Mode : Normal # Running from : C:\Users\iut044\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v23.0 (en-US) File : C:\Users\iut044\AppData\Roaming\Mozilla\Firefox\Profiles\8qjsqnkl.default-1376005866982\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\iut044\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1022 octets] - [09/08/2013 01:04:56] AdwCleaner[R2].txt - [888 octets] - [09/08/2013 19:19:03] AdwCleaner[s1].txt - [10141 octets] - [20/05/2013 01:11:45] AdwCleaner[s2].txt - [1083 octets] - [09/08/2013 01:06:01] ########## EOF - C:\AdwCleaner[R2].txt - [1068 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.