Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eset finds 5 infected files


  • This topic is locked This topic is locked
21 replies to this topic

#1 Doc88

Doc88

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 31 December 2013 - 09:44 AM

it cleans them but they come back

 

C:\Users\Chris\Documents\Shockwave_Installer_Full.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Users\Chris\Documents\Leawo\ccsetup328(1).exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Users\Chris\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Users\Chris\Downloads\Shockwave_Installer_Full(1).exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Users\Chris\Downloads\Shockwave_Installer_Full.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
 

 

logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Chris at 14:41:57 on 2013-12-31
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1068 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\calc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\System32\calc.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{793ED1CD-EDC2-40C6-9B31-3A7C67AA8F66} : DHCPNameServer = 10.197.100.1 10.197.100.2 10.197.100.3
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\7lzzykuh.default-1388230871395\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-30 640560]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-30 165744]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-10-30 78144]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-30 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-4-8 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-10-30 490144]
R3 gttap1;GoTrusted Adapter;c:\windows\system32\drivers\gttap1.sys [2013-9-12 32552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-30 66832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-9-7 84248]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-21 75992]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-9-7 181912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-30 69880]
.
=============== Created Last 30 ================
.
2013-12-28 02:27:08    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{ed760f77-fae3-4ab6-bff4-5a1dcf670695}\offreg.dll
2013-12-27 14:56:35    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{ed760f77-fae3-4ab6-bff4-5a1dcf670695}\mpengine.dll
2013-12-18 17:00:35    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-12 03:01:01    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-12 03:01:00    768512    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-12-12 03:01:00    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-12 03:01:00    194560    ----a-w-    c:\program files\internet explorer\IEShims.dll
2013-12-12 03:01:00    149744    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-12-11 03:36:52    2050560    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 03:36:46    335360    ----a-w-    c:\windows\system32\SysFxUI.dll
2013-12-11 03:36:46    167936    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 03:36:46    130048    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 03:36:39    155648    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 03:36:39    135168    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 03:36:39    131072    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 03:36:38    36864    ----a-w-    c:\windows\system32\wshcon.dll
2013-12-11 03:36:38    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 03:31:36    158208    ----a-w-    c:\windows\system32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-12-14 20:51:33    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-14 20:51:33    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-19 03:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-14 22:42:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-13 11:53:54    66832    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-11-13 11:53:53    27168    ----a-w-    c:\windows\system32\bdsandboxuh.dll
2013-11-13 11:53:41    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin.dll
2013-10-30 23:13:08    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-10-30 02:13:01    1304064    ----a-w-    c:\windows\system32\WMALFXGFXDSP.dll
2013-10-21 08:52:16    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-11 02:08:02    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 12:45:45    993792    ----a-w-    c:\windows\system32\crypt32.dll
.
============= FINISH: 14:42:59.34 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 23/12/2013 20:02:57 (186 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core™2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 162.905 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP936: 05/12/2013 02:25:19 - Scheduled Checkpoint
RP937: 06/12/2013 00:00:05 - Scheduled Checkpoint
RP938: 06/12/2013 23:16:12 - Windows Update
RP939: 08/12/2013 00:00:09 - Scheduled Checkpoint
RP940: 09/12/2013 00:00:11 - Scheduled Checkpoint
RP941: 10/12/2013 00:00:09 - Scheduled Checkpoint
RP942: 10/12/2013 08:34:42 - Windows Update
RP943: 10/12/2013 23:38:29 - Scheduled Checkpoint
RP944: 12/12/2013 00:00:03 - Scheduled Checkpoint
RP945: 12/12/2013 03:00:14 - Windows Update
RP946: 13/12/2013 00:46:49 - Scheduled Checkpoint
RP947: 14/12/2013 00:23:54 - Scheduled Checkpoint
RP948: 15/12/2013 00:21:32 - Scheduled Checkpoint
RP949: 16/12/2013 00:00:09 - Scheduled Checkpoint
RP950: 16/12/2013 17:35:18 - Scheduled Checkpoint
RP951: 17/12/2013 09:38:57 - Windows Update
RP952: 18/12/2013 00:24:00 - Scheduled Checkpoint
RP953: 19/12/2013 00:00:07 - Scheduled Checkpoint
RP954: 20/12/2013 00:01:33 - Scheduled Checkpoint
RP955: 21/12/2013 15:49:40 - Windows Update
RP956: 22/12/2013 06:39:02 - Scheduled Checkpoint
RP957: 23/12/2013 00:00:23 - Scheduled Checkpoint
RP958: 23/12/2013 20:41:15 - Scheduled Checkpoint
RP959: 24/12/2013 21:33:42 - Windows Update
RP960: 26/12/2013 00:00:02 - Scheduled Checkpoint
RP961: 27/12/2013 00:24:14 - Scheduled Checkpoint
RP962: 28/12/2013 00:00:06 - Scheduled Checkpoint
RP963: 29/12/2013 00:00:02 - Scheduled Checkpoint
RP964: 30/12/2013 00:00:02 - Scheduled Checkpoint
RP965: 31/12/2013 00:00:04 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
32Red Casino
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Software Update
Bitdefender Internet Security
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
GoTrusted Secure Tunnel v2.3.5.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
neroxml
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VLC media player 2.0.8
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 05 January 2014 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519154 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 08 January 2014 - 09:34 AM

Greetings Doc88 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 08 January 2014 - 10:24 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014
Ran by Chris (administrator) on DELL-530 on 08-01-2014 15:22:19
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1834240 2013-12-16] (Bitdefender)
HKCU\...\Run: [GoTrusted] - C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe [214208 2013-10-16] (GoTrusted.com)
HKCU\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [477736 2013-12-16] (Bitdefender)
HKCU\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [612696 2013-12-16] (Bitdefender)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F4512E494ECE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Bitdefender.com/PasswordManager;version=17.8 - C:\Program Files\Bitdefender\Bitdefender\pmbxnp.dll (Bitdefender)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2013-12-01] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1234792 2013-12-01] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-07-19] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-13] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75992 2013-10-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)
S0 96062669; system32\DRIVERS\96062669.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 mbr; \??\C:\Users\Chris\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 15:22 - 2014-01-08 15:22 - 00010932 _____ C:\Users\Chris\Desktop\FRST.txt
2014-01-08 15:21 - 2014-01-08 15:21 - 00000000 ____D C:\FRST
2014-01-08 15:20 - 2014-01-08 15:20 - 01065719 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-01-05 03:26 - 2014-01-05 03:27 - 00000000 ____D C:\Program Files\CCleaner
2014-01-05 03:26 - 2014-01-05 03:26 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-05 03:25 - 2014-01-05 03:26 - 04645232 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup409.exe
2014-01-02 23:11 - 2014-01-02 23:11 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe
2013-12-31 14:53 - 2013-12-31 14:53 - 00000296 _____ C:\Windows\system32\spsys.log
2013-12-31 14:50 - 2013-12-31 14:50 - 00448512 _____ (OldTimer Tools) C:\Users\Chris\Downloads\TFC(1).exe
2013-12-31 14:43 - 2014-01-08 10:40 - 00011441 _____ C:\Users\Chris\Desktop\dds.txt
2013-12-31 14:40 - 2013-12-31 14:41 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds(1).com
2013-12-31 14:40 - 2013-12-31 14:40 - 00000644 _____ C:\Users\Chris\Downloads\XZCXZZC.txt
2013-12-31 12:35 - 2013-12-31 12:35 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2013-12-20 21:55 - 2013-12-28 11:41 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-12-17 21:17 - 2013-12-17 21:20 - 130234104 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe
2013-12-17 21:12 - 2013-12-17 21:16 - 00007054 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe
2013-12-17 21:01 - 2013-12-17 21:03 - 00058763 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part
2013-12-17 21:01 - 2013-12-17 21:01 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe
2013-12-16 14:13 - 2013-12-16 14:13 - 00000177 _____ C:\Users\Chris\Desktop\eset.txt
2013-12-13 18:03 - 2014-01-08 10:41 - 00006525 _____ C:\Users\Chris\Desktop\attach.txt
2013-12-13 18:02 - 2013-12-13 18:02 - 00688992 ____R (Swearware) C:\Users\Chris\Downloads\dds(1).scr
2013-12-12 03:01 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 03:01 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 03:01 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:00 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:00 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:00 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:00 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:00 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:00 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:00 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 03:00 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 03:00 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:00 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 03:00 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:36 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 03:36 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 03:36 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 03:36 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 03:36 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 03:36 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 03:36 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 03:36 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 03:36 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 03:31 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

==================== One Month Modified Files and Folders =======

2014-01-08 15:22 - 2014-01-08 15:22 - 00010932 _____ C:\Users\Chris\Desktop\FRST.txt
2014-01-08 15:21 - 2014-01-08 15:21 - 00000000 ____D C:\FRST
2014-01-08 15:20 - 2014-01-08 15:20 - 01065719 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-01-08 15:01 - 2012-06-09 16:42 - 01901470 _____ C:\Windows\WindowsUpdate.log
2014-01-08 14:53 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 14:53 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 14:47 - 2012-12-13 19:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 10:41 - 2013-12-13 18:03 - 00006525 _____ C:\Users\Chris\Desktop\attach.txt
2014-01-08 10:40 - 2013-12-31 14:43 - 00011441 _____ C:\Users\Chris\Desktop\dds.txt
2014-01-05 03:27 - 2014-01-05 03:26 - 00000000 ____D C:\Program Files\CCleaner
2014-01-05 03:26 - 2014-01-05 03:26 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-05 03:26 - 2014-01-05 03:25 - 04645232 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup409.exe
2014-01-02 23:11 - 2014-01-02 23:11 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe
2013-12-31 14:59 - 2006-11-02 10:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-31 14:53 - 2013-12-31 14:53 - 00000296 _____ C:\Windows\system32\spsys.log
2013-12-31 14:53 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-31 14:52 - 2006-11-02 13:01 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 14:50 - 2013-12-31 14:50 - 00448512 _____ (OldTimer Tools) C:\Users\Chris\Downloads\TFC(1).exe
2013-12-31 14:41 - 2013-12-31 14:40 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds(1).com
2013-12-31 14:40 - 2013-12-31 14:40 - 00000644 _____ C:\Users\Chris\Downloads\XZCXZZC.txt
2013-12-31 14:28 - 2012-03-18 20:07 - 00000000 ____D C:\Users\Chris\Documents\Leawo
2013-12-31 12:35 - 2013-12-31 12:35 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2013-12-28 11:41 - 2013-12-20 21:55 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-12-23 22:43 - 2011-12-31 13:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2013-12-23 22:43 - 2011-12-28 14:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Vso
2013-12-23 20:03 - 2013-01-13 17:03 - 03610720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-21 15:43 - 2013-10-31 00:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 21:55 - 2013-11-15 23:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 03:53 - 2013-11-02 09:41 - 00001041 _____ C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2013-12-18 18:33 - 2013-07-23 21:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2013-12-18 18:04 - 2013-05-06 13:42 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-12-18 16:57 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
2013-12-18 16:44 - 2012-01-11 03:46 - 00000000 ____D C:\Windows\ERDNT
2013-12-18 14:55 - 2008-10-23 12:37 - 00000000 ____D C:\Windows\system32\Adobe
2013-12-17 21:20 - 2013-12-17 21:17 - 130234104 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe
2013-12-17 21:16 - 2013-12-17 21:12 - 00007054 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe
2013-12-17 21:03 - 2013-12-17 21:01 - 00058763 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part
2013-12-17 21:01 - 2013-12-17 21:01 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe
2013-12-16 14:13 - 2013-12-16 14:13 - 00000177 _____ C:\Users\Chris\Desktop\eset.txt
2013-12-14 20:51 - 2012-12-13 19:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-14 20:51 - 2012-12-13 19:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 18:02 - 2013-12-13 18:02 - 00688992 ____R (Swearware) C:\Users\Chris\Downloads\dds(1).scr
2013-12-12 03:06 - 2013-01-08 21:45 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-12 03:02 - 2013-08-14 02:08 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 03:01 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 03:57

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014
Ran by Chris at 2014-01-08 15:22:51
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

 Leawo Video Converter version  5.1.0.0 (Version:  - )
32Red Casino (Version: 16.9.2.739 - )
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Internet Security (Version: 17.20.0.883 - Bitdefender)
CCleaner (Version: 4.09 - Piriform)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322 - )
EasyBCD 1.7 (Version: 1.7 - NeoSmart Technologies)
ESET Online Scanner v3 (Version:  - )
ffdshow [rev 2180] [2008-10-04] (Version: 1.0 - )
GoTrusted Secure Tunnel v2.3.5.9 (Version: 2.3.0059 - GoTrusted.com)
Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (Version:  - )
Nero 7 Lite 7.10.1.2 (Version: 7.10.1.2 - UpdatePack.nl)
neroxml (Version: 1.0.0 - Nero AG) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skitch (Version: 2.2.0.4 - Evernote Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
YouTube Downloader App 3.00 (Version: 3.00 - Regensoft)

==================== Restore Points  =========================

10-12-2013 08:34:42 Windows Update
10-12-2013 23:38:29 Scheduled Checkpoint
12-12-2013 00:00:03 Scheduled Checkpoint
12-12-2013 03:00:14 Windows Update
13-12-2013 00:46:49 Scheduled Checkpoint
14-12-2013 00:23:54 Scheduled Checkpoint
15-12-2013 00:21:32 Scheduled Checkpoint
16-12-2013 00:00:09 Scheduled Checkpoint
16-12-2013 17:35:18 Scheduled Checkpoint
17-12-2013 09:38:57 Windows Update
18-12-2013 00:24:00 Scheduled Checkpoint
19-12-2013 00:00:07 Scheduled Checkpoint
20-12-2013 00:01:33 Scheduled Checkpoint
21-12-2013 15:49:40 Windows Update
22-12-2013 06:39:02 Scheduled Checkpoint
23-12-2013 00:00:23 Scheduled Checkpoint
23-12-2013 20:41:15 Scheduled Checkpoint
24-12-2013 21:33:42 Windows Update
26-12-2013 00:00:02 Scheduled Checkpoint
27-12-2013 00:24:14 Scheduled Checkpoint
28-12-2013 00:00:06 Scheduled Checkpoint
29-12-2013 00:00:02 Scheduled Checkpoint
30-12-2013 00:00:02 Scheduled Checkpoint
31-12-2013 00:00:04 Scheduled Checkpoint
31-12-2013 15:31:27 Scheduled Checkpoint
31-12-2013 18:31:38 Windows Update
05-01-2014 04:00:07 Scheduled Checkpoint
06-01-2014 00:00:02 Scheduled Checkpoint
07-01-2014 00:00:07 Scheduled Checkpoint
07-01-2014 09:15:17 Windows Update
08-01-2014 00:40:24 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-01-28 15:22 - 2013-12-18 16:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6092D648-6209-4D6F-9B67-908F6DA777DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - \CreateChoiceProcessTask No Task File
Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-30 22:34 - 2013-06-19 12:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-10-30 22:34 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2013-11-15 23:24 - 2013-12-20 21:55 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-14 20:51 - 2013-12-14 20:51 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Chris\Desktop\dds(1).com:BDU
AlternateDataStreams: C:\Users\Chris\Desktop\startuplite-setup-1.07.exe:BDU
AlternateDataStreams: C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\(Movie) The Gambler (1974) (PeRfEcTo).avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\BD2013_Uninstall_Tool.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\ccsetup409.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\classic emmerdale 2006.01.09.tvrip.xvid.(4254).robinhood99.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\dds(1).scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\emandme.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\f3ac02847353e87bc1a33d61b5d09fa9(1).MOV:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\f3ac02847353e87bc1a33d61b5d09fa9.MOV:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\Firefox Setup 25.0.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FullTiltSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\GoTrustedInstaller_v2359.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E02.HDTV.XviD-2HD.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E03.HDTV.XviD-FQM.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E04.HDTV.XviD-ASAP.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E05.HDTV.x264-ASAP.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E06.HDTV.XviD-FQM.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E07.HDTV.XviD-FQM.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E08.HDTV.x264-ASAP.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\Luck.S01E09.HDTV.x264-ASAP.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbar-1.07.0.1007.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McKenzie_Lee_-_Cumshot_Compilation.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\MOV00687.MP4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\PSISetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(3).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SafariSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SizableSend.com-Upload-01-26-2013-1453018---George-Orwell-1984-DVD-RIP.avi:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\startuplite-setup-1.07(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\TFC(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\wlsetup-web(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Documents\Firefox Setup 21.0.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2013 11:46:32 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e48
Start Time: 01cf00b33e477a8c
Termination Time: 56

Error: (12/21/2013 05:02:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2013 04:18:38 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 25.0.1.5064, time stamp 0x5282f18a, faulting module mozalloc.dll, version 25.0.1.5064, time stamp 0x5282c493, exception code 0x80000003, fault offset 0x0000119c,
process id 0x13d0, application start time 0xplugin-container.exe0.

Error: (12/18/2013 05:00:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/18/2013 04:48:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/17/2013 09:24:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/16/2013 00:16:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/16/2013 00:16:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/12/2013 04:10:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/12/2013 04:10:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/31/2013 02:55:10 PM) (Source: Service Control Manager) (User: )
Description: 96062669

Error: (12/23/2013 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: 96062669

Error: (12/21/2013 03:45:06 PM) (Source: Service Control Manager) (User: )
Description: 96062669

Error: (12/21/2013 03:43:55 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 15:42:01 on 21/12/2013 was unexpected.

Error: (12/21/2013 03:26:42 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits.  The data is the error.

Error: (12/21/2013 03:11:42 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits.  The data is the error.

Error: (12/21/2013 00:57:42 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits.  The data is the error.

Error: (12/21/2013 00:56:42 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits.  The data is the error.

Error: (12/18/2013 04:57:25 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (12/18/2013 04:53:01 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================
Error: (12/26/2013 11:46:32 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087e4801cf00b33e477a8c56

Error: (12/21/2013 05:02:09 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/20/2013 04:18:38 AM) (Source: Application Error)(User: )
Description: plugin-container.exe25.0.1.50645282f18amozalloc.dll25.0.1.50645282c493800000030000119c13d001cefd39b2f13049

Error: (12/18/2013 05:00:37 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/18/2013 04:48:43 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/17/2013 09:24:49 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/16/2013 00:16:28 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/16/2013 00:16:27 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/12/2013 04:10:58 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/12/2013 04:10:58 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2014-01-08 15:22:28.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-08 15:22:28.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-08 15:22:28.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-08 15:22:28.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 17:03:17.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 17:03:17.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 17:03:17.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 17:03:17.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 16:50:02.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-18 16:50:01.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3060.45 MB
Available physical RAM: 1101.77 MB
Total Pagefile: 6351.91 MB
Available Pagefile: 3827.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:162.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Bodylastics User Manual) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 08 January 2014 - 11:23 AM

Greetings and thank you for the log.

Can you tell me if you recognize these files: 
2013-12-17 21:17 - 2013-12-17 21:20 - 130234104 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe
2013-12-17 21:12 - 2013-12-17 21:16 - 00007054 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe
2013-12-17 21:01 - 2013-12-17 21:03 - 00058763 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part
2013-12-17 21:01 - 2013-12-17 21:01 - 00000000 _____ C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe
Please run this fix for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S0 96062669; system32\DRIVERS\96062669.sys [x]
c:\windows\system32\DRIVERS\96062669.sys
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - \CreateChoiceProcessTask No Task File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Chris\Desktop\dds(1).com:BDU
AlternateDataStreams: C:\Users\Chris\Desktop\startuplite-setup-1.07.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\BD2013_Uninstall_Tool.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\ccsetup409.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds(1).scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\Firefox Setup 25.0.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FullTiltSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\GoTrustedInstaller_v2359.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbar-1.07.0.1007.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\PSISetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(3).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SafariSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\startuplite-setup-1.07(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\TFC(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\wlsetup-web(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Documents\Firefox Setup 21.0.exe:BDU
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the files?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 09 January 2014 - 06:41 PM

I think the files might be kaperksy scanner

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014
Ran by Chris at 2014-01-09 23:40:27 Run:1
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S0 96062669; system32\DRIVERS\96062669.sys [x]
c:\windows\system32\DRIVERS\96062669.sys
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - \CreateChoiceProcessTask No Task File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Chris\Desktop\dds(1).com:BDU
AlternateDataStreams: C:\Users\Chris\Desktop\startuplite-setup-1.07.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\BD2013_Uninstall_Tool.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\ccsetup409.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds(1).scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FHSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\Firefox Setup 25.0.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\FullTiltSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\GoTrustedInstaller_v2359.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\mbar-1.07.0.1007.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\McAfeeSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\PSISetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(2).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\QuickTimeInstaller(3).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SafariSetup.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\startuplite-setup-1.07(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\TFC(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\vlc-2.0.8-win32.exe:BDU
AlternateDataStreams: C:\Users\Chris\Downloads\wlsetup-web(1).exe:BDU
AlternateDataStreams: C:\Users\Chris\Documents\Firefox Setup 21.0.exe:BDU
*****************

96062669 => Service deleted successfully.
"c:\windows\system32\DRIVERS\96062669.sys" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{745733FA-3BB1-409F-9D9C-36EC6FD46BDF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{745733FA-3BB1-409F-9D9C-36EC6FD46BDF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask => Key deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Chris\Desktop\dds(1).com" => ":BDU" ADS not found.
C:\Users\Chris\Desktop\startuplite-setup-1.07.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\BD2013_Uninstall_Tool.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\ccsetup409.exe => ":BDU" ADS removed successfully.
"C:\Users\Chris\Downloads\dds(1).scr" => ":BDU" ADS not found.
"C:\Users\Chris\Downloads\dds.com" => ":BDU" ADS not found.
C:\Users\Chris\Downloads\dds.scr => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\FHSetup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\FHSetup(2).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\Firefox Setup 25.0.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\FullTiltSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\GoTrustedInstaller_v2359.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\jxpiinstall(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\KiesSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\mbar-1.07.0.1007.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\McAfeeSetup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\McAfeeSetup(2).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\McAfeeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\PSISetup.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\QuickTimeInstaller(2).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\QuickTimeInstaller(3).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\SafariSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\SecurityCheck.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(3).exe.part => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35(4).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\setup_11.0.1.1245.x01_2013_12_17_19_35.exe.part => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\startuplite-setup-1.07(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\tdsskiller(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\tdsskiller.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\TFC(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\vlc-2.0.8-win32(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\vlc-2.0.8-win32.exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Downloads\wlsetup-web(1).exe => ":BDU" ADS removed successfully.
C:\Users\Chris\Documents\Firefox Setup 21.0.exe => ":BDU" ADS removed successfully.

==== End of Fixlog ====

 

still a bit slowd

did you find anuthing?



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 09 January 2014 - 07:07 PM

Didn't find anything appearing too drastic. Please run this.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 10 January 2014 - 09:25 AM

it found an infected file~??

 

ComboFix 14-01-08.03 - Chris 10/01/2014  14:07:23.11.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.768 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1378259387.bdinstall.bin
c:\users\Chris\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
.
.
2014-01-10 14:15 . 2014-01-10 14:15    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-10 14:15 . 2014-01-10 14:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-08 15:21 . 2014-01-08 15:21    --------    d-----w-    C:\FRST
2014-01-07 09:15 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F0F1598-17E2-4F21-A824-7B080EC6706F}\mpengine.dll
2014-01-05 03:26 . 2014-01-05 03:27    --------    d-----w-    c:\program files\CCleaner
2013-12-12 03:01 . 2013-11-14 22:35    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-12 03:01 . 2013-11-14 23:18    149744    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-12-12 03:01 . 2013-11-14 22:40    768512    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-12-12 03:01 . 2013-11-14 22:40    194560    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
2013-12-12 03:01 . 2013-11-14 22:38    420864    ----a-w-    c:\windows\system32\vbscript.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 20:51 . 2012-12-13 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-14 20:51 . 2012-12-13 19:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-19 03:33 . 2011-02-04 13:29    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-13 11:53 . 2013-10-30 22:34    66832    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-11-13 11:53 . 2013-11-13 11:53    27168    ----a-w-    c:\windows\system32\bdsandboxuh.dll
2013-11-13 11:53 . 2013-11-13 11:53    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin.dll
2013-10-30 23:13 . 2013-10-30 23:13    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-10-30 02:13 . 2008-01-21 02:23    1304064    ----a-w-    c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 03:36    335360    ----a-w-    c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 03:36    130048    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 03:36    167936    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 03:36    2050560    ----a-w-    c:\windows\system32\win32k.sys
2013-10-22 07:19 . 2013-12-11 03:31    158208    ----a-w-    c:\windows\system32\imagehlp.dll
2013-10-21 08:52 . 2013-10-21 08:52    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoTrusted"="c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe" [2013-10-16 214208]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-16 477736]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-16 612696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-12-16 1834240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-16 477736]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-16 898512]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-16 612696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 20:51]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-10 14:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1812)
c:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
c:\windows\system32\BROWSEUI.dll
c:\windows\system32\DUser.dll
c:\windows\system32\EhStorShell.dll
c:\windows\system32\IconCodecService.dll
c:\windows\System32\shacct.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\ExplorerFrame.dll
c:\windows\System32\MMDevApi.dll
c:\windows\system32\FirewallAPI.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\Wlanapi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\System32\AltTab.dll
c:\windows\system32\XmlLite.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender\vsserv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Bitdefender\Bitdefender\updatesrv.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Bitdefender\Bitdefender\downloader.exe
.
**************************************************************************
.
Completion time: 2014-01-10  14:23:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-10 14:23
.
Pre-Run: 174,637,248,512 bytes free
Post-Run: 174,534,344,704 bytes free
.
- - End Of File - - 404DA93B0A66E4D15F4DEF09776245D8
5C616939100B85E558DA92B899A0FC36
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 10 January 2014 - 11:11 AM

Greetings,

it found an infected file~??

Yes, and that is an important file so that is good.

I would like you to send me a copy of the file that was found. Using Windows Explorer please navigate to C:\Qoobox\Quarantine\c:\windows\system32\userinit.exe. Zip the file then upload it here. I will be automatically notified when the file has successfully uploaded.

Following that please do this.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon photo.jpg and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 11 January 2014 - 06:50 AM

I COPY AND paste but cant find the file to send you



#11 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 11 January 2014 - 08:23 AM

i found it and sent it? do i delete it now?



#12 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 11 January 2014 - 12:55 PM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.11.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Enabled

11/01/2014 13:09:33
mbam-log-2014-01-11 (13-09-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202932
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

eset
 

C:\Users\Chris\Downloads\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 11 January 2014 - 04:10 PM

That file has been quarantined and can do no harm to your computer in its present location, however if you would like to delete it you most certainly can.

Those reports look quite good and ESET is no longer finding those entries. :)

One last check, is your computer running well? Any other issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Doc88

Doc88
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 12 January 2014 - 05:53 AM

SEEMS Okay thanks

the file eset deleted is the ones that originally caused me to post are they a worry

 

the file that was quarantined was that a virus, and did it do any damage? any idea what it was

 

thanks



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:19 AM

Posted 12 January 2014 - 09:52 AM

The file most recently quarantined by ESET is of no concern. That file is related to CCleaner setup. The installation of that program includes a "bundled" toolbar. Quite often these bundled items are considered a Potentially Unwanted Program (PUP) in part because they are installed by default unless the user unchecks the installation. Many people overlook that so they are not really giving specific permission for the installation of the toolbar. That is why it is "Potentially" unwanted.

Does this answer your question and alleviate your concern?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users