Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected


  • This topic is locked This topic is locked
26 replies to this topic

#1 gangosan

gangosan

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 03:22 PM

Hello and sorry for my bad english my pc running slowly

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05.8.2014 г. 05:32:02
System Uptime: 07.1.2015 г. 20:01:52 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5KPL-AM SE
Processor: Intel® Celeron® CPU        E3300  @ 2.50GHz | Socket 775 | 2520/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 55 GiB total, 26,472 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 28,925 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 1,226 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\ATK0110\1010110
Manufacturer: 
Name: 
PNP Device ID: ACPI\ATK0110\1010110
Service: 
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VPN Client Adapter - VPN
Device ID: ROOT\NET\0000
Manufacturer: SoftEther VPN Project
Name: VPN Client Adapter - VPN
PNP Device ID: ROOT\NET\0000
Service: Neo_VPN
.
==== System Restore Points ===================
.
RP80: 17.12.2014 г. 14:54:24 - System Checkpoint
RP81: 19.12.2014 г. 02:29:50 - System Checkpoint
RP82: 20.12.2014 г. 02:43:07 - System Checkpoint
RP83: 28.12.2014 г. 18:21:44 - System Checkpoint
RP84: 29.12.2014 г. 20:25:16 - System Checkpoint
RP85: 30.12.2014 г. 22:11:31 - System Checkpoint
RP86: 31.12.2014 г. 07:05:29 - Removed Virtual Machine Network Services Driver
RP87: 01.1.2015 г. 21:52:01 - System Checkpoint
RP88: 03.1.2015 г. 03:22:12 - Installed Minecraft
RP89: 03.1.2015 г. 13:11:57 - Installed CrashPlan
RP90: 04.1.2015 г. 13:16:02 - System Checkpoint
RP91: 05.1.2015 г. 00:48:23 - Removed Minecraft
RP92: 05.1.2015 г. 00:51:41 - Removed CrashPlan
RP93: 06.1.2015 г. 01:44:08 - System Checkpoint
RP94: 07.1.2015 г. 03:51:11 - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 15 ActiveX
Adobe Flash Player 16 NPAPI
AIDA64 Extreme v4.60
Ashampoo Burning Studio 2015 v.1.15.0
Auslogics BoostSpeed
Auslogics DiskDefrag
Bulgarian (Phonetic) by Iliya Dankov
CCleaner
Classic FTP
Counter-Strike 1.6
CyberGhost 5
Driver Genius
Exterminate It!
FastStone Capture 7.8
FastStone Image Viewer 5.3
FileZilla Client 3.9.0.3
Glary Utilities 5.8
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Incomedia WebSite X5 v11 - Home
Intel® Graphics Media Accelerator Driver
Internet Download Manager
Java 7 Update 71
Java Auto Updater
K-Lite Mega Codec Pack 10.7.1
Localphone
LogoMaker 3.1
MagicDisc 2.7.106
Malwarebytes Anti-Malware, версия 2.0.4.1028
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MyFreeCodec
Nero 8 Micro 8.3.2.1
Photodex Presenter
PokerStars.bg
ProShow Gold
Realtek High Definition Audio Driver
RefreshPC
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2894842v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2976627)
Security Update for Windows Internet Explorer 8 (KB2977629)
Security Update for Windows Internet Explorer 8 (KB3003057)
Security Update for Windows Internet Explorer 8 (KB3008923)
Security Update for Windows Internet Explorer 8 (KB3012176)
Skype™ 6.22
SoftEther VPN Client
Steam
SumatraPDF 3.0
Temp File Cleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
User Profile Hive Cleanup Service
VLC media player
Voipwise
WebFldrs XP
Win32DiskImager version 0.9.5
WinRAR 5.11 (32-bit)
WinTools.net Premium version 14.0
Xara 3D Maker 7
Xara Web Designer 10 Premium
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
07.1.2015 г. 00:38:04, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
07.1.2015 г. 00:37:34, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
07.1.2015 г. 00:37:04, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
07.1.2015 г. 00:36:34, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
07.1.2015 г. 00:36:04, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
07.1.2015 г. 00:35:34, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
07.1.2015 г. 00:35:18, error: System Error [1003]  - Error code 1000000a, parameter1 c08b7cd4, parameter2 00000002, parameter3 00000000, parameter4 80523caf.
07.1.2015 г. 00:35:04, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
07.1.2015 г. 00:34:34, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
07.1.2015 г. 00:34:04, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
07.1.2015 г. 00:33:34, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
07.1.2015 г. 00:33:03, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
07.1.2015 г. 00:30:54, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dhcp service.
07.1.2015 г. 00:30:54, error: Service Control Manager [7000]  - The DHCP Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
07.1.2015 г. 00:30:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
07.1.2015 г. 00:29:51, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the lanmanworkstation service.
07.1.2015 г. 00:29:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
07.1.2015 г. 00:28:51, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the lanmanworkstation service.
07.1.2015 г. 00:26:25, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dhcp service.
07.1.2015 г. 00:26:25, error: Service Control Manager [7000]  - The DHCP Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
07.1.2015 г. 00:25:55, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
04.1.2015 г. 03:52:35, error: Service Control Manager [7034]  - The CrashPlan Backup Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.71.2
Run by Admin at 20:17:38 on 2015-01-07
Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.3062.1926 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Java\jre7\bin\jqs.exe
E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe
E:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe
E:\Program Files\UPHClean\uphclean.exe
E:\Program Files\CyberGhost 5\Service.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Samsung\Kies\KiesTrayAgent.exe
E:\WINDOWS\system32\igfxsrvc.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\Program Files\Samsung\Kies\Kies.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Programi\4avdoScript\mirc.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.bg/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - e:\program files\internet download manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
uRun: [IDMan] e:\program files\internet download manager\IDMan.exe /onboot
uRun: [KiesPreload] e:\program files\samsung\kies\Kies.exe /preload
uRun: [uTorrent] "e:\documents and settings\admin\application data\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [IMJPMIG8.1] "e:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KiesTrayAgent] e:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "e:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: e:\docume~1\admin\startm~1\programs\startup\autoru~1\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - e:\program files\crashplan\CrashPlanTray.exe
StartupFolder: e:\documents and settings\all users\start menu\programs\startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\softet~1.lnk - e:\program files\softether vpn client\vpncmgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoThemesTab = dword:0
uPolicies-Explorer: NoChangeAnimation = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoSMMyPictures = dword:0
mPolicies-Explorer: NoStartMenuMyMusic = dword:0
mPolicies-Explorer: NoCommonGroups = dword:0
mPolicies-Explorer: NoSimpleStartMenu = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Свали всички линкове с IDM - e:\program files\internet download manager\IEGetAll.htm
IE: Свали с IDM - e:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2CCD3847-8C5F-4199-8126-3735458876A1} : DHCPNameServer = 192.168.1.1
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - LocalServer32 - <no file>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\admin\application data\mozilla\firefox\profiles\1ln2ume0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg
FF - plugin: e:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: e:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: e:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: e:\program files\photodex presenter\npPxPlay.dll
FF - plugin: e:\windows\system32\macromed\flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [2013-9-17 135296]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2013-9-17 119792]
R1 GUBootStartup;GUBootStartup;e:\windows\system32\drivers\GUBootStartup.sys [2014-9-20 17344]
R1 IDMTDI;IDMTDI;e:\windows\system32\drivers\idmtdi.sys [2014-7-10 123360]
R2 CGVPNCliService;CyberGhost 5 Client Service;e:\program files\cyberghost 5\Service.exe [2014-9-29 64616]
R2 ekrn;ESET Service;e:\program files\eset\eset nod32 antivirus\ekrn.exe [2014-10-1 1349576]
R2 LocalphoneWinService;Localphone VoIP Service;e:\program files\localphone ltd\localphone\Localphone_mod.exe [2013-8-22 1046016]
R3 eamonm;eamonm;e:\windows\system32\drivers\eamonm.sys [2014-10-10 191928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;e:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-8-5 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);e:\windows\system32\drivers\ssudbus.sys [2014-9-25 89856]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);e:\windows\system32\drivers\ssudmdm.sys [2014-9-25 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);e:\windows\system32\drivers\ssudserd.sys [2011-10-18 181432]
S3 tap0801;TAP-Win32 Adapter V8;e:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Neo_VPN;VPN Client Device Driver - VPN;e:\windows\system32\drivers\Neo_0108.sys [2014-8-8 25824]
S4 SEVPNCLIENT;SoftEther VPN Client;e:\program files\softether vpn client\vpnclient.exe [2014-8-8 3544632]
.
=============== Created Last 30 ================
.
2015-01-06 12:32:09 -------- d-----w- e:\documents and settings\all users\application data\DriverGenius
2015-01-06 12:31:42 -------- d-----w- e:\program files\Driver-Soft
2015-01-05 18:40:38 -------- d-----w- e:\program files\Magical Jelly Bean
2015-01-05 10:29:43 -------- d-----w- E:\FRST
2015-01-05 00:33:50 -------- d-----w- e:\program files\common files\Xara Services
2015-01-05 00:33:50 -------- d-----w- e:\program files\common files\MAGIX Services
2015-01-04 22:44:42 -------- d-----w- e:\program files\smartmontools
2015-01-04 01:52:56 -------- d-----w- e:\documents and settings\admin\application data\CrystalIdea Software
2015-01-03 11:12:25 -------- d-----w- e:\documents and settings\admin\application data\CrashPlan
2015-01-03 11:12:05 -------- d-----w- e:\program files\CrashPlan
2015-01-03 11:12:05 -------- d-----w- e:\documents and settings\all users\application data\CrashPlan
2015-01-03 01:23:46 -------- d-----w- e:\documents and settings\admin\application data\java
2015-01-03 01:23:39 -------- d-----w- e:\documents and settings\admin\application data\.minecraft
2014-12-30 01:43:31 -------- d-----w- e:\program files\Temp File Cleaner
2014-12-29 17:28:01 -------- d-----w- e:\documents and settings\admin\local settings\application data\Adobe
2014-12-29 00:42:13 -------- d-----w- e:\documents and settings\admin\application data\Steganos Updates
2014-12-29 00:39:52 -------- d-----w- e:\documents and settings\admin\application data\Steganos VPN
2014-12-29 00:39:45 -------- d-----w- e:\documents and settings\admin\application data\Steganos
2014-12-29 00:39:43 -------- d-----w- e:\program files\common files\Steganos
2014-12-29 00:39:42 -------- d-----w- e:\program files\OkayFreedom
2014-12-19 20:50:31 -------- d-----w- e:\program files\Steam
2014-12-15 21:23:26 -------- d-----w- e:\program files\OpenVPN
2014-12-15 19:56:44 -------- d-----w- e:\documents and settings\all users\application data\Anvisoft
2014-12-15 19:56:18 -------- d-----w- e:\program files\common files\Anvisoft
2014-12-13 20:15:37 -------- d-----w- e:\program files\FastStone Image Viewer
2014-12-09 20:10:05 -------- d-----w- e:\program files\Photodex Presenter
2014-12-09 20:09:24 -------- d-----w- e:\program files\Photodex
2014-12-09 20:09:01 -------- d-----w- e:\documents and settings\admin\application data\Photodex
2014-12-09 20:08:58 -------- d-----w- e:\documents and settings\all users\application data\Photodex
2014-12-09 19:57:21 -------- d-----w- e:\documents and settings\admin\local settings\application data\Incomedia
2014-12-09 19:56:48 -------- d-----w- e:\program files\WebSite X5 v11 - Home
.
==================== Find3M  ====================
.
2015-01-07 02:30:32 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-29 17:31:01 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2014-12-29 17:31:00 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-29 00:37:06 123360 ----a-w- e:\windows\system32\drivers\idmtdi.sys
2014-11-27 15:09:41 96680 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2014-11-27 15:09:38 145408 ----a-w- e:\windows\system32\javacpl.cpl
2014-11-26 15:56:07 420864 ----a-w- e:\windows\system32\vbscript.dll
2014-11-21 04:14:14 54360 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 04:14:06 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
2014-11-17 18:13:14 43520 ----a-w- e:\windows\system32\licmgr10.dll
2014-11-17 18:13:14 19456 ----a-w- e:\windows\system32\corpol.dll
2014-11-17 18:13:14 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2014-11-17 17:47:02 385024 ----a-w- e:\windows\system32\html.iec
2014-11-17 08:13:16 920064 ----a-w- e:\windows\system32\wininet.dll
2014-10-25 01:04:09 301568 ----a-w- e:\windows\system32\kerberos.dll
2014-10-18 01:17:56 552448 ----a-w- e:\windows\system32\oleaut32.dll
2014-10-10 06:59:12 191928 ----a-w- e:\windows\system32\drivers\eamonm.sys
2014-10-10 06:59:12 135296 ----a-w- e:\windows\system32\drivers\ehdrv.sys
2014-10-10 06:59:12 119792 ----a-w- e:\windows\system32\drivers\epfwtdir.sys
.
============= FINISH: 20:17:56,90 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 07 January 2015 - 04:20 PM

Hey my friend, :)

my Name is Machiavelli and I will assist you with your problem.   :exclame: The fixes are specific to your problem and should only be used for the issue on your machine!  :exclame:
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:exclame: Below are a few tips :exclame:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

It is very important to save all tools on your Desktop. ;)

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 04:35 PM

Hi my friend my name is Chavdar. Thank you for you speed ansver .

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Admin (administrator) on UNKNOWN-8383362 on 07-01-2015 23:34:19
Running from E:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
() E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe
() E:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
(Windows ® Codename Longhorn DDK provider) E:\Program Files\UPHClean\uphclean.exe
(CyberGhost S.R.L) E:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) E:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
(Samsung Electronics Co., Ltd.) E:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Tonec Inc.) E:\Program Files\Internet Download Manager\IDMan.exe
(Samsung) E:\Program Files\SAMSUNG\Kies\Kies.exe
(Tonec Inc.) E:\Program Files\Internet Download Manager\IEMonitor.exe
(mIRC Co. Ltd.) D:\Programi\4avdoScript\mirc.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\WINDOWS\system32\taskmgr.exe
(Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18671104 2009-07-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => E:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => E:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [egui] => E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoCommonGroups] 0
HKLM\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Run: [IDMan] => E:\Program Files\Internet Download Manager\IDMan.exe [3886672 2014-12-17] (Tonec Inc.)
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Run: [KiesPreload] => E:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoThemesTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: E:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs ()
ShellIconOverlayIdentifiers: [0_FlingIconOverlay] -> {02696AD5-FF96-454B-9E00-81DA8B79B678} => E:\Program Files\NCH Software\Fling\fldll.dll ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-776561741-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2944;https=127.0.0.1:2944;
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-117609710-776561741-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-117609710-776561741-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.bg/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: E:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1ln2ume0.default
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter -> E:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - E:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1ln2ume0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-18]
FF HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5 [2014-12-17]
FF HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://crunchbang.org/start/", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=n12521-372&t=4", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=a12720-372&t=4", "hxxp://gangosan.dc7.us/bg/"
CHR Profile: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Документи) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Диск) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Adblock Plus) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-31]
CHR Extension: (Google Търсене) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (SSLTrust SSL Certificate Store) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fappknnhhggcjmeljjbjmibmhoninmem [2014-12-31]
CHR Extension: (Hola Better Internet) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-31]
CHR Extension: (Lunapic Photo Editor) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2014-12-31]
CHR Extension: (Online PDF Tools) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2014-12-31]
CHR Extension: (IDM Integration Module) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-31]
CHR Extension: (IP адрес) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2014-12-31]
CHR Extension: (Video Download Helper) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-12-31]
CHR Extension: (Cloud9) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-12-31]
CHR Extension: (Google Wallet) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (Weather Underground) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-31]
CHR Extension: (Gmail) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-12-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CGVPNCliService; E:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ekrn; E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-27] (Oracle Corporation)
R2 LocalphoneWinService; E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe [1046016 2013-08-22] () [File not signed]
R2 ScsiAccess; E:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2014-12-09] ()
S4 SEVPNCLIENT; E:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 UPHClean; E:\Program Files\UPHClean\uphclean.exe [399872 2010-09-14] (Windows ® Codename Longhorn DDK provider) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)
R3 eamonm; E:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; E:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R1 epfwtdir; E:\WINDOWS\System32\DRIVERS\epfwtdir.sys [119792 2014-10-10] (ESET)
R1 GUBootStartup; E:\WINDOWS\System32\drivers\GUBootStartup.sys [17344 2014-09-20] (Glarysoft Ltd)
R1 IDMTDI; E:\WINDOWS\System32\DRIVERS\idmtdi.sys [123360 2014-11-29] (Tonec Inc.)
R3 mcdbus; E:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-05] (Creative Technology Ltd.)
S4 Neo_VPN; E:\WINDOWS\System32\DRIVERS\Neo_0108.sys [25824 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ssudserd; E:\WINDOWS\System32\DRIVERS\ssudserd.sys [181432 2011-10-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0801; E:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; E:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-09-13] (The OpenVPN Project)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 btwmodem; system32\DRIVERS\btwmodem.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 mbr; \??\E:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 23:34 - 2015-01-07 23:34 - 00017719 _____ () E:\Documents and Settings\Admin\Desktop\FRST.txt
2015-01-07 13:26 - 2015-01-07 13:26 - 01115648 _____ (Farbar) E:\Documents and Settings\Admin\Desktop\FRST.exe
2015-01-06 14:32 - 2015-01-06 14:32 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\DriverGenius
2015-01-06 14:31 - 2015-01-06 14:31 - 00000860 _____ () E:\Documents and Settings\Admin\Desktop\Driver Genius.lnk
2015-01-06 14:31 - 2015-01-06 14:31 - 00000000 ____D () E:\Program Files\Driver-Soft
2015-01-06 14:31 - 2015-01-06 14:31 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius
2015-01-06 13:44 - 2015-01-06 13:44 - 00000045 _____ () E:\Documents and Settings\Admin\Desktop\CV.txt
2015-01-06 02:46 - 2015-01-07 12:29 - 00020099 _____ () E:\WINDOWS\setupapi.log
2015-01-05 20:40 - 2015-01-06 02:20 - 00000000 ____D () E:\Program Files\Magical Jelly Bean
2015-01-05 12:29 - 2015-01-07 23:34 - 00000000 ____D () E:\FRST
2015-01-05 03:36 - 2012-07-25 21:09 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\openpublish-7.x-1.0-beta2
2015-01-05 02:46 - 2015-01-05 02:46 - 02379400 _____ () E:\Documents and Settings\Admin\Desktop\xara.zip
2015-01-05 02:34 - 2015-01-05 02:34 - 00000916 _____ () E:\Documents and Settings\All Users\Desktop\Xara Web Designer 10 Premium.lnk
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ___RD () E:\Documents and Settings\Admin\My Documents\Xara
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ____D () E:\Program Files\Common Files\Xara Services
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ____D () E:\Program Files\Common Files\MAGIX Services
2015-01-05 00:44 - 2015-01-05 00:47 - 00000000 ____D () E:\Program Files\smartmontools
2015-01-05 00:16 - 2015-01-05 00:27 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\ezpublish5_community_project-2014.11.1-gpl-full
2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () E:\Program Files\Microsoft Silverlight
2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-01-04 03:52 - 2015-01-04 03:52 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\CrystalIdea Software
2015-01-04 03:40 - 2015-01-04 03:40 - 00000000 _____ () E:\Documents and Settings\Admin\Application Data\ClassicFTP.dmp
2015-01-03 23:11 - 2015-01-03 23:11 - 02406926 _____ () E:\Documents and Settings\Admin\Desktop\MyBackup Pro v4.0.9 apkmania.com.rar
2015-01-03 13:12 - 2015-01-05 00:51 - 00000000 ____D () E:\Program Files\CrashPlan
2015-01-03 13:12 - 2015-01-05 00:51 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\CrashPlan
2015-01-03 13:12 - 2015-01-03 13:12 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\CrashPlan
2015-01-03 12:33 - 2015-01-03 12:33 - 00081920 _____ () E:\WINDOWS\Minidump\Mini010315-01.dmp
2015-01-03 03:23 - 2015-01-03 03:29 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\.minecraft
2015-01-03 03:23 - 2015-01-03 03:23 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\java
2014-12-31 15:01 - 2014-12-31 15:01 - 00000822 _____ () E:\Documents and Settings\Admin\Desktop\Auslogics BoostSpeed.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00001811 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-12-31 07:07 - 2015-01-07 23:12 - 00000984 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 07:07 - 2015-01-07 20:02 - 00000980 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 03:43 - 2014-12-30 03:43 - 00000000 ____D () E:\Program Files\Temp File Cleaner
2014-12-29 19:28 - 2014-12-29 19:31 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2014-12-29 02:42 - 2014-12-29 02:42 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos Updates
2014-12-29 02:39 - 2014-12-31 07:05 - 00000000 ____D () E:\Program Files\OkayFreedom
2014-12-29 02:39 - 2014-12-31 07:04 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos
2014-12-29 02:39 - 2014-12-29 19:53 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos VPN
2014-12-29 02:39 - 2014-12-29 02:39 - 00000000 ____D () E:\Program Files\Common Files\Steganos
2014-12-19 22:50 - 2014-12-30 03:50 - 00000000 ____D () E:\Program Files\Steam
2014-12-19 22:50 - 2014-12-19 22:50 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Steam
2014-12-16 14:07 - 2014-12-30 03:45 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3013126$
2014-12-15 23:23 - 2014-12-15 23:25 - 00000000 ____D () E:\Program Files\OpenVPN
2014-12-15 21:56 - 2014-12-15 21:56 - 00000000 ____D () E:\Program Files\Common Files\Anvisoft
2014-12-15 21:56 - 2014-12-15 21:56 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Anvisoft
2014-12-13 22:15 - 2014-12-13 22:15 - 00000780 _____ () E:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
2014-12-13 22:15 - 2014-12-13 22:15 - 00000000 ____D () E:\Program Files\FastStone Image Viewer
2014-12-13 22:15 - 2014-12-13 22:15 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer
2014-12-11 15:20 - 2014-12-30 03:50 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-12-10 01:22 - 2014-12-10 01:22 - 00446622 _____ () E:\Documents and Settings\Admin\Desktop\x5.zip
2014-12-10 01:04 - 2014-12-10 01:09 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\x5
2014-12-09 22:10 - 2014-12-09 22:10 - 00001738 _____ () E:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
2014-12-09 22:10 - 2014-12-09 22:10 - 00000000 ____D () E:\Program Files\Photodex Presenter
2014-12-09 22:10 - 2014-12-09 22:10 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Netscape
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 ____D () E:\Program Files\Photodex
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Photodex
2014-12-09 22:08 - 2014-12-09 22:09 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Photodex
2014-12-09 22:02 - 2014-12-09 22:02 - 00000000 ____D () E:\Documents and Settings\Admin\My Documents\Incomedia
2014-12-09 21:57 - 2014-12-09 21:57 - 00000778 _____ () E:\Documents and Settings\All Users\Desktop\WebSite X5 Home 11.lnk
2014-12-09 21:57 - 2014-12-09 21:57 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\WebSite X5 v11 - Home
2014-12-09 21:57 - 2014-12-09 21:57 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Incomedia
2014-12-09 21:56 - 2014-12-09 22:02 - 00000000 ____D () E:\Program Files\WebSite X5 v11 - Home
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 23:34 - 2014-09-18 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Temp
2015-01-07 23:33 - 2014-08-06 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\DMCache
2015-01-07 23:29 - 2014-08-04 23:40 - 00000422 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{28E14D98-3938-4F39-A46A-0C98F66DE9A8}.job
2015-01-07 23:01 - 2014-08-05 01:23 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Skype
2015-01-07 23:00 - 2014-08-07 09:48 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\vlc
2015-01-07 22:41 - 2014-11-30 01:59 - 00002265 _____ () E:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-01-07 20:04 - 2014-08-05 04:29 - 01279348 _____ () E:\WINDOWS\WindowsUpdate.log
2015-01-07 20:03 - 2014-09-20 13:05 - 00000320 _____ () E:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-01-07 20:03 - 2014-08-06 13:51 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\uTorrent
2015-01-07 20:02 - 2014-09-06 12:38 - 00004349 _____ () E:\WINDOWS\system32\localphone.log
2015-01-07 20:02 - 2014-08-05 04:32 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2015-01-07 12:32 - 2014-09-06 12:38 - 00065536 _____ () E:\WINDOWS\system32\config\Localpho.evt
2015-01-07 12:32 - 2014-08-05 04:33 - 00000178 ___SH () E:\Documents and Settings\Admin\ntuser.ini
2015-01-07 12:32 - 2014-08-05 04:32 - 00032550 _____ () E:\WINDOWS\SchedLgU.Txt
2015-01-07 04:30 - 2014-09-30 14:50 - 00114904 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 01:24 - 2014-08-08 00:37 - 00000000 ____D () E:\Program Files\PokerStars.BG
2015-01-07 00:38 - 2014-08-04 23:17 - 00189000 _____ () E:\WINDOWS\system32\FNTCACHE.DAT
2015-01-07 00:38 - 2008-04-14 14:00 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
2015-01-06 02:20 - 2014-08-10 13:54 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\TEMP
2015-01-05 13:58 - 2014-08-11 09:56 - 00045752 _____ () E:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-05 02:34 - 2014-08-09 18:37 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Xara
2015-01-05 02:33 - 2014-08-09 18:37 - 00000000 ____D () E:\Program Files\Xara
2015-01-05 02:28 - 2014-09-02 11:27 - 00000000 ____D () E:\Program Files\WinTools Software
2015-01-05 02:17 - 2014-08-08 18:41 - 00041600 ____H () E:\WINDOWS\system32\mlfcache.dat
2015-01-05 02:01 - 2014-08-09 18:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\MAGIX
2015-01-05 02:01 - 2014-08-09 18:38 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\MAGIX
2015-01-05 02:01 - 2014-08-09 18:37 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Xara
2015-01-04 15:53 - 2014-08-16 22:18 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\TeamViewer
2015-01-04 02:57 - 2014-08-17 22:47 - 00000600 _____ () E:\Documents and Settings\Admin\Application Data\winscp.rnd
2015-01-04 02:56 - 2014-08-17 22:45 - 04635145 _____ () E:\Documents and Settings\Admin\Desktop\winscp554.zip
2015-01-03 18:55 - 2014-08-06 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\IDM
2015-01-03 12:33 - 2014-09-30 14:16 - 00000000 ____D () E:\WINDOWS\Minidump
2014-12-31 16:36 - 2014-09-11 01:16 - 01190243 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-776561741-1417001333-1003-0.dat
2014-12-31 16:36 - 2014-09-06 02:10 - 00147582 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-31 15:12 - 2014-09-03 19:47 - 00000000 ____D () E:\Documents and Settings\Admin\Start Menu\Programs\Utilities
2014-12-31 15:12 - 2014-08-24 20:24 - 00000000 ____D () E:\Documents and Settings\Admin\Start Menu\Programs\BlueVoda Website Builder
2014-12-31 15:03 - 2014-09-29 16:26 - 00000000 ____D () E:\WINDOWS\system32\LogFiles
2014-12-31 15:01 - 2014-09-02 11:52 - 00000000 ____D () E:\Program Files\Auslogics
2014-12-31 15:01 - 2014-09-02 11:52 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2014-12-31 07:08 - 2014-08-05 00:32 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Google
2014-12-31 07:07 - 2014-08-04 23:34 - 00000000 ____D () E:\Program Files\Google
2014-12-30 18:12 - 2014-08-06 14:31 - 00000000 ____D () E:\Program Files\Counter-Strike 1.6
2014-12-30 03:52 - 2014-09-20 13:04 - 00000000 ____D () E:\Program Files\Glary Utilities 5
2014-12-30 03:50 - 2014-08-06 11:19 - 00000000 ____D () E:\Program Files\Internet Download Manager
2014-12-30 03:50 - 2014-08-04 23:12 - 00000000 ____D () E:\WINDOWS\Help
2014-12-30 03:44 - 2014-08-05 04:33 - 00000000 ____D () E:\Documents and Settings\Admin
2014-12-30 03:43 - 2014-09-05 19:38 - 00000716 _____ () E:\Documents and Settings\Admin\Start Menu\Programs\Temp File Cleaner.lnk
2014-12-30 03:43 - 2014-09-05 19:38 - 00000710 _____ () E:\Documents and Settings\Admin\Desktop\Temp File Cleaner.lnk
2014-12-30 02:50 - 2014-09-05 19:36 - 00000682 _____ () E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-12-30 02:50 - 2014-09-05 19:36 - 00000000 ____D () E:\Program Files\CCleaner
2014-12-29 19:31 - 2014-07-09 15:45 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-29 19:31 - 2014-07-09 15:45 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-17 16:11 - 2014-08-06 11:19 - 00000696 _____ () E:\Documents and Settings\Admin\Desktop\Internet Download Manager.lnk
2014-12-16 14:39 - 2014-09-05 19:35 - 00000000 ____D () E:\WINDOWS\Microsoft.NET
2014-12-16 14:08 - 2014-08-25 09:55 - 00000000 ____D () E:\WINDOWS\system32\MRT
2014-12-16 14:07 - 2014-07-09 01:28 - 109818608 _____ (Microsoft Corporation) E:\WINDOWS\system32\mrt.exe
2014-12-16 14:06 - 2014-08-04 23:21 - 00568940 _____ () E:\WINDOWS\system32\PerfStringBackup.INI
2014-12-14 10:49 - 2014-08-06 13:54 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\FastStone
2014-12-13 07:21 - 2014-09-21 20:51 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2014-12-12 23:23 - 2014-11-27 21:36 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2992611$
2014-12-12 23:23 - 2014-11-27 21:35 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3006226$
2014-12-12 23:23 - 2014-11-27 21:34 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2998579$
2014-12-12 23:23 - 2014-11-27 21:30 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2993254$
2014-12-12 23:23 - 2014-11-27 21:30 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2991963$
2014-12-12 23:23 - 2014-11-27 21:29 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3002885$
2014-12-12 23:23 - 2014-11-27 21:28 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2989935$
2014-12-12 23:23 - 2014-11-27 21:26 - 00000000 ___HD () E:\WINDOWS\$hf_mig$
2014-12-12 23:23 - 2014-11-27 21:25 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3011780$
2014-12-12 23:23 - 2014-11-27 21:25 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2993958$
2014-12-10 17:45 - 2014-09-30 14:50 - 00000777 _____ () E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 17:45 - 2014-09-30 14:50 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-12-10 17:45 - 2014-09-30 14:50 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 22:10 - 2014-08-07 09:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Mozilla
 
Some content of TEMP:
====================
E:\Documents and Settings\Admin\Local Settings\Temp\rophccwr.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Admin at 2015-01-07 23:35:02
Running from E:\Documents and Settings\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIDA64 Extreme v4.60 (HKLM\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
Bulgarian (Phonetic) by Iliya Dankov (HKLM\...\{57BA3105-8E44-45BD-BB3A-F0BD5EA0575B}) (Version: 1.0.3.13 - ILIYA DANKOV - www.dankov.hit.bg)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Classic FTP (HKLM\...\ClassicFTP) (Version: 2.38 - NCH Software)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Driver Genius (HKLM\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
Exterminate It! (HKLM\...\Exterminate It!) (Version: 2.12.08.31 - CURIOLAB S.M.B.A.)
FastStone Capture 7.8 (HKLM\...\FastStone Capture) (Version: 7.8 - FastStone Soft)
FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileZilla Client 3.9.0.3 (HKLM\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Glary Utilities 5.8 (HKLM\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Incomedia WebSite X5 v11 - Home (HKLM\...\{C5743DB8-7BDF-47D3-8D41-0BBD487B48A1}_is1) (Version: 11.0.2.14 - Incomedia s.r.l.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Mega Codec Pack 10.7.1 (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Localphone (HKLM\...\{161F93FE-B8B1-48F2-AE05-994608C50E27}) (Version: 2.2.2 - Localphone Ltd.)
LogoMaker 3.1 (HKLM\...\LogoMaker_is1) (Version:  - Studio V5)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware, версия 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\MyFreeCodec) (Version:  - )
Nero 8 Micro 8.3.2.1 (HKLM\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - Photodex Corporation)
PokerStars.bg (HKLM\...\PokerStars.bg) (Version:  - PokerStars.bg)
ProShow Gold (HKLM\...\ProShow Gold) (Version:  - Photodex Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5904 - Realtek Semiconductor Corp.)
RefreshPC (HKLM\...\RefreshPC_is1) (Version: 2.0 - WareSoft Software)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF 3.0 (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.14 build 745 - Finarea S.A. Switzerland)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinTools.net Premium version 14.0 (HKLM\...\{AA9A6236-EE61-41B7-A7EC-5F4496409D55}_is1) (Version: 14.0 - WinTools Software Engineering, Ltd.)
Xara 3D Maker 7 (HKLM\...\MAGIX_MSI_Xara3D7) (Version: 7.0.0.415 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.415 - Xara Group Ltd) Hidden
Xara Web Designer 10 Premium (HKLM\...\MX.{31EA478F-B78B-415D-9811-94F5E226C73A}) (Version: 10.1.3.35257 - Xara Group Ltd)
Xara Web Designer 10 Premium (Version: 10.1.3.35257 - Xara Group Ltd) Hidden
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
17-12-2014 14:54:24 System Checkpoint
19-12-2014 02:29:50 System Checkpoint
20-12-2014 02:43:07 System Checkpoint
28-12-2014 18:21:44 System Checkpoint
29-12-2014 20:25:16 System Checkpoint
30-12-2014 22:11:31 System Checkpoint
31-12-2014 07:05:29 Removed Virtual Machine Network Services Driver
01-01-2015 21:52:01 System Checkpoint
03-01-2015 03:22:12 Installed Minecraft
03-01-2015 13:11:57 Installed CrashPlan
04-01-2015 13:16:02 System Checkpoint
05-01-2015 00:48:23 Removed Minecraft
05-01-2015 00:51:41 Removed CrashPlan
06-01-2015 01:44:08 System Checkpoint
07-01-2015 03:51:11 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 14:00 - 2008-04-14 14:00 - 00000734 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: E:\WINDOWS\Tasks\GlaryInitialize 5.job => E:\Program Files\Glary Utilities 5\Initialize.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\User_Feed_Synchronization-{28E14D98-3938-4F39-A46A-0C98F66DE9A8}.job => E:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-22 15:39 - 2013-08-22 15:39 - 01046016 _____ () E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe
2014-12-09 22:09 - 2014-12-09 22:09 - 00186760 _____ () E:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe
2014-09-03 19:47 - 2014-09-03 19:47 - 00094208 _____ () E:\Program Files\NCH Software\Fling\fldll.dll
2014-08-13 16:09 - 2014-08-13 16:09 - 00035328 _____ () E:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () E:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () E:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-09-25 09:29 - 2014-09-25 09:29 - 01967616 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\c8570e2cce957aa089060ce810aec717\Kies.UI.ni.dll
2014-09-25 09:29 - 2014-09-25 09:29 - 00079360 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d57780faf2868d5a0157ba787d05caf5\Kies.MVVM.ni.dll
2014-09-25 09:29 - 2014-09-25 09:29 - 00189952 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4a4528625f7778e70997dd97a5c62d5f\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-09-25 09:31 - 2014-09-25 09:31 - 00363008 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\cf1d72955a588b1310c5b5bc5eb8e293\DevicePhoto.ni.dll
2014-09-25 09:31 - 2014-09-25 09:31 - 00296960 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\78df13b8986e93a645f3d561a42b2ac2\DeviceVideo.ni.dll
2014-09-25 09:31 - 2014-09-25 09:31 - 00613376 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\a82eeeb032294884e498eff1fcf14c9d\DevicePodcast.ni.dll
2014-09-25 09:31 - 2014-09-25 09:31 - 00307200 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\ff9f65cb1cbd9cf0938ee8d507541d88\DummyStorePlugin.ni.dll
2014-09-25 09:31 - 2014-09-25 09:31 - 14994944 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\7e48e15df434ee8b79b38730bc6a39f1\Kies.Theme.ni.dll
2014-09-25 09:30 - 2014-09-25 09:30 - 00583168 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5a9202b7484c6c8b358d6e72ea178086\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-09-25 09:29 - 2014-09-25 09:29 - 00046592 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\626bf1dc8c37911ae8d26fbec00ca29c\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-09-25 09:30 - 2014-09-25 09:30 - 01005056 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\6b145c04f8df85e5f4c1e8b626c1094d\DeviceCommonLib.ni.dll
2014-09-25 09:30 - 2014-09-25 09:30 - 00232448 _____ () E:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\a22bd0576d0a8ed359f8dd1e3116e43d\ASF_cSharpAPI.ni.dll
2008-04-14 14:00 - 2008-04-14 14:00 - 00059904 _____ () E:\WINDOWS\system32\devenum.dll
2008-04-14 14:00 - 2008-04-14 14:00 - 00014336 _____ () E:\WINDOWS\system32\msdmo.dll
2014-12-31 07:07 - 2014-12-06 03:50 - 09009480 _____ () E:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-31 07:07 - 2014-12-06 03:50 - 01677128 _____ () E:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-31 07:07 - 2014-12-06 03:50 - 14913352 _____ () E:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-31 07:45 - 2014-02-10 12:44 - 04592128 _____ () E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-31 07:45 - 2014-02-10 12:44 - 00112128 _____ () E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-117609710-776561741-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-117609710-776561741-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-117609710-776561741-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-117609710-776561741-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-776561741-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-117609710-776561741-1417001333-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 02:29:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application xara_web_designer_10_premium_32bit_en-gb_setup.exe, version 3.5.5262.0, faulting module xara_web_designer_10_premium_32bit_en-gb_setup.exe, version 3.5.5262.0, fault address 0x00146580.
Processing media-specific event for [xara_web_designer_10_premium_32bit_en-gb_setup.exe!ws!]
 
Error: (01/05/2015 02:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application xara_web_designer_9_premium_32bit_en-gb_setup.exe, version 3.4.4879.0, faulting module xara_web_designer_9_premium_32bit_en-gb_setup.exe, version 3.4.4879.0, fault address 0x000dde3d.
Processing media-specific event for [xara_web_designer_9_premium_32bit_en-gb_setup.exe!ws!]
 
Error: (12/29/2014 07:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application okayfreedomclient.exe, version 1.4.1.11192, faulting module okayfreedomclient.exe, version 1.4.1.11192, fault address 0x00031970.
Processing media-specific event for [okayfreedomclient.exe!ws!]
 
Error: (12/29/2014 07:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module netman.dll, version 5.1.2600.5512, fault address 0x0000c6bd.
Processing media-specific event for [svchost.exe!ws!]
 
Error: (12/29/2014 07:13:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: UNKNOWN-8383362)
Description: Product: ESET NOD32 Antivirus -- Грешка 1706. Инсталационен пакет за продукт ESET NOD32 Antivirus не може да се намери. Опитайте отново да инсталирате, като използвате валидно копие на инсталационен пакет 'NUP48B7.msi'.
 
Error: (12/29/2014 07:08:15 PM) (Source: MsiInstaller) (EventID: 11706) (User: UNKNOWN-8383362)
Description: Product: ESET NOD32 Antivirus -- Грешка 1706. Инсталационен пакет за продукт ESET NOD32 Antivirus не може да се намери. Опитайте отново да инсталирате, като използвате валидно копие на инсталационен пакет 'NUP48B7.msi'.
 
Error: (12/29/2014 02:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application okayfreedomclient.exe, version 1.4.0.11115, faulting module okayfreedomclient.exe, version 1.4.0.11115, fault address 0x00225651.
Processing media-specific event for [okayfreedomclient.exe!ws!]
 
Error: (12/01/2014 03:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application skype.exe, version 6.22.81.105, faulting module skype.exe, version 6.22.81.105, fault address 0x0019a76a.
Processing media-specific event for [skype.exe!ws!]
 
Error: (11/30/2014 01:54:54 AM) (Source: MsiInstaller) (EventID: 11260) (User: UNKNOWN-8383362)
Description: Продукт: Skype™ 6.21 -- Грешка 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
Error: (11/29/2014 00:20:54 PM) (Source: MsiInstaller) (EventID: 11260) (User: UNKNOWN-8383362)
Description: Продукт: Skype™ 6.21 -- Грешка 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
 
System errors:
=============
Error: (01/07/2015 11:01:41 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.103 on the
Network Card with network address 90E6BAE23CE5.
 
Error: (01/07/2015 00:38:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
 
Error: (01/07/2015 00:38:04 AM) (Source: DCOM) (EventID: 10010) (User: UNKNOWN-8383362)
Description: The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.
 
Error: (01/07/2015 00:37:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
 
Error: (01/07/2015 00:37:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
 
Error: (01/07/2015 00:36:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
 
Error: (01/07/2015 00:36:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
 
Error: (01/07/2015 00:35:36 AM) (Source: DCOM) (EventID: 10010) (User: UNKNOWN-8383362)
Description: The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.
 
Error: (01/07/2015 00:35:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
 
Error: (01/07/2015 00:35:18 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 c08b7cd4, parameter2 00000002, parameter3 00000000, parameter4 80523caf.
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 02:29:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: xara_web_designer_10_premium_32bit_en-gb_setup.exe3.5.5262.0xara_web_designer_10_premium_32bit_en-gb_setup.exe3.5.5262.000146580
 
Error: (01/05/2015 02:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: xara_web_designer_9_premium_32bit_en-gb_setup.exe3.4.4879.0xara_web_designer_9_premium_32bit_en-gb_setup.exe3.4.4879.0000dde3d
 
Error: (12/29/2014 07:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: okayfreedomclient.exe1.4.1.11192okayfreedomclient.exe1.4.1.1119200031970
 
Error: (12/29/2014 07:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512netman.dll5.1.2600.55120000c6bd
 
Error: (12/29/2014 07:13:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: UNKNOWN-8383362)
Description: Product: ESET NOD32 Antivirus -- Грешка 1706. Инсталационен пакет за продукт ESET NOD32 Antivirus не може да се намери. Опитайте отново да инсталирате, като използвате валидно копие на инсталационен пакет 'NUP48B7.msi'.(NULL)(NULL)(NULL)(NULL)
 
Error: (12/29/2014 07:08:15 PM) (Source: MsiInstaller) (EventID: 11706) (User: UNKNOWN-8383362)
Description: Product: ESET NOD32 Antivirus -- Грешка 1706. Инсталационен пакет за продукт ESET NOD32 Antivirus не може да се намери. Опитайте отново да инсталирате, като използвате валидно копие на инсталационен пакет 'NUP48B7.msi'.(NULL)(NULL)(NULL)(NULL)
 
Error: (12/29/2014 02:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: okayfreedomclient.exe1.4.0.11115okayfreedomclient.exe1.4.0.1111500225651
 
Error: (12/01/2014 03:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: skype.exe6.22.81.105skype.exe6.22.81.1050019a76a
 
Error: (11/30/2014 01:54:54 AM) (Source: MsiInstaller) (EventID: 11260) (User: UNKNOWN-8383362)
Description: Продукт: Skype™ 6.21 -- Грешка 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
Error: (11/29/2014 00:20:54 PM) (Source: MsiInstaller) (EventID: 11260) (User: UNKNOWN-8383362)
Description: Продукт: Skype™ 6.21 -- Грешка 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3300 @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 3062.11 MB
Available physical RAM: 1719.37 MB
Total Pagefile: 4948.18 MB
Available Pagefile: 3539.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.1 GB) (Free:25.58 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:48.83 GB) (Free:28.93 GB) NTFS
Drive e: () (Fixed) (Total:15.27 GB) (Free:1.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 153.4 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=83)
Partition 2: (Not Active) - (Size=53.2 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=55.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 07 January 2015 - 04:59 PM

Hey Chavdar,

First,
IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Next,
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-117609710-776561741-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:2944;https=127.0.0.1:2944;
    CHR StartupUrls: Default -> "hxxp://crunchbang.org/start/", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=n12521-372&t=4", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=a12720-372&t=4", "hxxp://gangosan.dc7.us/bg/"
    2015-01-03 23:11 - 2015-01-03 23:11 - 02406926 _____ () E:\Documents and Settings\Admin\Desktop\MyBackup Pro v4.0.9 apkmania.com.rar
    AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • It is very important that you save this textfile on your Desktop!
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\
Next,
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Next,
    Please download Malwarebytes' Anti-Malware from Here or Here
    • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
    • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
      MBAM1_zps65d773c0.png
    • If an update is found, it will download and install the latest updates automatically:
      MBAM2_zps52e3211b.png
    • Now select the Settings tab, and check the box next to Scan for rootkits:
      MBAM3_zps83324155.png
    • Go back to the Dashboard tab, and click the Scan Now button:
      MBAM4_zpse3cd4a79.png
    • The scan may take some time to finish,so please be patient.
      MBAM5_zps36d7537b.png
    • When the scan is complete, it will show you the results. (This one is clean):
      MBAM65_zpsb0aa143c.png
    • Make sure that everything is checked, and click Quarantine All (or similar).
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
      MBAM7_zps782405f0.png
    • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
      MBAM9_zps1f87702b.png
    • Choose the latest Scan Log, and click on the View button:
      MBAM10_zps5a48f689.png
    • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
      MBAM8_zpsad402941.png
    • Copy & Paste the entire contents of the report log in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

    Next,
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 05:20 PM

Okay ty

This is first log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Admin at 2015-01-08 00:14:43 Run:1
Running from E:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-776561741-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2944;https=127.0.0.1:2944;
CHR StartupUrls: Default -> "hxxp://crunchbang.org/start/", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=n12521-372&t=4", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=a12720-372&t=4", "hxxp://gangosan.dc7.us/bg/"
2015-01-03 23:11 - 2015-01-03 23:11 - 02406926 _____ () E:\Documents and Settings\Admin\Desktop\MyBackup Pro v4.0.9 apkmania.com.rar
AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
EmptyTemp:
*****************
 
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-117609710-776561741-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Chrome StartupUrls deleted successfully.
E:\Documents and Settings\Admin\Desktop\MyBackup Pro v4.0.9 apkmania.com.rar => Moved successfully.
E:\Documents and Settings\All Users\Application Data\TEMP => ":1CE11B51" ADS removed successfully.
EmptyTemp: => Removed 642 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 00:15:00 ====


#6 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 05:28 PM

This is adwCleaner log:

 

 

# AdwCleaner v4.107 - Report created 08/01/2015 at 00:23:26
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - UNKNOWN-8383362
# Running from : E:\Documents and Settings\Admin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : E:\Documents and Settings\Admin\Application Data\NCH Software
Folder Found : E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Found : E:\Documents and Settings\All Users\Application Data\apn
Folder Found : E:\Documents and Settings\All Users\Application Data\apn
Folder Found : E:\Documents and Settings\All Users\Application Data\drivergenius
Folder Found : E:\Documents and Settings\All Users\Application Data\drivergenius
Folder Found : E:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found : E:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found : E:\Documents and Settings\All Users\Start Menu\Programs\driver genius
Folder Found : E:\Documents and Settings\All Users\Start Menu\Programs\driver genius
Folder Found : E:\Program Files\driver-soft
Folder Found : E:\Program Files\NCH Software
Folder Found : E:\Program Files\ShowMyPCService
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
Key Found : HKLM\SOFTWARE\Myfree Codec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3155 octets] - [08/01/2015 00:23:26]
 
########## EOF - E:\AdwCleaner\AdwCleaner[R0].txt - [3215 octets] ##########


#7 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 05:34 PM

AdwCleaner after restart log :

 

 

 

# AdwCleaner v4.107 - Report created 08/01/2015 at 00:30:27
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - UNKNOWN-8383362
# Running from : E:\Documents and Settings\Admin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : E:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : E:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : E:\Documents and Settings\All Users\Application Data\drivergenius
Folder Deleted : E:\Documents and Settings\All Users\Start Menu\Programs\driver genius
Folder Deleted : E:\Program Files\driver-soft
Folder Deleted : E:\Program Files\NCH Software
Folder Deleted : E:\Program Files\ShowMyPCService
Folder Deleted : E:\Documents and Settings\Admin\Application Data\NCH Software
[!] Folder Deleted : E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3295 octets] - [08/01/2015 00:23:26]
AdwCleaner[S0].txt - [2955 octets] - [08/01/2015 00:30:27]
 
########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [3015 octets] ##########


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 07 January 2015 - 05:41 PM

OK, I'm waiting for the other logs. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 05:46 PM

I hawe installed malwarebytes free update and scan okay?

This is JRT log:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 08.01.2015 Ј. at  0:37:43,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "E:\Documents and Settings\Admin\Application Data\thinstall"
Successfully deleted: [Folder] "E:\Documents and Settings\Admin\Local Settings\Application Data\thinstall"
Successfully deleted: [Folder] "E:\Program Files\myfree codec"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.01.2015 Ј. at  0:40:28,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 07 January 2015 - 05:48 PM

I hawe installed malwarebytes free update and scan okay?

Yes.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 06:14 PM

I hawe two google chrome browser on my system portable and installed version. No cennection available to google chrome . Mozilla connected

Mbam log:

 


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08.1.2015 г.
Scan Time: 00:50:45
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341943
Time Elapsed: 13 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 07 January 2015 - 06:15 PM

Now to the last step. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 07 January 2015 - 06:20 PM

Okay complete

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Admin (administrator) on UNKNOWN-8383362 on 08-01-2015 01:19:01
Running from E:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
() E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe
() E:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
(Windows ® Codename Longhorn DDK provider) E:\Program Files\UPHClean\uphclean.exe
(Intel Corporation) E:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
(Samsung Electronics Co., Ltd.) E:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
(ESET) E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung) E:\Program Files\SAMSUNG\Kies\Kies.exe
(mIRC Co. Ltd.) D:\Programi\4avdoScript\mirc.exe
(Tonec Inc.) E:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) E:\Program Files\Internet Download Manager\IEMonitor.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) E:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) E:\WINDOWS\system32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18671104 2009-07-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => E:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => E:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [egui] => E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoCommonGroups] 0
HKLM\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Run: [IDMan] => E:\Program Files\Internet Download Manager\IDMan.exe [3886672 2014-12-17] (Tonec Inc.)
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Run: [KiesPreload] => E:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoThemesTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: E:\Documents and Settings\Admin\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs ()
ShellIconOverlayIdentifiers: [0_FlingIconOverlay] -> {02696AD5-FF96-454B-9E00-81DA8B79B678} => E:\Program Files\NCH Software\Fling\fldll.dll No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-117609710-776561741-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-117609710-776561741-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.bg/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: E:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1ln2ume0.default
FF Homepage: https://www.google.bg
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter -> E:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - E:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1ln2ume0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-18]
FF HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5 [2014-12-17]
FF HKU\S-1-5-21-117609710-776561741-1417001333-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - E:\Documents and Settings\Admin\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://crunchbang.org/start/", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=n12521-372&t=4", "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1868&v=a12720-372&t=4", "hxxp://gangosan.dc7.us/bg/"
CHR Profile: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Документи) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Диск) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Adblock Plus) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-31]
CHR Extension: (Google Търсене) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (SSLTrust SSL Certificate Store) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fappknnhhggcjmeljjbjmibmhoninmem [2014-12-31]
CHR Extension: (Lunapic Photo Editor) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2014-12-31]
CHR Extension: (Online PDF Tools) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2014-12-31]
CHR Extension: (IDM Integration Module) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-31]
CHR Extension: (IP адрес) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2014-12-31]
CHR Extension: (Video Download Helper) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-12-31]
CHR Extension: (Cloud9) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-12-31]
CHR Extension: (Google Wallet) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (Weather Underground) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-31]
CHR Extension: (Gmail) - E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-12-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CGVPNCliService; E:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ekrn; E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-27] (Oracle Corporation)
R2 LocalphoneWinService; E:\Program Files\Localphone Ltd\Localphone\Localphone_mod.exe [1046016 2013-08-22] () [File not signed]
R2 ScsiAccess; E:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2014-12-09] ()
S4 SEVPNCLIENT; E:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 UPHClean; E:\Program Files\UPHClean\uphclean.exe [399872 2010-09-14] (Windows ® Codename Longhorn DDK provider) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)
R3 eamonm; E:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; E:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R1 epfwtdir; E:\WINDOWS\System32\DRIVERS\epfwtdir.sys [119792 2014-10-10] (ESET)
R1 GUBootStartup; E:\WINDOWS\System32\drivers\GUBootStartup.sys [17344 2014-09-20] (Glarysoft Ltd)
R1 IDMTDI; E:\WINDOWS\System32\DRIVERS\idmtdi.sys [123360 2014-11-29] (Tonec Inc.)
R3 MBAMSwissArmy; E:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-08] (Malwarebytes Corporation)
R3 mcdbus; E:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-05] (Creative Technology Ltd.)
S4 Neo_VPN; E:\WINDOWS\System32\DRIVERS\Neo_0108.sys [25824 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ssudserd; E:\WINDOWS\System32\DRIVERS\ssudserd.sys [181432 2011-10-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0801; E:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; E:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-09-13] (The OpenVPN Project)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 btwmodem; system32\DRIVERS\btwmodem.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 01:19 - 2015-01-08 01:19 - 00016896 _____ () E:\Documents and Settings\Admin\Desktop\FRST.txt
2015-01-08 00:37 - 2015-01-08 00:37 - 00000000 ____D () E:\WINDOWS\ERUNT
2015-01-08 00:23 - 2015-01-08 00:30 - 00000000 ____D () E:\AdwCleaner
2015-01-07 13:26 - 2015-01-07 13:26 - 01115648 _____ (Farbar) E:\Documents and Settings\Admin\Desktop\FRST.exe
2015-01-06 13:44 - 2015-01-06 13:44 - 00000045 _____ () E:\Documents and Settings\Admin\Desktop\CV.txt
2015-01-06 02:46 - 2015-01-07 12:29 - 00020099 _____ () E:\WINDOWS\setupapi.log
2015-01-05 20:40 - 2015-01-06 02:20 - 00000000 ____D () E:\Program Files\Magical Jelly Bean
2015-01-05 12:29 - 2015-01-08 01:19 - 00000000 ____D () E:\FRST
2015-01-05 03:36 - 2012-07-25 21:09 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\openpublish-7.x-1.0-beta2
2015-01-05 02:46 - 2015-01-05 02:46 - 02379400 _____ () E:\Documents and Settings\Admin\Desktop\xara.zip
2015-01-05 02:34 - 2015-01-05 02:34 - 00000916 _____ () E:\Documents and Settings\All Users\Desktop\Xara Web Designer 10 Premium.lnk
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ___RD () E:\Documents and Settings\Admin\My Documents\Xara
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ____D () E:\Program Files\Common Files\Xara Services
2015-01-05 02:33 - 2015-01-05 02:33 - 00000000 ____D () E:\Program Files\Common Files\MAGIX Services
2015-01-05 00:44 - 2015-01-05 00:47 - 00000000 ____D () E:\Program Files\smartmontools
2015-01-05 00:16 - 2015-01-05 00:27 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\ezpublish5_community_project-2014.11.1-gpl-full
2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () E:\Program Files\Microsoft Silverlight
2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-01-04 03:52 - 2015-01-04 03:52 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\CrystalIdea Software
2015-01-04 03:40 - 2015-01-04 03:40 - 00000000 _____ () E:\Documents and Settings\Admin\Application Data\ClassicFTP.dmp
2015-01-03 13:12 - 2015-01-05 00:51 - 00000000 ____D () E:\Program Files\CrashPlan
2015-01-03 13:12 - 2015-01-05 00:51 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\CrashPlan
2015-01-03 13:12 - 2015-01-03 13:12 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\CrashPlan
2015-01-03 12:33 - 2015-01-03 12:33 - 00081920 _____ () E:\WINDOWS\Minidump\Mini010315-01.dmp
2015-01-03 03:23 - 2015-01-03 03:29 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\.minecraft
2015-01-03 03:23 - 2015-01-03 03:23 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\java
2014-12-31 15:01 - 2014-12-31 15:01 - 00000822 _____ () E:\Documents and Settings\Admin\Desktop\Auslogics BoostSpeed.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00001811 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-12-31 07:07 - 2015-01-08 01:12 - 00000984 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 07:07 - 2015-01-08 00:32 - 00000980 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 03:43 - 2014-12-30 03:43 - 00000000 ____D () E:\Program Files\Temp File Cleaner
2014-12-29 19:28 - 2014-12-29 19:31 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2014-12-29 02:42 - 2014-12-29 02:42 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos Updates
2014-12-29 02:39 - 2014-12-31 07:05 - 00000000 ____D () E:\Program Files\OkayFreedom
2014-12-29 02:39 - 2014-12-31 07:04 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos
2014-12-29 02:39 - 2014-12-29 19:53 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Steganos VPN
2014-12-29 02:39 - 2014-12-29 02:39 - 00000000 ____D () E:\Program Files\Common Files\Steganos
2014-12-19 22:50 - 2014-12-30 03:50 - 00000000 ____D () E:\Program Files\Steam
2014-12-19 22:50 - 2014-12-19 22:50 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Steam
2014-12-16 14:07 - 2014-12-30 03:45 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3013126$
2014-12-15 23:23 - 2014-12-15 23:25 - 00000000 ____D () E:\Program Files\OpenVPN
2014-12-15 21:56 - 2014-12-15 21:56 - 00000000 ____D () E:\Program Files\Common Files\Anvisoft
2014-12-15 21:56 - 2014-12-15 21:56 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Anvisoft
2014-12-13 22:15 - 2014-12-13 22:15 - 00000780 _____ () E:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
2014-12-13 22:15 - 2014-12-13 22:15 - 00000000 ____D () E:\Program Files\FastStone Image Viewer
2014-12-13 22:15 - 2014-12-13 22:15 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer
2014-12-11 15:20 - 2014-12-30 03:50 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-12-10 01:22 - 2014-12-10 01:22 - 00446622 _____ () E:\Documents and Settings\Admin\Desktop\x5.zip
2014-12-10 01:04 - 2014-12-10 01:09 - 00000000 ____D () E:\Documents and Settings\Admin\Desktop\x5
2014-12-09 22:10 - 2014-12-09 22:10 - 00001738 _____ () E:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
2014-12-09 22:10 - 2014-12-09 22:10 - 00000000 ____D () E:\Program Files\Photodex Presenter
2014-12-09 22:10 - 2014-12-09 22:10 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Netscape
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 ____D () E:\Program Files\Photodex
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Photodex
2014-12-09 22:08 - 2014-12-09 22:09 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Photodex
2014-12-09 22:02 - 2014-12-09 22:02 - 00000000 ____D () E:\Documents and Settings\Admin\My Documents\Incomedia
2014-12-09 21:57 - 2014-12-09 21:57 - 00000778 _____ () E:\Documents and Settings\All Users\Desktop\WebSite X5 Home 11.lnk
2014-12-09 21:57 - 2014-12-09 21:57 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\WebSite X5 v11 - Home
2014-12-09 21:57 - 2014-12-09 21:57 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Incomedia
2014-12-09 21:56 - 2014-12-09 22:02 - 00000000 ____D () E:\Program Files\WebSite X5 v11 - Home

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 01:19 - 2014-09-18 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Temp
2015-01-08 01:19 - 2014-08-04 23:40 - 00000422 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{28E14D98-3938-4F39-A46A-0C98F66DE9A8}.job
2015-01-08 01:04 - 2014-08-05 04:32 - 00032600 _____ () E:\WINDOWS\SchedLgU.Txt
2015-01-08 00:56 - 2014-08-06 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\DMCache
2015-01-08 00:49 - 2014-09-30 14:50 - 00114904 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 00:44 - 2014-08-05 01:23 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Skype
2015-01-08 00:43 - 2014-11-30 01:59 - 00002265 _____ () E:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-01-08 00:41 - 2014-08-05 04:29 - 01296550 _____ () E:\WINDOWS\WindowsUpdate.log
2015-01-08 00:33 - 2014-09-20 13:05 - 00000320 _____ () E:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-01-08 00:32 - 2014-09-06 12:38 - 00005019 _____ () E:\WINDOWS\system32\localphone.log
2015-01-08 00:32 - 2014-08-05 04:32 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2015-01-08 00:30 - 2014-09-06 12:38 - 00065536 _____ () E:\WINDOWS\system32\config\Localpho.evt
2015-01-08 00:30 - 2014-08-05 04:33 - 00000178 ___SH () E:\Documents and Settings\Admin\ntuser.ini
2015-01-07 23:00 - 2014-08-07 09:48 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\vlc
2015-01-07 20:03 - 2014-08-06 13:51 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\uTorrent
2015-01-07 01:24 - 2014-08-08 00:37 - 00000000 ____D () E:\Program Files\PokerStars.BG
2015-01-07 00:38 - 2014-08-04 23:17 - 00189000 _____ () E:\WINDOWS\system32\FNTCACHE.DAT
2015-01-07 00:38 - 2008-04-14 14:00 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
2015-01-06 02:20 - 2014-08-10 13:54 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\TEMP
2015-01-05 13:58 - 2014-08-11 09:56 - 00045752 _____ () E:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-05 02:34 - 2014-08-09 18:37 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Xara
2015-01-05 02:33 - 2014-08-09 18:37 - 00000000 ____D () E:\Program Files\Xara
2015-01-05 02:28 - 2014-09-02 11:27 - 00000000 ____D () E:\Program Files\WinTools Software
2015-01-05 02:17 - 2014-08-08 18:41 - 00041600 ____H () E:\WINDOWS\system32\mlfcache.dat
2015-01-05 02:01 - 2014-08-09 18:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\MAGIX
2015-01-05 02:01 - 2014-08-09 18:38 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\MAGIX
2015-01-05 02:01 - 2014-08-09 18:37 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Xara
2015-01-04 15:53 - 2014-08-16 22:18 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\TeamViewer
2015-01-04 02:57 - 2014-08-17 22:47 - 00000600 _____ () E:\Documents and Settings\Admin\Application Data\winscp.rnd
2015-01-04 02:56 - 2014-08-17 22:45 - 04635145 _____ () E:\Documents and Settings\Admin\Desktop\winscp554.zip
2015-01-03 18:55 - 2014-08-06 11:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\IDM
2015-01-03 12:33 - 2014-09-30 14:16 - 00000000 ____D () E:\WINDOWS\Minidump
2014-12-31 16:36 - 2014-09-11 01:16 - 01190243 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-776561741-1417001333-1003-0.dat
2014-12-31 16:36 - 2014-09-06 02:10 - 00147582 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-31 15:12 - 2014-09-03 19:47 - 00000000 ____D () E:\Documents and Settings\Admin\Start Menu\Programs\Utilities
2014-12-31 15:12 - 2014-08-24 20:24 - 00000000 ____D () E:\Documents and Settings\Admin\Start Menu\Programs\BlueVoda Website Builder
2014-12-31 15:03 - 2014-09-29 16:26 - 00000000 ____D () E:\WINDOWS\system32\LogFiles
2014-12-31 15:01 - 2014-09-02 11:52 - 00000000 ____D () E:\Program Files\Auslogics
2014-12-31 15:01 - 2014-09-02 11:52 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2014-12-31 07:08 - 2014-08-05 00:32 - 00000000 ____D () E:\Documents and Settings\Admin\Local Settings\Application Data\Google
2014-12-31 07:07 - 2014-08-04 23:34 - 00000000 ____D () E:\Program Files\Google
2014-12-30 18:12 - 2014-08-06 14:31 - 00000000 ____D () E:\Program Files\Counter-Strike 1.6
2014-12-30 03:52 - 2014-09-20 13:04 - 00000000 ____D () E:\Program Files\Glary Utilities 5
2014-12-30 03:50 - 2014-08-06 11:19 - 00000000 ____D () E:\Program Files\Internet Download Manager
2014-12-30 03:50 - 2014-08-04 23:12 - 00000000 ____D () E:\WINDOWS\Help
2014-12-30 03:44 - 2014-08-05 04:33 - 00000000 ____D () E:\Documents and Settings\Admin
2014-12-30 03:43 - 2014-09-05 19:38 - 00000716 _____ () E:\Documents and Settings\Admin\Start Menu\Programs\Temp File Cleaner.lnk
2014-12-30 03:43 - 2014-09-05 19:38 - 00000710 _____ () E:\Documents and Settings\Admin\Desktop\Temp File Cleaner.lnk
2014-12-30 02:50 - 2014-09-05 19:36 - 00000682 _____ () E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-12-30 02:50 - 2014-09-05 19:36 - 00000000 ____D () E:\Program Files\CCleaner
2014-12-29 19:31 - 2014-07-09 15:45 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-29 19:31 - 2014-07-09 15:45 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-17 16:11 - 2014-08-06 11:19 - 00000696 _____ () E:\Documents and Settings\Admin\Desktop\Internet Download Manager.lnk
2014-12-16 14:39 - 2014-09-05 19:35 - 00000000 ____D () E:\WINDOWS\Microsoft.NET
2014-12-16 14:08 - 2014-08-25 09:55 - 00000000 ____D () E:\WINDOWS\system32\MRT
2014-12-16 14:07 - 2014-07-09 01:28 - 109818608 _____ (Microsoft Corporation) E:\WINDOWS\system32\mrt.exe
2014-12-16 14:06 - 2014-08-04 23:21 - 00568940 _____ () E:\WINDOWS\system32\PerfStringBackup.INI
2014-12-14 10:49 - 2014-08-06 13:54 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\FastStone
2014-12-13 07:21 - 2014-09-21 20:51 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2014-12-12 23:23 - 2014-11-27 21:36 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2992611$
2014-12-12 23:23 - 2014-11-27 21:35 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3006226$
2014-12-12 23:23 - 2014-11-27 21:34 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2998579$
2014-12-12 23:23 - 2014-11-27 21:30 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2993254$
2014-12-12 23:23 - 2014-11-27 21:30 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2991963$
2014-12-12 23:23 - 2014-11-27 21:29 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3002885$
2014-12-12 23:23 - 2014-11-27 21:28 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2989935$
2014-12-12 23:23 - 2014-11-27 21:26 - 00000000 ___HD () E:\WINDOWS\$hf_mig$
2014-12-12 23:23 - 2014-11-27 21:25 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB3011780$
2014-12-12 23:23 - 2014-11-27 21:25 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB2993958$
2014-12-10 17:45 - 2014-09-30 14:50 - 00000777 _____ () E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 17:45 - 2014-09-30 14:50 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-12-10 17:45 - 2014-09-30 14:50 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 22:10 - 2014-08-07 09:19 - 00000000 ____D () E:\Documents and Settings\Admin\Application Data\Mozilla

Some content of TEMP:
====================
E:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe
E:\Documents and Settings\Admin\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:39 AM

Posted 08 January 2015 - 10:48 AM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 gangosan

gangosan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:39 PM

Posted 08 January 2015 - 12:13 PM

Hello Machiavelli    

ESET log:

 

 

D:\Programi\Ashampoo Burning Studio 10\ashampoo_burning_studio_11_e11.0.3_sm.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
D:\Programi\Ashampoo UnInstaller 4\ashampoo_uninstaller_4_4.15_sm.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
D:\Programi\Your Uninstaller! Pro v7.5.2013.02 with Key [TorDigger]\yusetup7.exe    Win32/Toolbar.Babylon potentially unwanted application    deleted - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users