Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

interpol virus!


  • This topic is locked This topic is locked
35 replies to this topic

#1 tigre13

tigre13

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 07:24 AM

hi, I can not remove the interpol virus, my computer is completely blocked, the virus is also found in safe mode, I can only work with the command prompt, bellow is the result of scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 03
Ran by SYSTEM on MINWINPC on 10-12-2013 11:18:15
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-20] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-20] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-04] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-24] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnMonitor] - C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe [401408 2009-06-18] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [626688 2010-12-01] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\teodora\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\teodora\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\teodora\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-11-10] (Yahoo! Inc.)
HKU\teodora\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\teodora\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe
HKU\teodora\...\Run: [L09IXLRD_17551422] - "C:\Program Files\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
HKU\teodora\...\Run: [L09AXLRD_6209806] - C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE [ 2008-06-03] (Microsoft Corporation)
HKU\teodora\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] - "C:\Program Files\Chiavetta Internet\UpdateDog\ouc.exe"
HKU\teodora\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)
HKU\teodora\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2013-08-27] (TomTom)
HKU\teodora\...\RunOnce: [hu0ig] - C:\ProgramData\oktduvt\ydfrsb.exe [ 2013-12-07] (ViewDev Software)
HKU\teodora\...\Winlogon: [Shell] C:\ProgramData\kmcx\aoor.exe,explorer.exe <==== ATTENTION 
AppInit_DLLs: C:\Program Files\BrowseToSave\sprotector.dll [ 2013-01-24] ()
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
ShortcutTarget: Continue  otshot Installation.lnk -> C:\Program Files\otshot\otshotmainfile.exe ()
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
ShortcutTarget: Orion.lnk -> C:\Program Files\Convesoft\Orion\Messenger.exe (No File)
 
========================== Services (Whitelisted) =================
 
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2013-02-09] ()
S2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-05-26] (Samsung Electronics Co., Ltd.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
 
==================== Drivers (Whitelisted) ====================
 
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-02-09] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2013-02-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-02-09] (Huawei Technologies Co., Ltd.)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 pmx3gmdm; C:\Windows\System32\DRIVERS\pmx3gmdm.sys [103552 2009-03-25] (Olivetti)
S3 pmx3gnet; C:\Windows\System32\DRIVERS\pmx3gnet.sys [116736 2009-03-25] (Olivetti)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2008-10-22] (TCT International Mobile Ltd)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [248320 2007-05-20] (Realtek Semiconductor Corporation                           )
S1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [x]
S3 ONDAusbnet; system32\DRIVERS\ONDAusbnet.sys [x]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [x]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-09 15:11 - 2013-12-09 15:11 - 00000000 ____D C:\FRST
2013-12-07 13:52 - 2013-12-09 13:13 - 00000000 ____D C:\ProgramData\acbcn
2013-12-07 13:52 - 2013-12-08 13:08 - 00000000 ____D C:\ProgramData\faahci
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\oktduvt
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\kmcx
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\dsssmk
2013-12-07 13:50 - 2013-12-09 13:13 - 00000000 ____D C:\ProgramData\lwmq
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-07 09:16 - 2013-12-07 09:21 - 00000000 ____D C:\Program Files\VideoPlayer
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\Documents\Optimizer Pro
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Optimizer Pro
2013-12-07 09:15 - 2013-12-07 09:28 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-07 09:13 - 2013-12-07 09:28 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 09:13 - 2013-12-07 09:28 - 00000000 ____D C:\Program Files\Storimbo
2013-12-02 07:12 - 2013-12-02 07:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 07:12 - 2013-12-02 07:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-26 11:31 - 2013-11-26 11:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
 
==================== One Month Modified Files and Folders =======
 
2013-12-09 15:11 - 2013-12-09 15:11 - 00000000 ____D C:\FRST
2013-12-09 13:13 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\acbcn
2013-12-09 13:13 - 2013-12-07 13:50 - 00000000 ____D C:\ProgramData\lwmq
2013-12-09 13:13 - 2006-11-02 04:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 13:13 - 2006-11-02 04:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 12:22 - 2009-02-25 00:42 - 00661860 _____ C:\Windows\System32\perfh010.dat
2013-12-09 12:22 - 2009-02-25 00:42 - 00119742 _____ C:\Windows\System32\perfc010.dat
2013-12-09 12:22 - 2006-11-02 02:33 - 01461438 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-09 07:57 - 2009-10-16 00:08 - 00007160 _____ C:\Users\teodora\AppData\Local\d3d9caps.dat
2013-12-08 21:38 - 2009-10-13 23:21 - 00000000 ____D C:\users\teodora
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-12-08 21:38 - 2006-11-02 02:22 - 39583744 _____ C:\Windows\System32\config\software_previous
2013-12-08 21:38 - 2006-11-02 02:22 - 29360128 _____ C:\Windows\System32\config\system_previous
2013-12-08 21:35 - 2006-11-02 02:22 - 32243712 _____ C:\Windows\System32\config\components_previous
2013-12-08 21:35 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2013-12-08 13:08 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\faahci
2013-12-08 12:32 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous
2013-12-08 12:32 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-12-08 12:30 - 2009-08-05 07:31 - 01752048 _____ C:\Windows\WindowsUpdate.log
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\oktduvt
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\kmcx
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\dsssmk
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-07 10:38 - 2013-06-03 11:11 - 00001889 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 09:28 - 2013-12-07 09:15 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-07 09:28 - 2013-12-07 09:13 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 09:28 - 2013-12-07 09:13 - 00000000 ____D C:\Program Files\Storimbo
2013-12-07 09:21 - 2013-12-07 09:16 - 00000000 ____D C:\Program Files\VideoPlayer
2013-12-07 09:21 - 2013-03-14 07:17 - 00001022 _____ C:\Windows\KB893803v2.log
2013-12-07 09:18 - 2013-10-26 04:50 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\Documents\Optimizer Pro
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Optimizer Pro
2013-12-07 09:13 - 2013-03-14 07:14 - 00000000 ____D C:\Users\teodora\AppData\Local\Lollipop
2013-12-02 12:54 - 2011-11-07 06:05 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Skype
2013-12-02 10:54 - 2011-11-07 06:05 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 07:12 - 2013-12-02 07:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 07:12 - 2013-12-02 07:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-29 10:10 - 2009-10-14 08:13 - 00138752 _____ C:\Users\teodora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-28 12:09 - 2012-06-11 10:15 - 00000000 ____D C:\Users\teodora\AppData\Roaming\uTorrent
2013-11-28 08:07 - 2013-11-07 11:35 - 1719664640 _____ C:\Users\teodora\Downloads\Sole.A.Catinelle.iTALiAN.MD.TELESYNC.XviD-BmA.avi
2013-11-26 11:31 - 2013-11-26 11:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
2013-11-21 03:35 - 2008-01-20 18:47 - 01399444 _____ C:\Windows\PFRO.log
2013-11-11 12:11 - 2013-03-22 07:44 - 00000000 ____D C:\ProgramData\eSafe
2013-11-10 20:50 - 2012-10-10 02:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\teodora\AppData\Local\Temp\26337-669629-adobe-reader.exe
C:\Users\teodora\AppData\Local\Temp\34881-666577-gimp.exe
C:\Users\teodora\AppData\Local\Temp\ApnIC.dll
C:\Users\teodora\AppData\Local\Temp\ApnStub.exe
C:\Users\teodora\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\askToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\dealply.exe
C:\Users\teodora\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\teodora\AppData\Local\Temp\iet427.tmp.exe
C:\Users\teodora\AppData\Local\Temp\iMesh_setup.exe
C:\Users\teodora\AppData\Local\Temp\Iminent.exe
C:\Users\teodora\AppData\Local\Temp\Installhelper.dll
C:\Users\teodora\AppData\Local\Temp\instloffer.exe
C:\Users\teodora\AppData\Local\Temp\Java.exe
C:\Users\teodora\AppData\Local\Temp\mgsqlite3.dll
C:\Users\teodora\AppData\Local\Temp\MSETUP4.EXE
C:\Users\teodora\AppData\Local\Temp\msgC65A.exe
C:\Users\teodora\AppData\Local\Temp\Nokia_PC_Suite_ita.exe
C:\Users\teodora\AppData\Local\Temp\nsg86FB.tmp.exe
C:\Users\teodora\AppData\Local\Temp\NSISCodec.dll
C:\Users\teodora\AppData\Local\Temp\OB.exe
C:\Users\teodora\AppData\Local\Temp\oi_{80A4AA2B-CDAC-42BD-AAC5-C55EB2C99179}.exe
C:\Users\teodora\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\teodora\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\teodora\AppData\Local\Temp\SkypeSetup.exe
C:\Users\teodora\AppData\Local\Temp\Softonic_s_Eng7.exe
C:\Users\teodora\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\teodora\AppData\Local\Temp\swpacksbing_717_active.exe
C:\Users\teodora\AppData\Local\Temp\Toolbar.exe
C:\Users\teodora\AppData\Local\Temp\uninst1.exe
C:\Users\teodora\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe
C:\Users\teodora\AppData\Local\Temp\wajam_install.exe
C:\Users\teodora\AppData\Local\Temp\wget.exe
C:\Users\teodora\AppData\Local\Temp\Wise_INI.dll
C:\Users\teodora\AppData\Local\Temp\_is4FE8.exe
C:\Users\teodora\AppData\Local\Temp\_isAF13.exe
C:\Users\teodora\AppData\Local\Temp\_isB412.exe
C:\Users\teodora\AppData\Local\Temp\_isDCE6.exe
C:\Users\teodora\AppData\Local\Temp\_isF9AA.exe
C:\Users\teodora\AppData\Local\Temp\_teABF7.exe
C:\Users\teodora\AppData\Local\Temp\{05C75F9E-5670-441F-83BC-EDDF981BFDE2}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\teodora\AppData\Local\Temp\{1E3F4E37-FEB0-401A-8255-E0B76DD09FB3}-26.0.1410.64_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{219F05BE-CB8A-4675-B9C3-879944BC5598}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{2D90B96D-905A-43E6-9246-452662995EF0}-chrome_installer.exe
C:\Users\teodora\AppData\Local\Temp\{32512A8F-C2FF-410A-BDFE-D231FC2F8ED2}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{4F5AA42A-B74B-46BF-A2D0-C348C0F07D3D}-22.0.1229.79_21.0.1180.89_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{582991BD-1F7F-4D32-865C-B4B34B40F587}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{58B9946A-8283-40E3-84D4-A7CDFAA10393}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{6E798164-3249-4F9D-9FE3-7E2FC7CB9F98}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{798D373E-B6E3-46F2-9B58-C663E3083CB5}-GoogleUpdateSetup.exe
C:\Users\teodora\AppData\Local\Temp\{9A3038A2-0361-491F-ABD3-277619251B66}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A569E004-85A1-4705-ABA5-7C8CADEB7E43}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A9541219-8984-41EA-8D1F-D10B574381D7}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{AD7BC0F1-97AD-4A12-B011-8447EDBD019C}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{C02E8063-D783-4AC1-9940-9CC03A1B9249}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{DFC1279B-39DE-4F3E-A7E5-B63D96CB359F}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{E7B899C5-124F-4854-9E00-3779826AD464}-23.0.1271.97_23.0.1271.95_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{F18B546B-53AF-4E42-B03D-766815CDE51B}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
22
Restore point made on: 2013-11-10 04:16:52
Restore point made on: 2013-11-11 03:54:29
Restore point made on: 2013-11-11 12:07:41
Restore point made on: 2013-11-12 00:54:22
Restore point made on: 2013-11-13 01:06:39
Restore point made on: 2013-11-14 03:59:18
Restore point made on: 2013-11-18 03:45:58
Restore point made on: 2013-11-19 11:08:41
Restore point made on: 2013-11-20 09:14:55
Restore point made on: 2013-11-21 03:58:17
Restore point made on: 2013-11-22 00:33:25
Restore point made on: 2013-11-23 08:21:52
Restore point made on: 2013-11-25 01:11:41
Restore point made on: 2013-11-27 04:06:11
Restore point made on: 2013-11-28 03:54:16
Restore point made on: 2013-11-29 00:06:35
Restore point made on: 2013-12-02 01:24:59
Restore point made on: 2013-12-04 13:14:35
Restore point made on: 2013-12-07 09:19:25
Restore point made on: 2013-12-07 09:26:02
Restore point made on: 2013-12-07 09:56:41
Restore point made on: 2013-12-08 03:18:58
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4089.9 MB
Available physical RAM: 3466.57 MB
Total Pagefile: 3714.24 MB
Available Pagefile: 3537.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.65 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:160.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.49 GB) FAT32
Drive f: (SP UFD U2) (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 2D17D39F)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-12-08 12:20
 
==================== End Of Log ============================
 
i dont know what to do after, how do i have to make the fixlist,
thanks!


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 10 December 2013 - 07:35 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\teodora\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    HKU\teodora\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe
    HKU\teodora\...\RunOnce: [hu0ig] - C:\ProgramData\oktduvt\ydfrsb.exe [ 2013-12-07] (ViewDev Software)
    HKU\teodora\...\Winlogon: [Shell] C:\ProgramData\kmcx\aoor.exe,explorer.exe <==== ATTENTION
    AppInit_DLLs: C:\Program Files\BrowseToSave\sprotector.dll [ 2013-01-24] ()
    Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
    ShortcutTarget: Continue  otshot Installation.lnk -> C:\Program Files\otshot\otshotmainfile.exe ()
    
    C:\ProgramData\oktduvt
    C:\ProgramData\kmcx
    C:\Program Files\Yahoo!\Search Protection
    C:\Program Files\BrowseToSave
    C:\Program Files\otshot
    C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
    C:\ProgramData\acbcn
    C:\ProgramData\faahci
    C:\ProgramData\oktduvt
    C:\ProgramData\kmcx
    C:\ProgramData\dsssmk
    C:\ProgramData\lwmq
    C:\Program Files\VideoPlayer
    C:\Users\teodora\Documents\Optimizer Pro
    C:\Users\teodora\AppData\Roaming\Optimizer Pro
    C:\Program Files\Optimizer Pro
    C:\ProgramData\WPM
    C:\Program Files\Storimbo
    C:\Program Files\MyPC Backup

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now boot into windows!

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 08:02 AM

 

hi, I can not remove the interpol virus, my computer is completely blocked, the virus is also found in safe mode, I can only work with the command prompt, bellow is the result of scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 03
Ran by SYSTEM on MINWINPC on 10-12-2013 11:18:15
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-20] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-20] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-04] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-24] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnMonitor] - C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe [401408 2009-06-18] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [626688 2010-12-01] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\teodora\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\teodora\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\teodora\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2009-11-10] (Yahoo! Inc.)
HKU\teodora\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\teodora\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe
HKU\teodora\...\Run: [L09IXLRD_17551422] - "C:\Program Files\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
HKU\teodora\...\Run: [L09AXLRD_6209806] - C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE [ 2008-06-03] (Microsoft Corporation)
HKU\teodora\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] - "C:\Program Files\Chiavetta Internet\UpdateDog\ouc.exe"
HKU\teodora\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)
HKU\teodora\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2013-08-27] (TomTom)
HKU\teodora\...\RunOnce: [hu0ig] - C:\ProgramData\oktduvt\ydfrsb.exe [ 2013-12-07] (ViewDev Software)
HKU\teodora\...\Winlogon: [Shell] C:\ProgramData\kmcx\aoor.exe,explorer.exe <==== ATTENTION 
AppInit_DLLs: C:\Program Files\BrowseToSave\sprotector.dll [ 2013-01-24] ()
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
ShortcutTarget: Continue  otshot Installation.lnk -> C:\Program Files\otshot\otshotmainfile.exe ()
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
ShortcutTarget: Orion.lnk -> C:\Program Files\Convesoft\Orion\Messenger.exe (No File)
 
========================== Services (Whitelisted) =================
 
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2013-02-09] ()
S2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-05-26] (Samsung Electronics Co., Ltd.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
 
==================== Drivers (Whitelisted) ====================
 
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-02-09] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2013-02-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-02-09] (Huawei Technologies Co., Ltd.)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 pmx3gmdm; C:\Windows\System32\DRIVERS\pmx3gmdm.sys [103552 2009-03-25] (Olivetti)
S3 pmx3gnet; C:\Windows\System32\DRIVERS\pmx3gnet.sys [116736 2009-03-25] (Olivetti)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2008-10-22] (TCT International Mobile Ltd)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [248320 2007-05-20] (Realtek Semiconductor Corporation                           )
S1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [x]
S3 ONDAusbnet; system32\DRIVERS\ONDAusbnet.sys [x]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [x]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-09 15:11 - 2013-12-09 15:11 - 00000000 ____D C:\FRST
2013-12-07 13:52 - 2013-12-09 13:13 - 00000000 ____D C:\ProgramData\acbcn
2013-12-07 13:52 - 2013-12-08 13:08 - 00000000 ____D C:\ProgramData\faahci
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\oktduvt
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\kmcx
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\dsssmk
2013-12-07 13:50 - 2013-12-09 13:13 - 00000000 ____D C:\ProgramData\lwmq
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-07 09:16 - 2013-12-07 09:21 - 00000000 ____D C:\Program Files\VideoPlayer
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\Documents\Optimizer Pro
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Optimizer Pro
2013-12-07 09:15 - 2013-12-07 09:28 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-07 09:13 - 2013-12-07 09:28 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 09:13 - 2013-12-07 09:28 - 00000000 ____D C:\Program Files\Storimbo
2013-12-02 07:12 - 2013-12-02 07:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 07:12 - 2013-12-02 07:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-26 11:31 - 2013-11-26 11:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
 
==================== One Month Modified Files and Folders =======
 
2013-12-09 15:11 - 2013-12-09 15:11 - 00000000 ____D C:\FRST
2013-12-09 13:13 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\acbcn
2013-12-09 13:13 - 2013-12-07 13:50 - 00000000 ____D C:\ProgramData\lwmq
2013-12-09 13:13 - 2006-11-02 04:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 13:13 - 2006-11-02 04:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 12:22 - 2009-02-25 00:42 - 00661860 _____ C:\Windows\System32\perfh010.dat
2013-12-09 12:22 - 2009-02-25 00:42 - 00119742 _____ C:\Windows\System32\perfc010.dat
2013-12-09 12:22 - 2006-11-02 02:33 - 01461438 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-09 07:57 - 2009-10-16 00:08 - 00007160 _____ C:\Users\teodora\AppData\Local\d3d9caps.dat
2013-12-08 21:38 - 2009-10-13 23:21 - 00000000 ____D C:\users\teodora
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-12-08 21:38 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-12-08 21:38 - 2006-11-02 02:22 - 39583744 _____ C:\Windows\System32\config\software_previous
2013-12-08 21:38 - 2006-11-02 02:22 - 29360128 _____ C:\Windows\System32\config\system_previous
2013-12-08 21:35 - 2006-11-02 02:22 - 32243712 _____ C:\Windows\System32\config\components_previous
2013-12-08 21:35 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2013-12-08 13:08 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\faahci
2013-12-08 12:32 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous
2013-12-08 12:32 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-12-08 12:30 - 2009-08-05 07:31 - 01752048 _____ C:\Windows\WindowsUpdate.log
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\oktduvt
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\kmcx
2013-12-07 13:52 - 2013-12-07 13:52 - 00000000 ____D C:\ProgramData\dsssmk
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 13:48 - 2013-12-07 13:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-07 10:38 - 2013-06-03 11:11 - 00001889 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 09:28 - 2013-12-07 09:15 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-07 09:28 - 2013-12-07 09:13 - 00000000 ____D C:\ProgramData\WPM
2013-12-07 09:28 - 2013-12-07 09:13 - 00000000 ____D C:\Program Files\Storimbo
2013-12-07 09:21 - 2013-12-07 09:16 - 00000000 ____D C:\Program Files\VideoPlayer
2013-12-07 09:21 - 2013-03-14 07:17 - 00001022 _____ C:\Windows\KB893803v2.log
2013-12-07 09:18 - 2013-10-26 04:50 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\Documents\Optimizer Pro
2013-12-07 09:16 - 2013-12-07 09:16 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Optimizer Pro
2013-12-07 09:13 - 2013-03-14 07:14 - 00000000 ____D C:\Users\teodora\AppData\Local\Lollipop
2013-12-02 12:54 - 2011-11-07 06:05 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Skype
2013-12-02 10:54 - 2011-11-07 06:05 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 07:12 - 2013-12-02 07:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 07:12 - 2013-12-02 07:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-29 10:10 - 2009-10-14 08:13 - 00138752 _____ C:\Users\teodora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-28 12:09 - 2012-06-11 10:15 - 00000000 ____D C:\Users\teodora\AppData\Roaming\uTorrent
2013-11-28 08:07 - 2013-11-07 11:35 - 1719664640 _____ C:\Users\teodora\Downloads\Sole.A.Catinelle.iTALiAN.MD.TELESYNC.XviD-BmA.avi
2013-11-26 11:31 - 2013-11-26 11:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 11:31 - 2013-11-26 11:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 11:30 - 2013-11-26 11:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
2013-11-21 03:35 - 2008-01-20 18:47 - 01399444 _____ C:\Windows\PFRO.log
2013-11-11 12:11 - 2013-03-22 07:44 - 00000000 ____D C:\ProgramData\eSafe
2013-11-10 20:50 - 2012-10-10 02:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\teodora\AppData\Local\Temp\26337-669629-adobe-reader.exe
C:\Users\teodora\AppData\Local\Temp\34881-666577-gimp.exe
C:\Users\teodora\AppData\Local\Temp\ApnIC.dll
C:\Users\teodora\AppData\Local\Temp\ApnStub.exe
C:\Users\teodora\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\askToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\dealply.exe
C:\Users\teodora\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\teodora\AppData\Local\Temp\iet427.tmp.exe
C:\Users\teodora\AppData\Local\Temp\iMesh_setup.exe
C:\Users\teodora\AppData\Local\Temp\Iminent.exe
C:\Users\teodora\AppData\Local\Temp\Installhelper.dll
C:\Users\teodora\AppData\Local\Temp\instloffer.exe
C:\Users\teodora\AppData\Local\Temp\Java.exe
C:\Users\teodora\AppData\Local\Temp\mgsqlite3.dll
C:\Users\teodora\AppData\Local\Temp\MSETUP4.EXE
C:\Users\teodora\AppData\Local\Temp\msgC65A.exe
C:\Users\teodora\AppData\Local\Temp\Nokia_PC_Suite_ita.exe
C:\Users\teodora\AppData\Local\Temp\nsg86FB.tmp.exe
C:\Users\teodora\AppData\Local\Temp\NSISCodec.dll
C:\Users\teodora\AppData\Local\Temp\OB.exe
C:\Users\teodora\AppData\Local\Temp\oi_{80A4AA2B-CDAC-42BD-AAC5-C55EB2C99179}.exe
C:\Users\teodora\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\teodora\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\teodora\AppData\Local\Temp\SkypeSetup.exe
C:\Users\teodora\AppData\Local\Temp\Softonic_s_Eng7.exe
C:\Users\teodora\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\teodora\AppData\Local\Temp\swpacksbing_717_active.exe
C:\Users\teodora\AppData\Local\Temp\Toolbar.exe
C:\Users\teodora\AppData\Local\Temp\uninst1.exe
C:\Users\teodora\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe
C:\Users\teodora\AppData\Local\Temp\wajam_install.exe
C:\Users\teodora\AppData\Local\Temp\wget.exe
C:\Users\teodora\AppData\Local\Temp\Wise_INI.dll
C:\Users\teodora\AppData\Local\Temp\_is4FE8.exe
C:\Users\teodora\AppData\Local\Temp\_isAF13.exe
C:\Users\teodora\AppData\Local\Temp\_isB412.exe
C:\Users\teodora\AppData\Local\Temp\_isDCE6.exe
C:\Users\teodora\AppData\Local\Temp\_isF9AA.exe
C:\Users\teodora\AppData\Local\Temp\_teABF7.exe
C:\Users\teodora\AppData\Local\Temp\{05C75F9E-5670-441F-83BC-EDDF981BFDE2}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\teodora\AppData\Local\Temp\{1E3F4E37-FEB0-401A-8255-E0B76DD09FB3}-26.0.1410.64_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{219F05BE-CB8A-4675-B9C3-879944BC5598}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{2D90B96D-905A-43E6-9246-452662995EF0}-chrome_installer.exe
C:\Users\teodora\AppData\Local\Temp\{32512A8F-C2FF-410A-BDFE-D231FC2F8ED2}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{4F5AA42A-B74B-46BF-A2D0-C348C0F07D3D}-22.0.1229.79_21.0.1180.89_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{582991BD-1F7F-4D32-865C-B4B34B40F587}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{58B9946A-8283-40E3-84D4-A7CDFAA10393}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{6E798164-3249-4F9D-9FE3-7E2FC7CB9F98}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{798D373E-B6E3-46F2-9B58-C663E3083CB5}-GoogleUpdateSetup.exe
C:\Users\teodora\AppData\Local\Temp\{9A3038A2-0361-491F-ABD3-277619251B66}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A569E004-85A1-4705-ABA5-7C8CADEB7E43}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A9541219-8984-41EA-8D1F-D10B574381D7}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{AD7BC0F1-97AD-4A12-B011-8447EDBD019C}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{C02E8063-D783-4AC1-9940-9CC03A1B9249}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{DFC1279B-39DE-4F3E-A7E5-B63D96CB359F}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{E7B899C5-124F-4854-9E00-3779826AD464}-23.0.1271.97_23.0.1271.95_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{F18B546B-53AF-4E42-B03D-766815CDE51B}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
22
Restore point made on: 2013-11-10 04:16:52
Restore point made on: 2013-11-11 03:54:29
Restore point made on: 2013-11-11 12:07:41
Restore point made on: 2013-11-12 00:54:22
Restore point made on: 2013-11-13 01:06:39
Restore point made on: 2013-11-14 03:59:18
Restore point made on: 2013-11-18 03:45:58
Restore point made on: 2013-11-19 11:08:41
Restore point made on: 2013-11-20 09:14:55
Restore point made on: 2013-11-21 03:58:17
Restore point made on: 2013-11-22 00:33:25
Restore point made on: 2013-11-23 08:21:52
Restore point made on: 2013-11-25 01:11:41
Restore point made on: 2013-11-27 04:06:11
Restore point made on: 2013-11-28 03:54:16
Restore point made on: 2013-11-29 00:06:35
Restore point made on: 2013-12-02 01:24:59
Restore point made on: 2013-12-04 13:14:35
Restore point made on: 2013-12-07 09:19:25
Restore point made on: 2013-12-07 09:26:02
Restore point made on: 2013-12-07 09:56:41
Restore point made on: 2013-12-08 03:18:58
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4089.9 MB
Available physical RAM: 3466.57 MB
Total Pagefile: 3714.24 MB
Available Pagefile: 3537.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.65 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:160.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.49 GB) FAT32
Drive f: (SP UFD U2) (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 2D17D39F)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-12-08 12:20
 
==================== End Of Log ============================
 
i dont know what to do after, how do i have to make the fixlist,
thanks!

 

 

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\teodora\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    HKU\teodora\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe
    HKU\teodora\...\RunOnce: [hu0ig] - C:\ProgramData\oktduvt\ydfrsb.exe [ 2013-12-07] (ViewDev Software)
    HKU\teodora\...\Winlogon: [Shell] C:\ProgramData\kmcx\aoor.exe,explorer.exe <==== ATTENTION
    AppInit_DLLs: C:\Program Files\BrowseToSave\sprotector.dll [ 2013-01-24] ()
    Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
    ShortcutTarget: Continue  otshot Installation.lnk -> C:\Program Files\otshot\otshotmainfile.exe ()
    
    C:\ProgramData\oktduvt
    C:\ProgramData\kmcx
    C:\Program Files\Yahoo!\Search Protection
    C:\Program Files\BrowseToSave
    C:\Program Files\otshot
    C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
    C:\ProgramData\acbcn
    C:\ProgramData\faahci
    C:\ProgramData\oktduvt
    C:\ProgramData\kmcx
    C:\ProgramData\dsssmk
    C:\ProgramData\lwmq
    C:\Program Files\VideoPlayer
    C:\Users\teodora\Documents\Optimizer Pro
    C:\Users\teodora\AppData\Roaming\Optimizer Pro
    C:\Program Files\Optimizer Pro
    C:\ProgramData\WPM
    C:\Program Files\Storimbo
    C:\Program Files\MyPC Backup
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now boot into windows!

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
 

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

 



#4 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 08:07 AM

hi marius, thanks for your reply, bellow is the filog log that you ask:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2013 03
Ran by SYSTEM at 2013-12-10 13:59:31 Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
HKU\teodora\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\teodora\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe
HKU\teodora\...\RunOnce: [hu0ig] - C:\ProgramData\oktduvt\ydfrsb.exe [ 2013-12-07] (ViewDev Software)
HKU\teodora\...\Winlogon: [Shell] C:\ProgramData\kmcx\aoor.exe,explorer.exe <==== ATTENTION
AppInit_DLLs: C:\Program Files\BrowseToSave\sprotector.dll [ 2013-01-24] ()
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
ShortcutTarget: Continue  otshot Installation.lnk -> C:\Program Files\otshot\otshotmainfile.exe ()
 
C:\ProgramData\oktduvt
C:\ProgramData\kmcx
C:\Program Files\Yahoo!\Search Protection
C:\Program Files\BrowseToSave
C:\Program Files\otshot
C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk
C:\ProgramData\acbcn
C:\ProgramData\faahci
C:\ProgramData\oktduvt
C:\ProgramData\kmcx
C:\ProgramData\dsssmk
C:\ProgramData\lwmq
C:\Program Files\VideoPlayer
C:\Users\teodora\Documents\Optimizer Pro
C:\Users\teodora\AppData\Roaming\Optimizer Pro
C:\Program Files\Optimizer Pro
C:\ProgramData\WPM
C:\Program Files\Storimbo
C:\Program Files\MyPC Backup
*****************
 
HKU\teodora\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value deleted successfully.
HKU\teodora\Software\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection => Value deleted successfully.
HKU\teodora\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hu0ig => Value deleted successfully.
HKU\teodora\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk => Moved successfully.
C:\Program Files\otshot\otshotmainfile.exe => Moved successfully.
C:\ProgramData\oktduvt => Moved successfully.
C:\ProgramData\kmcx => Moved successfully.
"C:\Program Files\Yahoo!\Search Protection" => File/Directory not found.
C:\Program Files\BrowseToSave => Moved successfully.
C:\Program Files\otshot => Moved successfully.
"C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue  otshot Installation.lnk" => File/Directory not found.
C:\ProgramData\acbcn => Moved successfully.
C:\ProgramData\faahci => Moved successfully.
"C:\ProgramData\oktduvt" => File/Directory not found.
"C:\ProgramData\kmcx" => File/Directory not found.
C:\ProgramData\dsssmk => Moved successfully.
C:\ProgramData\lwmq => Moved successfully.
C:\Program Files\VideoPlayer => Moved successfully.
C:\Users\teodora\Documents\Optimizer Pro => Moved successfully.
C:\Users\teodora\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\ProgramData\WPM => Moved successfully.
C:\Program Files\Storimbo => Moved successfully.
C:\Program Files\MyPC Backup => Moved successfully.
 
==== End of Fixlog ====


#5 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 08:34 AM

thanks a lot, i finally open my pc, here bellow is the frst.txt in normsl mode

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by teodora (administrator) on NOTEBOOK on 10-12-2013 14:18:58
Running from C:\Users\teodora\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Users\teodora\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Mobile Partner\Mobile Partner.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnMonitor] - C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe [401408 2009-06-18] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [626688 2010-12-01] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.)
HKCU\...\Run: [L09IXLRD_17551422] - "C:\Program Files\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
HKCU\...\Run: [L09AXLRD_6209806] - C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE [351000 2008-06-03] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] - "C:\Program Files\Chiavetta Internet\UpdateDog\ouc.exe"
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
MountPoints2: E - E:\setup.exe
MountPoints2: {3894bc08-b8cc-11de-9c6b-001f16b94408} - E:\autorun.exe
MountPoints2: {4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} - E:\AutoRun.exe
MountPoints2: {6aa66539-770c-11e1-8d1c-001e101fb45e} - E:\AutoRun.exe
MountPoints2: {6aa66553-770c-11e1-8d1c-001e101f0f64} - E:\AutoRun.exe
MountPoints2: {8928de60-b995-11de-8fc4-001f16b94408} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Pc.Exe
MountPoints2: {c28ef621-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {c28ef62d-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {cc85b50c-79dd-11e2-a8bf-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e0b5ea49-67a0-11e1-b18e-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcc5-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcd1-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb31e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb32c-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb34e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb359-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f3cf7812-2703-11e0-8814-001f16b94408} - E:\setup.exe
MountPoints2: {f8da394b-67a1-11e1-ac37-001e101f82a0} - E:\AutoRun.exe
MountPoints2: {fc11eb9b-7ac9-11e2-aead-001f16b94408} - E:\AutoRun.exe
MountPoints2: {ff39fa1d-72c7-11e2-b434-001f16b94408} - E:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
Startup: C:\Users\teodora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
ShortcutTarget: Orion.lnk -> C:\Program Files\Convesoft\Orion\Messenger.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=0816582C80139263&affID=119403&tsp=4966
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0809&m=aspire_5738
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/?pid=726&src=ie1&r=2013/02/25&hid=3866168918&lg=EN&cc=IT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
URLSearchHook: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} -  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - (No Name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll No File
BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
BHO: BrroWse2saove - {44FA78BF-6BFC-C705-9BBB-497DF7593E19} - C:\ProgramData\BrroWse2saove\512b866fdf6e2.dll ()
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: No Name - {7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} -  No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - PHPNukeIT Toolbar - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 193.70.152.25 212.52.97.25
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: Media Finder plugin - C:\Users\teodora\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
FF Extension: General Crawler - C:\Users\teodora\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: No Name - C:\Users\teodora\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: trtv3 - C:\Users\teodora\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\teodora\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com
FF Extension: BittorrentBar_IT Community Toolbar - \Extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "https://www.google.it/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSuggestURL:       "suggest_url": "",
CHR Extension: (Google Wallet) - C:\Users\teodora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\teodora\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2013-02-09] ()
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-05-27] (Samsung Electronics Co., Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
 
==================== Drivers (Whitelisted) ====================
 
R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-02-09] (Huawei Technologies Co., Ltd.)
R3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2013-02-09] (Huawei Technologies Co., Ltd.)
R3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-02-09] (Huawei Technologies Co., Ltd.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 pmx3gmdm; C:\Windows\System32\DRIVERS\pmx3gmdm.sys [103552 2009-03-26] (Olivetti)
S3 pmx3gnet; C:\Windows\System32\DRIVERS\pmx3gnet.sys [116736 2009-03-26] (Olivetti)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2008-10-22] (TCT International Mobile Ltd)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [248320 2007-05-21] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [x]
S3 ONDAusbnet; system32\DRIVERS\ONDAusbnet.sys [x]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [x]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-10 14:18 - 2013-12-10 14:19 - 00021513 _____ C:\Users\teodora\Downloads\FRST.txt
2013-12-10 14:18 - 2013-12-10 14:18 - 01060641 _____ (Farbar) C:\Users\teodora\Downloads\FRST.exe
2013-12-10 00:11 - 2013-12-10 00:11 - 00000000 ____D C:\FRST
2013-12-07 22:48 - 2013-12-07 22:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 22:48 - 2013-12-07 22:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-02 16:12 - 2013-12-02 16:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 16:12 - 2013-12-02 16:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-26 20:31 - 2013-11-26 20:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
 
==================== One Month Modified Files and Folders =======
 
2013-12-10 14:19 - 2013-12-10 14:18 - 00021513 _____ C:\Users\teodora\Downloads\FRST.txt
2013-12-10 14:19 - 2009-08-05 16:31 - 01759943 _____ C:\Windows\WindowsUpdate.log
2013-12-10 14:18 - 2013-12-10 14:18 - 01060641 _____ (Farbar) C:\Users\teodora\Downloads\FRST.exe
2013-12-10 14:15 - 2013-05-30 14:13 - 00000446 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59304FC2-776F-4602-9AF8-423EE33435F7}.job
2013-12-10 14:14 - 2009-02-25 09:42 - 00662846 _____ C:\Windows\system32\perfh010.dat
2013-12-10 14:14 - 2009-02-25 09:42 - 00120326 _____ C:\Windows\system32\perfc010.dat
2013-12-10 14:14 - 2006-11-02 11:33 - 01461438 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 14:11 - 2013-06-03 20:09 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 14:10 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 14:10 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 14:09 - 2013-07-27 19:17 - 00000308 _____ C:\Windows\Tasks\RtlVistaStart.job
2013-12-10 14:09 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 00:11 - 2013-12-10 00:11 - 00000000 ____D C:\FRST
2013-12-09 22:14 - 2006-11-02 14:01 - 00032464 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-09 16:57 - 2009-10-16 09:08 - 00007160 _____ C:\Users\teodora\AppData\Local\d3d9caps.dat
2013-12-09 06:38 - 2009-10-14 08:21 - 00000000 ____D C:\Users\teodora
2013-12-09 06:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-09 06:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-09 06:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-12-09 06:38 - 2006-11-02 11:22 - 39583744 _____ C:\Windows\system32\config\software_previous
2013-12-09 06:38 - 2006-11-02 11:22 - 29360128 _____ C:\Windows\system32\config\system_previous
2013-12-09 06:35 - 2006-11-02 11:22 - 32243712 _____ C:\Windows\system32\config\components_previous
2013-12-09 06:35 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-12-08 21:32 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-12-08 21:32 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-12-08 12:06 - 2013-03-04 12:30 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 11:32 - 2013-06-03 20:09 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 22:48 - 2013-12-07 22:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv.zip
2013-12-07 22:48 - 2013-12-07 22:48 - 00178906 _____ C:\Users\teodora\Downloads\movie1080p.mkv (1).zip
2013-12-07 19:38 - 2013-06-03 20:11 - 00001889 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 18:21 - 2013-03-14 16:17 - 00001022 _____ C:\Windows\KB893803v2.log
2013-12-07 18:13 - 2013-03-14 16:14 - 00000000 ____D C:\Users\teodora\AppData\Local\Lollipop
2013-12-02 21:54 - 2011-11-07 15:05 - 00000000 ____D C:\Users\teodora\AppData\Roaming\Skype
2013-12-02 19:54 - 2011-11-07 15:05 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 16:12 - 2013-12-02 16:12 - 00010752 _____ C:\Users\teodora\Downloads\Conti.xls
2013-12-02 16:12 - 2013-12-02 16:12 - 00002635 _____ C:\Users\teodora\Downloads\Conti.wri
2013-11-29 19:10 - 2009-10-14 17:13 - 00138752 _____ C:\Users\teodora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-29 12:33 - 2011-11-21 12:34 - 00000252 _____ C:\Windows\Tasks\OfferBoxUpdate.job
2013-11-28 21:09 - 2012-06-11 19:15 - 00000000 ____D C:\Users\teodora\AppData\Roaming\uTorrent
2013-11-28 17:07 - 2013-11-07 20:35 - 1719664640 _____ C:\Users\teodora\Downloads\Sole.A.Catinelle.iTALiAN.MD.TELESYNC.XviD-BmA.avi
2013-11-26 20:31 - 2013-11-26 20:31 - 00555090 _____ C:\Users\teodora\Downloads\image (10).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00433958 _____ C:\Users\teodora\Downloads\image (8).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00420619 _____ C:\Users\teodora\Downloads\image (7).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00374035 _____ C:\Users\teodora\Downloads\image (6).jpeg
2013-11-26 20:31 - 2013-11-26 20:31 - 00299400 _____ C:\Users\teodora\Downloads\image (9).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00452264 _____ C:\Users\teodora\Downloads\image (4).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00445128 _____ C:\Users\teodora\Downloads\image (3).jpeg
2013-11-26 20:30 - 2013-11-26 20:30 - 00341911 _____ C:\Users\teodora\Downloads\image (5).jpeg
2013-11-21 12:35 - 2008-01-21 03:47 - 01399444 _____ C:\Windows\PFRO.log
2013-11-11 21:11 - 2013-03-22 16:44 - 00000000 ____D C:\ProgramData\eSafe
2013-11-11 05:50 - 2012-10-10 11:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\teodora\AppData\Local\Temp\26337-669629-adobe-reader.exe
C:\Users\teodora\AppData\Local\Temp\34881-666577-gimp.exe
C:\Users\teodora\AppData\Local\Temp\ApnIC.dll
C:\Users\teodora\AppData\Local\Temp\ApnStub.exe
C:\Users\teodora\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\askToolbarInstaller.exe
C:\Users\teodora\AppData\Local\Temp\dealply.exe
C:\Users\teodora\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\teodora\AppData\Local\Temp\iet427.tmp.exe
C:\Users\teodora\AppData\Local\Temp\iMesh_setup.exe
C:\Users\teodora\AppData\Local\Temp\Iminent.exe
C:\Users\teodora\AppData\Local\Temp\Installhelper.dll
C:\Users\teodora\AppData\Local\Temp\instloffer.exe
C:\Users\teodora\AppData\Local\Temp\Java.exe
C:\Users\teodora\AppData\Local\Temp\mgsqlite3.dll
C:\Users\teodora\AppData\Local\Temp\MSETUP4.EXE
C:\Users\teodora\AppData\Local\Temp\msgC65A.exe
C:\Users\teodora\AppData\Local\Temp\Nokia_PC_Suite_ita.exe
C:\Users\teodora\AppData\Local\Temp\nsg86FB.tmp.exe
C:\Users\teodora\AppData\Local\Temp\NSISCodec.dll
C:\Users\teodora\AppData\Local\Temp\OB.exe
C:\Users\teodora\AppData\Local\Temp\oi_{80A4AA2B-CDAC-42BD-AAC5-C55EB2C99179}.exe
C:\Users\teodora\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\teodora\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\teodora\AppData\Local\Temp\SkypeSetup.exe
C:\Users\teodora\AppData\Local\Temp\Softonic_s_Eng7.exe
C:\Users\teodora\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\teodora\AppData\Local\Temp\swpacksbing_717_active.exe
C:\Users\teodora\AppData\Local\Temp\Toolbar.exe
C:\Users\teodora\AppData\Local\Temp\uninst1.exe
C:\Users\teodora\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe
C:\Users\teodora\AppData\Local\Temp\wajam_install.exe
C:\Users\teodora\AppData\Local\Temp\wget.exe
C:\Users\teodora\AppData\Local\Temp\Wise_INI.dll
C:\Users\teodora\AppData\Local\Temp\_is4FE8.exe
C:\Users\teodora\AppData\Local\Temp\_isAF13.exe
C:\Users\teodora\AppData\Local\Temp\_isB412.exe
C:\Users\teodora\AppData\Local\Temp\_isDCE6.exe
C:\Users\teodora\AppData\Local\Temp\_isF9AA.exe
C:\Users\teodora\AppData\Local\Temp\_teABF7.exe
C:\Users\teodora\AppData\Local\Temp\{05C75F9E-5670-441F-83BC-EDDF981BFDE2}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\teodora\AppData\Local\Temp\{1E3F4E37-FEB0-401A-8255-E0B76DD09FB3}-26.0.1410.64_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{219F05BE-CB8A-4675-B9C3-879944BC5598}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{2D90B96D-905A-43E6-9246-452662995EF0}-chrome_installer.exe
C:\Users\teodora\AppData\Local\Temp\{32512A8F-C2FF-410A-BDFE-D231FC2F8ED2}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{4F5AA42A-B74B-46BF-A2D0-C348C0F07D3D}-22.0.1229.79_21.0.1180.89_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{582991BD-1F7F-4D32-865C-B4B34B40F587}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{58B9946A-8283-40E3-84D4-A7CDFAA10393}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{6E798164-3249-4F9D-9FE3-7E2FC7CB9F98}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{798D373E-B6E3-46F2-9B58-C663E3083CB5}-GoogleUpdateSetup.exe
C:\Users\teodora\AppData\Local\Temp\{9A3038A2-0361-491F-ABD3-277619251B66}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A569E004-85A1-4705-ABA5-7C8CADEB7E43}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{A9541219-8984-41EA-8D1F-D10B574381D7}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{AD7BC0F1-97AD-4A12-B011-8447EDBD019C}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{C02E8063-D783-4AC1-9940-9CC03A1B9249}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{DFC1279B-39DE-4F3E-A7E5-B63D96CB359F}-26.0.1410.43_25.0.1364.172_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{E7B899C5-124F-4854-9E00-3779826AD464}-23.0.1271.97_23.0.1271.95_chrome_updater.exe
C:\Users\teodora\AppData\Local\Temp\{F18B546B-53AF-4E42-B03D-766815CDE51B}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-10 14:20
 
==================== End Of Log ============================
 
 
and here is the addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by teodora at 2013-12-10 14:25:29
Running from C:\Users\teodora\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.1.3)
Acer Arcade Deluxe (Version: 2.5.6121)
Acer Backup Manager (Version: 1.0.0.58)
Acer Crystal Eye Webcam (Version: 5.0.7.1)
Acer eRecovery Management (Version: 4.00.3008)
Acer GridVista (Version: 2.72.317)
Acer PowerSmart Manager (Version: 4.01.3016)
Acer ScreenSaver (Version: 1.0.0.0226)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.0) - Italiano (Version: 10.1.0)
Agere Systems HDA Modem
Alice Mobile Olicard 100 (Version: 1.0.3.0)
ArcSoft PhotoStudio 5.5
ATI Catalyst Install Manager (Version: 3.0.728.0)
Backup Manager Basic (Version: 1.0.0.58)
Broadcom Gigabit NetLink Controller (Version: 11.34.02)
BrowseToSave 1.74 <==== ATTENTION
BrroWse2saove (Version: )
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0602.2224.38408)
Catalyst Control Center Graphics Full Existing (Version: 2009.0602.2224.38408)
Catalyst Control Center Graphics Full New (Version: 2009.0602.2224.38408)
Catalyst Control Center Graphics Light (Version: 2009.0602.2224.38408)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0602.2224.38408)
Catalyst Control Center Localization All (Version: 2009.0602.2224.38408)
CCC Help Chinese Standard (Version: 2009.0602.2223.38408)
CCC Help Chinese Traditional (Version: 2009.0602.2223.38408)
CCC Help Czech (Version: 2009.0602.2223.38408)
CCC Help Danish (Version: 2009.0602.2223.38408)
CCC Help Dutch (Version: 2009.0602.2223.38408)
CCC Help English (Version: 2009.0602.2223.38408)
CCC Help Finnish (Version: 2009.0602.2223.38408)
CCC Help French (Version: 2009.0602.2223.38408)
CCC Help German (Version: 2009.0602.2223.38408)
CCC Help Greek (Version: 2009.0602.2223.38408)
CCC Help Hungarian (Version: 2009.0602.2223.38408)
CCC Help Italian (Version: 2009.0602.2223.38408)
CCC Help Japanese (Version: 2009.0602.2223.38408)
CCC Help Korean (Version: 2009.0602.2223.38408)
CCC Help Norwegian (Version: 2009.0602.2223.38408)
CCC Help Polish (Version: 2009.0602.2223.38408)
CCC Help Portuguese (Version: 2009.0602.2223.38408)
CCC Help Russian (Version: 2009.0602.2223.38408)
CCC Help Spanish (Version: 2009.0602.2223.38408)
CCC Help Swedish (Version: 2009.0602.2223.38408)
CCC Help Thai (Version: 2009.0602.2223.38408)
CCC Help Turkish (Version: 2009.0602.2223.38408)
ccc-core-static (Version: 2009.0602.2224.38408)
ccc-utility (Version: 2009.0602.2224.38408)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Easy-WebPrint
Egypt Ball (Version: 1.0)
Evviva gli Scacchi!
GOM Player (Version: 2.1.50.5145)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
Jewel Quest Solitaire 2
Junk Mail filter update (Version: 14.0.8117.416)
jZip
Launch Manager (Version: 2.0.10)
Manutenzione Samsung SCX-4623 Series
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Math (Version: 2007)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009 (Version: 2009)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 21.005.20.08.51)
MSVC80_x86 (Version: 1.0.1.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MyWinLocker (Version: 3.1.59.0)
NTI Backup Now 5 (Version: 5.1.2.616)
NTI Backup Now Standard (Version: 5.1.2.616)
NTI Media Maker 8 (Version: 8.0.2.6509)
OJOsoft Total Video Converter (Version: 2.7.6.0419)
Owl and Mouse Africa Map Puzzle
Owl and Mouse Asia Map Puzzle
Owl and Mouse Australia and S.E. Asia Map Puzzle
Owl and Mouse Canada Map Puzzle
Owl and Mouse Central America Map Puzzle
Owl and Mouse Europe Map Puzzle
Owl and Mouse Middle East Map Puzzle
Owl and Mouse North America Map Puzzle
Owl and Mouse South America Map Puzzle
Owl and Mouse U.S. Map Puzzle
Owl and Mouse World Features Map Puzzle
Owl and Mouse World Monuments Map Puzzle
PHPNukeIT Toolbar (Version: )
PictureProject (Version: 1.0)
PM Stitch Creator 3 Trial
Raccolta foto di Windows Live (Version: 14.0.8117.416)
Realtek High Definition Audio Driver (Version: 6.0.1.5794)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20113)
REALTEK USB Wireless LAN Driver and Utility (Version: 1.00.0000)
Registrazione utente Canon MP160
Registrazione utente Canon MP250 series
Samsung Network PC Fax (Version: 1.4.29.0)
Samsung PC Studio (Version: 3.0.0.50907)
Skins (Version: 2009.0602.2224.38408)
Skype Click to Call (Version: 6.11.13348)
Skype™ 6.9 (Version: 6.9.106)
Strumento di caricamento di Windows Live (Version: 14.0.8014.1029)
Synaptics Pointing Device Driver (Version: 12.1.0.0)
TomTom HOME (Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Tri-Peaks Solitaire To Go
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Writer (Version: 14.0.8117.0416)
Yahoo! Messenger
 
==================== Restore Points  =========================
 
10-11-2013 12:16:34 Punto di controllo pianificato
11-11-2013 11:54:11 Punto di controllo pianificato
11-11-2013 20:07:27 Operazione di ripristino
12-11-2013 08:54:05 Operazione di ripristino
13-11-2013 09:06:23 Punto di controllo pianificato
14-11-2013 11:58:51 Windows Update
18-11-2013 11:45:33 Windows Update
19-11-2013 19:08:26 Punto di controllo pianificato
20-11-2013 17:14:39 Punto di controllo pianificato
21-11-2013 11:57:50 Windows Update
22-11-2013 08:33:09 Punto di controllo pianificato
23-11-2013 16:21:26 Windows Update
25-11-2013 09:11:25 Punto di controllo pianificato
27-11-2013 12:05:52 Punto di controllo pianificato
28-11-2013 11:54:01 Punto di controllo pianificato
29-11-2013 08:06:10 Windows Update
02-12-2013 09:24:42 Punto di controllo pianificato
04-12-2013 21:14:09 Windows Update
07-12-2013 17:18:50 Windows Update
07-12-2013 17:25:59 Operazione di ripristino
07-12-2013 17:56:28 Windows Update
08-12-2013 11:18:44 Punto di controllo pianificato
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0376FEC7-768A-43DA-9807-F975447A7ADA} - System32\Tasks\Microsoft\Windows\RestartManager\{7E258F2F-C5B8-4c1a-AD75-366902119166} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2263A3CA-0B35-4870-890C-3502ED808FA8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - teodora => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {28F8E5B1-E552-4F84-B360-DA41ADCE3763} - System32\Tasks\RtlVistaStart => C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2007-05-18] (Realtek Semiconductor Corp.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35B82E46-5E46-4F96-A2C2-98D8A6928D94} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {78046F07-FD7F-415E-8CC6-37759F2B2C8B} - System32\Tasks\OfferBoxUpdate => C:\Program Files\OfferBox\OfferBox.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {A9642936-AB02-4F82-8B24-2DF2C228557B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {B9497D2F-316A-4306-8876-85196834E9E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {D907C6F6-2E5D-48DF-88B0-B9F20965A51F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E7C01F54-8536-4CC3-9DE6-CA46E0EC9FEB} - System32\Tasks\DSite => C:\Users\teodora\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} - System32\Tasks\RunAsStdUser Task => C:\Program Files\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe
Task: {FE1D81B0-5B74-4DD2-AA69-EF625BB17E7B} - System32\Tasks\{04E1A9C6-2353-46F6-9E61-D56BE7A4B53C} => Chrome.exe http://ui.skype.com/ui/0/6.11.59.102/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\teodora\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OfferBoxUpdate.job => C:\Program Files\OfferBox\OfferBox.exe
Task: C:\Windows\Tasks\RtlVistaStart.job => C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{59304FC2-776F-4602-9AF8-423EE33435F7}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2013-07-27 19:16 - 2006-10-26 21:30 - 00131072 ____R () C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll
2009-08-06 01:13 - 2009-06-03 08:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-08-06 01:14 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2012-10-22 12:35 - 2009-06-18 10:33 - 00237568 _____ () C:\Program Files\Alice Mobile Olicard 100\Monitor.dll
2008-06-03 11:07 - 2008-06-03 11:07 - 00269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2009\ERSREGPR.DLL
2008-06-03 11:07 - 2008-06-03 11:07 - 00228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2009\MSENCDAT.DLL
2008-06-03 11:07 - 2008-06-03 11:07 - 00178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2009\ENCCONT.DLL
2008-06-03 11:07 - 2008-06-03 11:07 - 00351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2009\MSENCXML.DLL
2008-06-03 11:06 - 2008-06-03 11:06 - 00068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICTEIT.EBK
2013-02-09 15:07 - 2013-02-09 15:07 - 00430080 _____ () C:\Program Files\Mobile Partner\core.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00264192 _____ () C:\Program Files\Mobile Partner\sdk.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00011362 _____ () C:\Program Files\Mobile Partner\mingwm10.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00043008 _____ () C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 02415104 _____ () C:\Program Files\Mobile Partner\QtCore4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 09515520 _____ () C:\Program Files\Mobile Partner\QtGui4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00382464 _____ () C:\Program Files\Mobile Partner\Proxy.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00219648 _____ () C:\Program Files\Mobile Partner\Common.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00135168 _____ () C:\Program Files\Mobile Partner\Trace.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00545280 _____ () C:\Program Files\Mobile Partner\PluginContainer.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00238080 _____ () C:\Program Files\Mobile Partner\AtCodec.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00304128 _____ () C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00238080 _____ () C:\Program Files\Mobile Partner\NetSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00133120 _____ () C:\Program Files\Mobile Partner\OSDialup.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00160256 _____ () C:\Program Files\Mobile Partner\XCodec.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00157184 _____ () C:\Program Files\Mobile Partner\DataServicePlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00176128 _____ () C:\Program Files\Mobile Partner\CallSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00264704 _____ () C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00217600 _____ () C:\Program Files\Mobile Partner\SmsSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00142336 _____ () C:\Program Files\Mobile Partner\USSDSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00156672 _____ () C:\Program Files\Mobile Partner\STKSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00154624 _____ () C:\Program Files\Mobile Partner\GpsSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00339968 _____ () C:\Program Files\Mobile Partner\DeviceAppPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00065536 _____ () C:\Program Files\Mobile Partner\OSPowerMgr.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00114688 _____ () C:\Program Files\Mobile Partner\Win7Support.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 01078272 _____ () C:\Program Files\Mobile Partner\AddrBookPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00670720 _____ () C:\Program Files\Mobile Partner\SmsAppPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00182272 _____ () C:\Program Files\Mobile Partner\CallAppPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00547840 _____ () C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00158720 _____ () C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00211968 _____ () C:\Program Files\Mobile Partner\DialUpPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00101888 _____ () C:\Program Files\Mobile Partner\OSAdapt.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00180736 _____ () C:\Program Files\Mobile Partner\NDISPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00131072 _____ () C:\Program Files\Mobile Partner\OSNDIS.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 01101824 _____ () C:\Program Files\Mobile Partner\NDISAPI.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00303104 _____ () C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00062976 _____ () C:\Program Files\Mobile Partner\OSCall.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00539648 _____ () C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00398336 _____ () C:\Program Files\Mobile Partner\QtXml4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00184832 _____ () C:\Program Files\Mobile Partner\XFramePlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00123392 _____ () C:\Program Files\Mobile Partner\ATR2SMgr.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00646144 _____ () C:\Program Files\Mobile Partner\CallUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00093184 _____ () C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00309760 _____ () C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00117760 _____ () C:\Program Files\Mobile Partner\LayoutPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00445952 _____ () C:\Program Files\Mobile Partner\DialupUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00335360 _____ () C:\Program Files\Mobile Partner\NetConnectPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00303616 _____ () C:\Program Files\Mobile Partner\MenuMgrPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00386560 _____ () C:\Program Files\Mobile Partner\USSDUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00527360 _____ () C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00824320 _____ () C:\Program Files\Mobile Partner\SMSUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00771584 _____ () C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00406528 _____ () C:\Program Files\Mobile Partner\CallLogUIPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00211456 _____ () C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00693760 _____ () C:\Program Files\Mobile Partner\LiveUpdateInterface.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 01148416 _____ () C:\Program Files\Mobile Partner\QtNetwork4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00082944 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00081920 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00192000 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00350720 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll
2013-02-09 15:07 - 2013-02-09 15:07 - 00370176 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll
2009-08-05 16:39 - 2009-08-05 16:39 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-03-31 16:45 - 2009-03-31 16:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-05 16:39 - 2009-08-05 16:39 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-17 11:26 - 2009-11-10 15:39 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-12-07 19:38 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 19:38 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 19:38 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: isatap.{327A83A3-F8FB-4305-A4D7-84D3998B1EA7}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2013 02:10:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 10:13:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:50:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:29:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:28:42 PM) (Source: Software Licensing Service) (User: )
Description: Impossibile avviare il Servizio gestione licenze software. hr=0x80070002, [2, 4]
 
Error: (12/09/2013 09:19:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 04:57:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 03:52:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 01:04:09 PM) (Source: Software Licensing Service) (User: )
Description: Impossibile avviare il Servizio gestione licenze software. hr=0x80070002, [2, 4]
 
Error: (12/09/2013 01:01:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/10/2013 02:17:57 PM) (Source: Dhcp) (User: )
Description: Il lease 10.38.119.26 dell'indirizzo IP della scheda di rete con indirizzo 582C80139263 è stato negato dal server DHCP 10.16.19.33. Il server DHCP ha inviato un messaggio DHCPNACK.
 
Error: (12/10/2013 02:15:48 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
 
Error: (12/10/2013 02:14:05 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection
 
Error: (12/10/2013 02:10:07 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
 
Error: (12/10/2013 02:10:07 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
 
Error: (12/10/2013 02:10:07 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20
 
Error: (12/10/2013 02:10:07 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (12/10/2013 02:09:46 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (12/09/2013 10:13:33 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
 
Error: (12/09/2013 10:13:33 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
 
 
Microsoft Office Sessions:
=========================
Error: (12/10/2013 02:10:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 10:13:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:50:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:29:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 09:28:42 PM) (Source: Software Licensing Service)(User: )
Description: hr=0x80070002, [2, 4]
 
Error: (12/09/2013 09:19:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 04:57:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 03:52:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2013 01:04:09 PM) (Source: Software Licensing Service)(User: )
Description: hr=0x80070002, [2, 4]
 
Error: (12/09/2013 01:01:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-20 08:46:24.185
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2013-02-20 08:46:24.168
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:08.636
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:08.501
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:08.365
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:08.217
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:08.081
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:07.946
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:07.811
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2012-09-26 11:19:07.674
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 3065.9 MB
Available physical RAM: 1795.59 MB
Total Pagefile: 6350.09 MB
Available Pagefile: 4952.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.46 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:160.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Mobile Partner) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 2D17D39F)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
now i must scan again with malwarebytes anti-rootkit, right?
 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 10 December 2013 - 09:04 AM

right! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 09:43 AM

hi again, in attached files there is the malwarebytes scan result

Attached Files



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 10 December 2013 - 10:26 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

PHPNukeIT Toolbar
BrowseToSave
BrroWse2saove


Close the window.

 

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    [code=auto:0]MountPoints2: E - E:\setup.exe
    MountPoints2: {3894bc08-b8cc-11de-9c6b-001f16b94408} - E:\autorun.exe
    MountPoints2: {4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} - E:\AutoRun.exe
    MountPoints2: {6aa66539-770c-11e1-8d1c-001e101fb45e} - E:\AutoRun.exe
    MountPoints2: {6aa66553-770c-11e1-8d1c-001e101f0f64} - E:\AutoRun.exe
    MountPoints2: {8928de60-b995-11de-8fc4-001f16b94408} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Pc.Exe
    MountPoints2: {c28ef621-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {c28ef62d-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {cc85b50c-79dd-11e2-a8bf-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {e0b5ea49-67a0-11e1-b18e-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {e496fcc5-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {e496fcd1-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {f16bb31e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {f16bb32c-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {f16bb34e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {f16bb359-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {f3cf7812-2703-11e0-8814-001f16b94408} - E:\setup.exe
    MountPoints2: {f8da394b-67a1-11e1-ac37-001e101f82a0} - E:\AutoRun.exe
    MountPoints2: {fc11eb9b-7ac9-11e2-aead-001f16b94408} - E:\AutoRun.exe
    MountPoints2: {ff39fa1d-72c7-11e2-b434-001f16b94408} - E:\AutoRun.exe
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=0816582C80139263&affID=119403&tsp=4966
    URLSearchHook: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
    URLSearchHook: HKCU - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
    URLSearchHook: HKCU - (No Name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} -  No File
    URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
    URLSearchHook: HKCU - (No Name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} -  No File
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    SearchScopes: HKLM - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={searchTerms}&pid=726&src=ie2&r=2013/02/25&hid=3866168918&lg=EN&cc=IT
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
    SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    SearchScopes: HKCU - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={searchTerms}&pid=726&src=ie2&r=2013/02/25&hid=3866168918&lg=EN&cc=IT
    SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0816582C80139263&affID=119403&tsp=4966
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYYYIT&apn_uid=A6D32FE6-C134-4347-A3D1-79F9C98E034A&apn_sauid=58DE167B-4B38-41FE-B1B4-8055DE9F35F6
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://it.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111148,16998,0,8,0
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
    BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
    BHO: BrroWse2saove - {44FA78BF-6BFC-C705-9BBB-497DF7593E19} - C:\ProgramData\BrroWse2saove\512b866fdf6e2.dll ()
    BHO: No Name - {7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} -  No File
    Toolbar: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - PHPNukeIT Toolbar - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} -  No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} -  No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    FF Extension: Conduit Engine  - \Extensions\engine@conduit.com
    FF Extension: BittorrentBar_IT Community Toolbar - \Extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
    CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\teodora\AppData\Local\Wajam\Chrome\wajam.crx
    CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
    Task: {E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} - System32\Tasks\RunAsStdUser Task => C:\Program Files\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe
    AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
    AlternateDataStreams: C:\ProgramData\Temp:798A3728
    AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
    AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
    AlternateDataStreams: C:\ProgramData\Temp:B203B914
    AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
    AlternateDataStreams: C:\ProgramData\Temp:BB24555F
    AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
    AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

    C:\Program Files\PHPNukeIT
    C:\ProgramData\BrroWse2saove
    C:\Users\teodora\AppData\Local\Wajam
    C:\Program Files\OApps
    C:\Program Files\ClickPotatoLite
    C:\$RECYCLE.BIN\S-1-5-21-45046858-3824493937-427058035-1000
    C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe

    REG: Reg delete "HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}"


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 11:07 AM

i allready tried to remove the PHPNukIT Toolbar last year it say Unable to open the file install log, i try again now but it's the same result.

may i directly format the pc, maybe if I'll save all the documents, because now I have access to the PC, thanks to you, and then format it, what do you think? or should I do the scan again following all of your steps, except that I can not remove the php toolbar.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 10 December 2013 - 11:17 AM

Ignore the PHPNukIT Toolbar and proceed with the other steps - no need to format at the moment! ;)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 10 December 2013 - 11:49 AM

ok i will proceed with the other steps :thumbup2:



#12 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 11 December 2013 - 11:22 AM

hello marius, this time it seems that doesn't work the code that you sent to me because as soon as you sent me the code for the fix list i do all you said but the problem is that the pc is steel working, it says fixing is in progress please wait...but it already past 24 hours and steel says that i have to wait, should i close the pc and restart all the steps again?



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 12 December 2013 - 11:29 AM

Please reboot into safe mode and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 13 December 2013 - 06:50 AM

it is the same result, maybe it doesn't work because i can't remove the php toolbar, or maybe i wrong samething with making the fix list, i sent you the fixlist and the fixlog mAKE with the fix list, and in attached i sent you again the malwarebytes scan result

 

 

so this is the fixlist:

 

[code=auto:0]MountPoints2: E - E:\setup.exe
MountPoints2: {3894bc08-b8cc-11de-9c6b-001f16b94408} - E:\autorun.exe
MountPoints2: {4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} - E:\AutoRun.exe
MountPoints2: {6aa66539-770c-11e1-8d1c-001e101fb45e} - E:\AutoRun.exe
MountPoints2: {6aa66553-770c-11e1-8d1c-001e101f0f64} - E:\AutoRun.exe
MountPoints2: {8928de60-b995-11de-8fc4-001f16b94408} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Pc.Exe
MountPoints2: {c28ef621-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {c28ef62d-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {cc85b50c-79dd-11e2-a8bf-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e0b5ea49-67a0-11e1-b18e-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcc5-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcd1-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb31e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb32c-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb34e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb359-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f3cf7812-2703-11e0-8814-001f16b94408} - E:\setup.exe
MountPoints2: {f8da394b-67a1-11e1-ac37-001e101f82a0} - E:\AutoRun.exe
MountPoints2: {fc11eb9b-7ac9-11e2-aead-001f16b94408} - E:\AutoRun.exe
MountPoints2: {ff39fa1d-72c7-11e2-b434-001f16b94408} - E:\AutoRun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=0816582C80139263&affID=119403&tsp=4966
URLSearchHook: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} -  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - (No Name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
BHO: BrroWse2saove - {44FA78BF-6BFC-C705-9BBB-497DF7593E19} - C:\ProgramData\BrroWse2saove\512b866fdf6e2.dll ()
BHO: No Name - {7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} -  No File
Toolbar: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - PHPNukeIT Toolbar - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com
FF Extension: BittorrentBar_IT Community Toolbar - \Extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\teodora\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
Task: {E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} - System32\Tasks\RunAsStdUser Task => C:\Program Files\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
 
C:\Program Files\PHPNukeIT
C:\ProgramData\BrroWse2saove
C:\Users\teodora\AppData\Local\Wajam
C:\Program Files\OApps
C:\Program Files\ClickPotatoLite
C:\$RECYCLE.BIN\S-1-5-21-45046858-3824493937-427058035-1000
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe
 
REG: Reg delete "HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}"
 
 
 
 
this is the fixlog:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2013
Ran by teodora at 2013-12-10 18:33:20 Run:2
Running from C:\Users\teodora\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
[code=auto:0]MountPoints2: E - E:\setup.exe
MountPoints2: {3894bc08-b8cc-11de-9c6b-001f16b94408} - E:\autorun.exe
MountPoints2: {4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} - E:\AutoRun.exe
MountPoints2: {6aa66539-770c-11e1-8d1c-001e101fb45e} - E:\AutoRun.exe
MountPoints2: {6aa66553-770c-11e1-8d1c-001e101f0f64} - E:\AutoRun.exe
MountPoints2: {8928de60-b995-11de-8fc4-001f16b94408} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Pc.Exe
MountPoints2: {c28ef621-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {c28ef62d-5e22-11e2-8902-001f16b94408} - E:\AutoRun.exe
MountPoints2: {cc85b50c-79dd-11e2-a8bf-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e0b5ea49-67a0-11e1-b18e-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcc5-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {e496fcd1-7292-11e2-b09f-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb31e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb32c-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb34e-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f16bb359-f65d-11e1-9786-001f16b94408} - E:\AutoRun.exe
MountPoints2: {f3cf7812-2703-11e0-8814-001f16b94408} - E:\setup.exe
MountPoints2: {f8da394b-67a1-11e1-ac37-001e101f82a0} - E:\AutoRun.exe
MountPoints2: {fc11eb9b-7ac9-11e2-aead-001f16b94408} - E:\AutoRun.exe
MountPoints2: {ff39fa1d-72c7-11e2-b434-001f16b94408} - E:\AutoRun.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=0816582C80139263&affID=119403&tsp=4966
URLSearchHook: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} -  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - (No Name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
BHO: BrroWse2saove - {44FA78BF-6BFC-C705-9BBB-497DF7593E19} - C:\ProgramData\BrroWse2saove\512b866fdf6e2.dll ()
BHO: No Name - {7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} -  No File
Toolbar: HKLM - PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - PHPNukeIT Toolbar - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - C:\Program Files\PHPNukeIT\tbPHPN.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com
FF Extension: BittorrentBar_IT Community Toolbar - \Extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\teodora\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
Task: {E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} - System32\Tasks\RunAsStdUser Task => C:\Program Files\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
 
C:\Program Files\PHPNukeIT
C:\ProgramData\BrroWse2saove
C:\Users\teodora\AppData\Local\Wajam
C:\Program Files\OApps
C:\Program Files\ClickPotatoLite
C:\$RECYCLE.BIN\S-1-5-21-45046858-3824493937-427058035-1000
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe
 
REG: Reg delete "HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}"
 
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\[code=auto:0]E => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3894bc08-b8cc-11de-9c6b-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{3894bc08-b8cc-11de-9c6b-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} => Key deleted successfully.
HKCR\CLSID\{4fe0a74e-7ee9-11e1-a9ce-001e101f82a7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aa66539-770c-11e1-8d1c-001e101fb45e} => Key deleted successfully.
HKCR\CLSID\{6aa66539-770c-11e1-8d1c-001e101fb45e} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aa66553-770c-11e1-8d1c-001e101f0f64} => Key deleted successfully.
HKCR\CLSID\{6aa66553-770c-11e1-8d1c-001e101f0f64} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8928de60-b995-11de-8fc4-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{8928de60-b995-11de-8fc4-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c28ef621-5e22-11e2-8902-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{c28ef621-5e22-11e2-8902-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c28ef62d-5e22-11e2-8902-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{c28ef62d-5e22-11e2-8902-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc85b50c-79dd-11e2-a8bf-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{cc85b50c-79dd-11e2-a8bf-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b5ea49-67a0-11e1-b18e-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{e0b5ea49-67a0-11e1-b18e-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e496fcc5-7292-11e2-b09f-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{e496fcc5-7292-11e2-b09f-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e496fcd1-7292-11e2-b09f-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{e496fcd1-7292-11e2-b09f-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16bb31e-f65d-11e1-9786-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{f16bb31e-f65d-11e1-9786-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16bb32c-f65d-11e1-9786-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{f16bb32c-f65d-11e1-9786-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16bb34e-f65d-11e1-9786-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{f16bb34e-f65d-11e1-9786-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16bb359-f65d-11e1-9786-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{f16bb359-f65d-11e1-9786-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3cf7812-2703-11e0-8814-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{f3cf7812-2703-11e0-8814-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8da394b-67a1-11e1-ac37-001e101f82a0} => Key deleted successfully.
HKCR\CLSID\{f8da394b-67a1-11e1-ac37-001e101f82a0} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc11eb9b-7ac9-11e2-aead-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{fc11eb9b-7ac9-11e2-aead-001f16b94408} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff39fa1d-72c7-11e2-b434-001f16b94408} => Key deleted successfully.
HKCR\CLSID\{ff39fa1d-72c7-11e2-b434-001f16b94408} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Value deleted successfully.
HKCR\CLSID\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Key deleted successfully.
HKCR\CLSID\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44FA78BF-6BFC-C705-9BBB-497DF7593E19} => Key deleted successfully.
HKCR\CLSID\{44FA78BF-6BFC-C705-9BBB-497DF7593E19} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} => Key deleted successfully.
HKCR\CLSID\{7C74FF88-1A7D-406E-B94B-7DD8ABCC9DCC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Value deleted successfully.
HKCR\CLSID\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} => Value deleted successfully.
HKCR\CLSID\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} => Value deleted successfully.
HKCR\CLSID\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} => Value deleted successfully.
HKCR\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com => not found.
FF Extension: BittorrentBar_IT Community Toolbar - \Extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key deleted successfully.
C:\Users\teodora\AppData\Local\Wajam\Chrome\wajam.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl => Key deleted successfully.
"C:\Program Files\OApps\chromeaddon.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E82AA5B5-2F91-41ED-A3E1-CAABA9599F27} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
C:\ProgramData\Temp => ":131C0EE9" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":8750DCE4" ADS removed successfully.
C:\ProgramData\Temp => ":9E22BBE8" ADS removed successfully.
C:\ProgramData\Temp => ":B203B914" ADS removed successfully.
C:\ProgramData\Temp => ":B623B5B8" ADS removed successfully.
C:\ProgramData\Temp => ":BB24555F" ADS removed successfully.
C:\ProgramData\Temp => ":CE0A077E" ADS removed successfully.
C:\ProgramData\Temp => ":DCAF903C" ADS removed successfully.
C:\Program Files\PHPNukeIT => Moved successfully.
C:\ProgramData\BrroWse2saove => Moved successfully.
C:\Users\teodora\AppData\Local\Wajam => Moved successfully.
C:\Program Files\OApps => Moved successfully.
"C:\Program Files\ClickPotatoLite" => File/Directory not found.
C:\$RECYCLE.BIN\S-1-5-21-45046858-3824493937-427058035-1000 => Moved successfully.
C:\Users\teodora\AppData\Local\Temp\Video Performer63485.exe => Moved successfully.
 
========= Reg delete "HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}" =========
 


#15 tigre13

tigre13
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:03 AM

Posted 13 December 2013 - 06:53 AM

the malwarebytes scan result before making the fislist

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users