mariajt

Members

View Profile See their activity

Posts
8
Joined
October 30, 2013
Last visited
November 2, 2013

Reputation

0 Neutral

google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

...not compatible with windows 7 32 bit. dling Avast free instead. Thank you!
- November 2, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

Tried to dl, but it tells me that it's not compatible with the version of Windows I'm running.
- November 2, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

It hasn't redirected the entire morning! I hope this means it's gone. Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
- November 1, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013 Ran by jaleh at 2013-10-31 16:53:29 Run:2 Running from C:\Users\jaleh\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start SearchScopes: HKLM - DefaultScope value is missing. 2013-10-29 16:55 - 2013-10-31 07:38 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe End ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. C:\ProgramData\SparkTrust => Moved successfully. C:\Users\jaleh\AppData\Roaming\SparkTrust => Moved successfully. C:\Users\jaleh\AppData\Roaming\DriverCure => Moved successfully. C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe => Moved successfully. ==== End of Fixlog ==== C:\FRST\Quarantine\C_8655.dll Win32/Ponmocup.AA trojan cleaned by deleting - quarantined C:\Users\jaleh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NG862BUC\indexx[1].htm HTML/Iframe.B.Gen virus deleted - quarantined C:\Users\jaleh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJ5VPBCY\mgxzqqrmtkm_10valubin_info[2].htm HTML/Iframe.B.Gen virus deleted - quarantined Operating memory probably a variant of Win32/Ponmocup.AA trojan
- November 1, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013 Ran by jaleh at 2013-10-31 07:35:44 Run:1 Running from C:\Users\jaleh\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKCU\...\Run: [ktvnrechr] - rundll32 "C:\Users\jaleh\AppData\Roaming\C_8655.dll",FIUD C:\Users\jaleh\AppData\Roaming\C_8655.dll MountPoints2: {0573e2cf-de32-11e2-a03b-806e6f6e6963} - E:\setup.exe -a U3 mbr; \??\C:\Users\jaleh\AppData\Local\Temp\mbr.sys [x] C:\Users\jaleh\AppData\Roaming\C_8655.dll C:\Users\jaleh\AppData\Local\Temp\50290uninstall.exe C:\Users\jaleh\AppData\Local\Temp\Gw2.exe C:\Users\jaleh\AppData\Local\Temp\Quarantine.exe C:\Users\jaleh\AppData\Local\Temp\swt-win32-3740.dll Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe End ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ktvnrechr => Value deleted successfully. C:\Users\jaleh\AppData\Roaming\C_8655.dll => Moved successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0573e2cf-de32-11e2-a03b-806e6f6e6963} => Key deleted successfully. HKCR\CLSID\{0573e2cf-de32-11e2-a03b-806e6f6e6963} => Key not found. mbr => Service deleted successfully. "C:\Users\jaleh\AppData\Roaming\C_8655.dll" => File/Directory not found. C:\Users\jaleh\AppData\Local\Temp\50290uninstall.exe => Moved successfully. C:\Users\jaleh\AppData\Local\Temp\Gw2.exe => Moved successfully. C:\Users\jaleh\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\jaleh\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully. C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => Moved successfully. C:\Windows\Tasks\SparkTrust Update Version3.job => Moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.31.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16721 jaleh :: JALEH-PC [administrator] 10/31/2013 7:42:11 AM mbam-log-2013-10-31 (07-42-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 188638 Time elapsed: 5 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013 Ran by jaleh (administrator) on JALEH-PC on 31-10-2013 08:06:58 Running from C:\Users\jaleh\Desktop\New folder Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\system32\LogonUI.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6B283A501DC8CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM - DefaultScope value is missing. Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\jaleh\AppData\Roaming\Mozilla\Firefox\Profiles\4cz00tf3.default FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", ""); FF SelectedSearchEngine: Google FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-31 07:35 - 2013-10-31 07:35 - 00021159 _____ C:\Users\jaleh\Downloads\FRST.txt 2013-10-31 07:31 - 2013-10-31 08:06 - 00000000 ____D C:\Users\jaleh\Desktop\New folder 2013-10-31 07:27 - 2013-10-31 07:27 - 00020873 _____ C:\Users\jaleh\Desktop\FRST.txt 2013-10-31 07:25 - 2013-10-31 07:25 - 00000766 _____ C:\Users\jaleh\Desktop\fixlist-2.txt 2013-10-31 07:19 - 2013-10-31 07:19 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(2).exe 2013-10-30 18:46 - 2013-10-30 18:46 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(1).exe 2013-10-30 11:50 - 2013-10-30 11:51 - 00009549 _____ C:\Users\jaleh\Downloads\Addition.txt 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:11 - 2013-10-30 10:21 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:11 - 2013-10-30 10:21 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-31 07:38 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:07 - 2013-10-29 12:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 16:19 - 00000000 ____D C:\AdwCleaner 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 00:51 - 2013-10-29 08:22 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-09 03:08 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 03:08 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 03:08 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 03:07 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 03:07 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 03:07 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-08 14:12 - 2013-09-13 19:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-08 14:12 - 2013-09-07 21:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-08 14:12 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-08 14:12 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-08 14:12 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-10-08 14:12 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-08 14:12 - 2013-08-28 20:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-08 14:12 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-08 14:12 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-08 14:12 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-08 14:12 - 2013-08-27 19:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-08 14:12 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-08 14:12 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-08 14:12 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-08 14:12 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-08 14:12 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-08 14:12 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-08 14:12 - 2013-07-04 04:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-08 14:12 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-08 14:12 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-08 14:12 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-08 14:12 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-05 01:54 - 2013-10-29 08:23 - 00000000 ____D C:\Users\jaleh\Desktop\entari ==================== One Month Modified Files and Folders ======= 2013-10-31 08:06 - 2013-10-31 07:31 - 00000000 ____D C:\Users\jaleh\Desktop\New folder 2013-10-31 07:58 - 2012-11-21 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-31 07:38 - 2013-10-29 16:55 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-31 07:35 - 2013-10-31 07:35 - 00021159 _____ C:\Users\jaleh\Downloads\FRST.txt 2013-10-31 07:29 - 2012-10-29 11:32 - 01651141 _____ C:\Windows\WindowsUpdate.log 2013-10-31 07:27 - 2013-10-31 07:27 - 00020873 _____ C:\Users\jaleh\Desktop\FRST.txt 2013-10-31 07:25 - 2013-10-31 07:25 - 00000766 _____ C:\Users\jaleh\Desktop\fixlist-2.txt 2013-10-31 07:19 - 2013-10-31 07:19 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(2).exe 2013-10-30 19:44 - 2012-11-21 14:40 - 00000000 ____D C:\Program Files\World of Warcraft 2013-10-30 18:46 - 2013-10-30 18:46 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(1).exe 2013-10-30 11:51 - 2013-10-30 11:50 - 00009549 _____ C:\Users\jaleh\Downloads\Addition.txt 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:21 - 2013-10-30 10:11 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:21 - 2013-10-30 10:11 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 09:54 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 09:54 - 2009-07-13 23:39 - 00049641 _____ C:\Windows\setupact.log 2013-10-30 09:53 - 2010-11-20 16:48 - 00015608 _____ C:\Windows\PFRO.log 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:51 - 2013-09-17 10:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:19 - 2013-10-29 11:15 - 00000000 ____D C:\AdwCleaner 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:08 - 2013-10-29 12:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 08:23 - 2013-10-05 01:54 - 00000000 ____D C:\Users\jaleh\Desktop\entari 2013-10-29 08:22 - 2013-10-29 00:51 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-25 10:46 - 2013-05-24 15:39 - 00000000 ____D C:\Users\jaleh\Desktop\corset 2013-10-09 04:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache 2013-10-09 03:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-09 03:33 - 2010-11-20 16:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-09 03:29 - 2012-12-08 20:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 03:29 - 2009-07-13 23:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 03:10 - 2013-08-13 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 03:09 - 2012-11-23 01:43 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 07:00 ==================== End Of Log ============================
- October 31, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

Sorry! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013 Ran by jaleh (administrator) on JALEH-PC on 30-10-2013 18:47:20 Running from C:\Users\jaleh\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\jaleh\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKCU\...\Run: [ktvnrechr] - rundll32 "C:\Users\jaleh\AppData\Roaming\C_8655.dll",FIUD MountPoints2: {0573e2cf-de32-11e2-a03b-806e6f6e6963} - E:\setup.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6B283A501DC8CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM - DefaultScope value is missing. Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\jaleh\AppData\Roaming\Mozilla\Firefox\Profiles\4cz00tf3.default FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", ""); FF SelectedSearchEngine: Google FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) U3 mbr; \??\C:\Users\jaleh\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 18:46 - 2013-10-30 18:46 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(1).exe 2013-10-30 11:50 - 2013-10-30 11:51 - 00009549 _____ C:\Users\jaleh\Downloads\Addition.txt 2013-10-30 11:49 - 2013-10-30 11:49 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST.exe 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:11 - 2013-10-30 10:21 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:11 - 2013-10-30 10:21 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-29 16:55 - 00001311 _____ C:\Users\jaleh\Desktop\SparkTrust PC Cleaner Plus.lnk 2013-10-29 16:55 - 2013-10-29 16:55 - 00000498 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000450 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000398 _____ C:\Windows\Tasks\SparkTrust Update Version3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000392 _____ C:\Windows\Tasks\SparkTrust Registration3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\Common Files\SparkTrust 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:07 - 2013-10-29 12:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 16:19 - 00000000 ____D C:\AdwCleaner 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 08:02 - 2013-10-29 08:02 - 00165888 __RSH C:\Users\jaleh\AppData\Roaming\C_8655.dll 2013-10-29 00:51 - 2013-10-29 08:22 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-09 03:08 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 03:08 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 03:08 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 03:07 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 03:07 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 03:07 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-08 14:12 - 2013-09-13 19:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-08 14:12 - 2013-09-07 21:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-08 14:12 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-08 14:12 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-08 14:12 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-10-08 14:12 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-08 14:12 - 2013-08-28 20:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-08 14:12 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-08 14:12 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-08 14:12 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-08 14:12 - 2013-08-27 19:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-08 14:12 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-08 14:12 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-08 14:12 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-08 14:12 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-08 14:12 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-08 14:12 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-08 14:12 - 2013-07-04 04:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-08 14:12 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-08 14:12 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-08 14:12 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-08 14:12 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-05 01:54 - 2013-10-29 08:23 - 00000000 ____D C:\Users\jaleh\Desktop\entari 2013-09-30 23:06 - 2013-09-30 23:06 - 00037888 _____ C:\Users\jaleh\Downloads\create-your-own-e-liquid-by-alpine77.xls ==================== One Month Modified Files and Folders ======= 2013-10-30 18:46 - 2013-10-30 18:46 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST(1).exe 2013-10-30 17:58 - 2012-11-21 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-30 17:06 - 2012-11-21 14:40 - 00000000 ____D C:\Program Files\World of Warcraft 2013-10-30 16:33 - 2012-10-29 11:32 - 01635256 _____ C:\Windows\WindowsUpdate.log 2013-10-30 11:51 - 2013-10-30 11:50 - 00009549 _____ C:\Users\jaleh\Downloads\Addition.txt 2013-10-30 11:49 - 2013-10-30 11:49 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST.exe 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:21 - 2013-10-30 10:11 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:21 - 2013-10-30 10:11 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 09:54 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 09:54 - 2009-07-13 23:39 - 00049641 _____ C:\Windows\setupact.log 2013-10-30 09:53 - 2010-11-20 16:48 - 00015608 _____ C:\Windows\PFRO.log 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:51 - 2013-09-17 10:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-29 16:55 - 00001311 _____ C:\Users\jaleh\Desktop\SparkTrust PC Cleaner Plus.lnk 2013-10-29 16:55 - 2013-10-29 16:55 - 00000498 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000450 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000398 _____ C:\Windows\Tasks\SparkTrust Update Version3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000392 _____ C:\Windows\Tasks\SparkTrust Registration3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\Common Files\SparkTrust 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:19 - 2013-10-29 11:15 - 00000000 ____D C:\AdwCleaner 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:08 - 2013-10-29 12:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 08:23 - 2013-10-05 01:54 - 00000000 ____D C:\Users\jaleh\Desktop\entari 2013-10-29 08:22 - 2013-10-29 00:51 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-29 08:02 - 2013-10-29 08:02 - 00165888 __RSH C:\Users\jaleh\AppData\Roaming\C_8655.dll 2013-10-25 10:46 - 2013-05-24 15:39 - 00000000 ____D C:\Users\jaleh\Desktop\corset 2013-10-09 04:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache 2013-10-09 03:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-09 03:33 - 2010-11-20 16:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-09 03:29 - 2012-12-08 20:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 03:29 - 2009-07-13 23:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 03:10 - 2013-08-13 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 03:09 - 2012-11-23 01:43 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-30 23:06 - 2013-09-30 23:06 - 00037888 _____ C:\Users\jaleh\Downloads\create-your-own-e-liquid-by-alpine77.xls Some content of TEMP: ==================== C:\Users\jaleh\AppData\Local\Temp\50290uninstall.exe C:\Users\jaleh\AppData\Local\Temp\Gw2.exe C:\Users\jaleh\AppData\Local\Temp\Quarantine.exe C:\Users\jaleh\AppData\Local\Temp\swt-win32-3740.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 01:17 ==================== End Of Log ============================
- October 30, 2013
- 15 replies
google redirect

mariajt replied to mariajt's topic in Resolved Malware Removal Logs

As far as I'm aware, I'm not running bit torrent, u-torrent. If I'm running them, let me know, please. I'm pretty incompetent when it comes to computers. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2013 Ran by jaleh at 2013-10-30 11:50:13 Running from C:\Users\jaleh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader XI (11.0.05) (Version: 11.0.05) Belarc Advisor 8.3 (Version: 8.3.0.0) Bonjour (Version: 3.0.0.10) ESET Online Scanner v3 GIMP (Version: 2.6.11) Jarte 5.0 (Version: 5.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0) Mozilla Maintenance Service (Version: 25.0) SparkTrust PC Cleaner Plus (Version: 3.1.10.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) World of Warcraft (Version: 5.4.1.17538) ==================== Restore Points ========================= 29-10-2013 14:43:00 Removed Apple Software Update 30-10-2013 04:09:40 Removed Java 7 Update 9 30-10-2013 04:10:19 Removed Java 7 Update 9 ==================== Hosts content: ========================== 2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {9C62E9D1-DE5A-47FC-8728-CDD754E92D21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-30 01:51 - 2013-10-25 20:53 - 03368048 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/30/2013 09:55:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 11:16:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 11:07:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 05:18:05 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 04:41:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 04:22:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 00:13:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/29/2013 08:22:57 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (10/29/2013 05:08:28 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:08:28 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:08:28 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/29/2013 05:06:06 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (10/30/2013 09:55:37 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 11:16:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 11:07:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 05:18:05 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 04:41:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 04:22:16 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2013 00:13:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 3198.33 MB Available physical RAM: 2167.95 MB Total Pagefile: 6394.95 MB Available Pagefile: 5354.43 MB Total Virtual: 2047.88 MB Available Virtual: 1886.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.43 GB) (Free:8.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: B304823B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End Of Log ============================ R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) U3 mbr; \??\C:\Users\jaleh\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 11:49 - 2013-10-30 11:49 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST.exe 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:11 - 2013-10-30 10:21 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:11 - 2013-10-30 10:21 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-29 16:55 - 00001311 _____ C:\Users\jaleh\Desktop\SparkTrust PC Cleaner Plus.lnk 2013-10-29 16:55 - 2013-10-29 16:55 - 00000498 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000450 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000398 _____ C:\Windows\Tasks\SparkTrust Update Version3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000392 _____ C:\Windows\Tasks\SparkTrust Registration3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\Common Files\SparkTrust 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:07 - 2013-10-29 12:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 16:19 - 00000000 ____D C:\AdwCleaner 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 08:02 - 2013-10-29 08:02 - 00165888 __RSH C:\Users\jaleh\AppData\Roaming\C_8655.dll 2013-10-29 00:51 - 2013-10-29 08:22 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-09 03:08 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 03:08 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 03:08 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 03:07 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 03:07 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 03:07 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 03:07 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 03:07 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-08 14:12 - 2013-09-13 19:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-08 14:12 - 2013-09-07 21:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-08 14:12 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-08 14:12 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-08 14:12 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-08 14:12 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-10-08 14:12 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-08 14:12 - 2013-08-28 20:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-08 14:12 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-08 14:12 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-08 14:12 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-08 14:12 - 2013-08-27 19:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-08 14:12 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-08 14:12 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-08 14:12 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-08 14:12 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-08 14:12 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-08 14:12 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-08 14:12 - 2013-07-04 04:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-08 14:12 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-08 14:12 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-08 14:12 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-08 14:12 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-08 14:12 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-08 14:12 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-05 01:54 - 2013-10-29 08:23 - 00000000 ____D C:\Users\jaleh\Desktop\entari 2013-09-30 23:06 - 2013-09-30 23:06 - 00037888 _____ C:\Users\jaleh\Downloads\create-your-own-e-liquid-by-alpine77.xls ==================== One Month Modified Files and Folders ======= 2013-10-30 11:49 - 2013-10-30 11:49 - 01089275 _____ (Farbar) C:\Users\jaleh\Downloads\FRST.exe 2013-10-30 11:49 - 2013-10-30 11:49 - 00000000 ____D C:\FRST 2013-10-30 10:58 - 2012-11-21 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-30 10:21 - 2013-10-30 10:21 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds(1).scr 2013-10-30 10:21 - 2013-10-30 10:11 - 00008287 _____ C:\Users\jaleh\Desktop\dds.txt 2013-10-30 10:21 - 2013-10-30 10:11 - 00004677 _____ C:\Users\jaleh\Desktop\attach.txt 2013-10-30 10:11 - 2013-10-30 10:11 - 00688992 ____R (Swearware) C:\Users\jaleh\Downloads\dds.scr 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 10:01 - 2009-07-13 23:34 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 09:58 - 2012-10-29 11:32 - 01634255 _____ C:\Windows\WindowsUpdate.log 2013-10-30 09:54 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 09:54 - 2009-07-13 23:39 - 00049641 _____ C:\Windows\setupact.log 2013-10-30 09:53 - 2010-11-20 16:48 - 00015608 _____ C:\Windows\PFRO.log 2013-10-30 01:51 - 2013-10-30 01:51 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-30 01:51 - 2013-10-30 01:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-30 01:51 - 2013-09-17 10:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-30 01:45 - 2013-10-30 01:45 - 00507595 _____ C:\Users\jaleh\Desktop\bookmarks final.html 2013-10-30 01:43 - 2013-10-30 01:43 - 00506130 _____ C:\Users\jaleh\Desktop\bookmarks.html 2013-10-29 16:55 - 2013-10-29 16:55 - 00001311 _____ C:\Users\jaleh\Desktop\SparkTrust PC Cleaner Plus.lnk 2013-10-29 16:55 - 2013-10-29 16:55 - 00000498 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000450 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000398 _____ C:\Windows\Tasks\SparkTrust Update Version3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000392 _____ C:\Windows\Tasks\SparkTrust Registration3.job 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Users\jaleh\AppData\Roaming\DriverCure 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\ProgramData\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\SparkTrust 2013-10-29 16:55 - 2013-10-29 16:55 - 00000000 ____D C:\Program Files\Common Files\SparkTrust 2013-10-29 16:54 - 2013-10-29 16:54 - 05955760 _____ (SparkTrust) C:\Users\jaleh\Downloads\SparkTrust PC Cleaner Plus Setup.exe 2013-10-29 16:19 - 2013-10-29 11:15 - 00000000 ____D C:\AdwCleaner 2013-10-29 16:18 - 2013-10-29 16:18 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner(1).exe 2013-10-29 16:16 - 2013-10-29 16:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(2).exe 2013-10-29 16:15 - 2013-10-29 16:15 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox(1).exe 2013-10-29 12:08 - 2013-10-29 12:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller(1).exe 2013-10-29 12:05 - 2013-10-29 12:05 - 00000674 _____ C:\Users\jaleh\Desktop\esetscan.txt 2013-10-29 11:30 - 2013-10-29 11:30 - 02347384 _____ (ESET) C:\Users\jaleh\Downloads\esetsmartinstaller_enu.exe 2013-10-29 11:30 - 2013-10-29 11:30 - 00000000 ____D C:\Program Files\ESET 2013-10-29 11:27 - 2013-10-29 11:27 - 00001295 _____ C:\Users\jaleh\Desktop\JRT.txt 2013-10-29 11:24 - 2013-10-29 11:24 - 00000000 ____D C:\Windows\ERUNT 2013-10-29 11:22 - 2013-10-29 11:22 - 01033335 _____ (Thisisu) C:\Users\jaleh\Downloads\JRT.exe 2013-10-29 11:15 - 2013-10-29 11:15 - 01060070 _____ C:\Users\jaleh\Downloads\AdwCleaner.exe 2013-10-29 11:07 - 2013-10-29 11:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jaleh\Downloads\tdsskiller.exe 2013-10-29 10:58 - 2013-10-29 10:58 - 00017223 _____ C:\Users\jaleh\Downloads\Result.txt 2013-10-29 10:55 - 2013-10-29 10:55 - 00760937 _____ (Farbar) C:\Users\jaleh\Downloads\MiniToolBox.exe 2013-10-29 10:10 - 2013-10-29 10:10 - 05708432 _____ (Systweak Inc ) C:\Users\jaleh\Downloads\rcpsetup12_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe 2013-10-29 08:23 - 2013-10-05 01:54 - 00000000 ____D C:\Users\jaleh\Desktop\entari 2013-10-29 08:22 - 2013-10-29 00:51 - 00000000 ____D C:\Users\jaleh\Desktop\victorian mish mesh 2013-10-29 08:11 - 2012-11-21 14:40 - 00000000 ____D C:\Program Files\World of Warcraft 2013-10-29 08:02 - 2013-10-29 08:02 - 00165888 __RSH C:\Users\jaleh\AppData\Roaming\C_8655.dll 2013-10-25 10:46 - 2013-05-24 15:39 - 00000000 ____D C:\Users\jaleh\Desktop\corset 2013-10-09 04:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache 2013-10-09 03:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-09 03:33 - 2010-11-20 16:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-09 03:29 - 2012-12-08 20:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 03:29 - 2009-07-13 23:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 03:10 - 2013-08-13 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 03:09 - 2012-11-23 01:43 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-09 03:00 - 2012-11-21 15:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-30 23:06 - 2013-09-30 23:06 - 00037888 _____ C:\Users\jaleh\Downloads\create-your-own-e-liquid-by-alpine77.xls Some content of TEMP: ==================== C:\Users\jaleh\AppData\Local\Temp\50290uninstall.exe C:\Users\jaleh\AppData\Local\Temp\Gw2.exe C:\Users\jaleh\AppData\Local\Temp\Quarantine.exe C:\Users\jaleh\AppData\Local\Temp\swt-win32-3740.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 01:17 ==================== End Of Log ============================
- October 30, 2013
- 15 replies
google redirect

mariajt posted a topic in Resolved Malware Removal Logs

Started yesterday. Computer is no slower, and no popups. However, virus redirects me endlessly. Both Firefox and Explorer are affected. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe uRun: [ktvnrechr] rundll32 "c:\users\jaleh\appdata\roaming\C_8655.dll",FIUD mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5B97F875-B76D-460A-A03F-9A1BD3848B33} : DHCPNameServer = 192.168.1.1 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jaleh\appdata\roaming\mozilla\firefox\profiles\4cz00tf3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-21 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-21 701512] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-21 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-23 1343400] . =============== Created Last 30 ================ . 2013-10-29 21:55:44 -------- d-----w- c:\users\jaleh\appdata\roaming\SparkTrust 2013-10-29 21:55:44 -------- d-----w- c:\users\jaleh\appdata\roaming\DriverCure 2013-10-29 21:55:37 -------- d-----w- c:\program files\common files\SparkTrust 2013-10-29 21:55:32 -------- d-----w- c:\programdata\SparkTrust 2013-10-29 21:55:32 -------- d-----w- c:\program files\SparkTrust 2013-10-29 21:46:30 -------- d-----w- c:\users\jaleh\appdata\local\ElevatedDiagnostics 2013-10-29 16:30:40 -------- d-----w- c:\program files\ESET 2013-10-29 16:24:13 -------- d-----w- c:\windows\ERUNT 2013-10-29 16:15:25 -------- d-----w- C:\AdwCleaner 2013-10-29 13:02:22 165888 --sha-r- c:\users\jaleh\appdata\roaming\C_8655.dll 2013-10-29 12:23:41 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb1dce88-c0a8-4959-9720-01c753a99f14}\mpengine.dll 2013-10-09 08:08:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-10-09 08:08:00 2876928 ----a-w- c:\windows\system32\jscript9.dll 2013-10-09 08:08:00 217600 ----a-w- c:\program files\internet explorer\sqmapi.dll 2013-10-09 08:08:00 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll 2013-10-08 19:12:32 530432 ----a-w- c:\windows\system32\comctl32.dll . ==================== Find3M ==================== . 2013-10-09 08:00:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-09 08:00:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll 2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-09-03 19:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll 2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll 2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 10:21:49.11 =============== DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/21/2012 1:19:43 PM System Uptime: 10/30/2013 9:53:38 AM (1 hours ago) . Motherboard: Hewlett-Packard | | 0AC8h Processor: Dual-Core AMD Opteron Processor 1212 | XU1 PROCESSOR | 2000/1000mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 8.986 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: CDC Serial Device ID: USB\VID_04E8&PID_6860&MI_01\6&BA337AC&2&0001 Manufacturer: Name: CDC Serial PNP Device ID: USB\VID_04E8&PID_6860&MI_01\6&BA337AC&2&0001 Service: . ==== System Restore Points =================== . RP133: 10/29/2013 9:43:00 AM - Removed Apple Software Update RP134: 10/29/2013 11:09:40 PM - Removed Java 7 Update 9 RP135: 10/29/2013 11:10:19 PM - Removed Java 7 Update 9 . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Belarc Advisor 8.3 Bonjour ESET Online Scanner v3 GIMP Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Jarte 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Office Word Viewer 2003 Microsoft Silverlight Mozilla Firefox 25.0 (x86 en-US) Mozilla Maintenance Service Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) SparkTrust PC Cleaner Plus Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 10/29/2013 8:22:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 10/29/2013 5:08:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/29/2013 4:40:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/29/2013 4:40:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/29/2013 4:40:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/29/2013 4:40:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/29/2013 4:40:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/29/2013 4:39:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 . ==== End Of File ===========================
- October 30, 2013
- 15 replies

Sign In

mariajt

Posts

Joined

Last visited

Reputation

google redirect

google redirect

google redirect

google redirect

google redirect

google redirect

google redirect

google redirect

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information