Dam_Hackers

I will keep an eye on it, thanks. I am not sure I was infected given I never ran the installer, but MBAM picked up the file sat there. Need to keep an eye on the hard drive activity as that was what alerted me initially as it was constantly accessing, slowing everything down to a crawl. disk scans found nothing in terms of errors. Thanks again for your help. I will look to make a donation post pay day!

Hi Kevin Thanks for responding so quickly last night. In terms of malware, does it look like im clean? Will take your advice RE:above Many thanks Graham

Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java version out of Date! Adobe Flash Player 11.9.900.117 Mozilla Firefox (24.0) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2012 avp.exe Kaspersky Lab Kaspersky Internet Security 2012 x64 wmi64.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

Hi Kevin Asked my Wife to run Malware Bytes - she said she did but no log Thus I ran the ESET scan first thinking MBAM had already been done. Summary as follows ESET found the file I have left on my pc as mentioned in my original post - AAGymlnn.exe.PART (now let ESET delete it), otherwise all clear. Malware found nothing Logs attached. I think im clean?? Thanks Graham ESET SCAN.txt mbam-log-2013-10-22 (20-40-49).txt

Hi Kevin, Thanks for your assistance. I have included all te logs as requested. I had already ran ADW in clean mode sunday so have uploaded that log as well. I have taken my PC off line, hence out of date Kasperksy - this is normally upto date. I have noticed that these are persistant from the ADW logs -\\ Mozilla Firefox v24.0 (en-GB) [ File : C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\xw5isgl8.default\prefs.js ] [ File : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\qwyzerd8.default\prefs.js ] Thanks again Graham Addition.txt AdwCleanerS0.txt AdwCleanerS2.txt FRST.txt

Hi all, First post! Whilst browsing the PESedit site, a link took me to uploaded.net where i was able to download some update. This site launched a nmber of other browser windows and one of these was the Ilivid page - i saw the link to iLivid and thought i would give it a try, started the downlaod but cancelled it. The file sits on my PC as AAGymlnn.exe.PART and was never renamed by FireFox to remove the .PART extension, although Virus total identifies that the ilivid install is 1,628,904 bytes, i had also downlaoded 1,628,904 bytes but by virtue of the file still being .PART i assume i cancelled it before it was renamed. I never ran the file and other then my hard drive starting to thrash around after 30 minutes or so i have no symptom - no home page redirects. The only reference to (PUP.Optional.Bandoo) is from the above file, log as follows: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.19.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Graham :: UBER2 [limited] 19/10/2013 18:44:42 mbam-log-2013-10-19 (18-44-42).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 499520 Time elapsed: 32 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YFCAY4K\mDesktopSetup1.6b4OC.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\Work\Downloads\mDesktopSetup1.6b4OC.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. E:\My Documents\Temp\AAGymlnn.exe.part (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. (end) Ran ADWCleaner - log as follows # AdwCleaner v3.009 - Report created 20/10/2013 at 10:57:39 # Updated 19/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Graham - UBER2 # Running from : F:\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\smartbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\OCS Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\OCS Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\Software\Conduit Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-GB) [ File : C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\xw5isgl8.default\prefs.js ] [ File : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\qwyzerd8.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1650 octets] - [20/10/2013 10:57:39] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1710 octets] ########## My concerns were raised because my PC would start running very slow after about 30-60 minutes of use (i only had to have the pc switched on and not actually doing anything) and only a reboot would fix the problem but it owuld always come back. This happened at the start of October but MBAM came back clean, when this behavious started again Saturday, this was the first sign of something and from what i can found out about Bandoo, it will occupy the resources of the PC My PC sometimes doesnt boot so maybe i just have a tired harddrive? I would appreciate your thoughts Thanks in advance Graham