Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello. Please help me remove *mgr.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 IkaMazini

IkaMazini

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 31 October 2015 - 09:05 AM

Hello. Please help me remove *mgr.exe



BC AdBot (Login to Remove)

 


#2 IkaMazini

IkaMazini
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 01 November 2015 - 05:01 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.65.2
Run by Administrator at 13:18:57 on 2015-11-01
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1033.18.3199.2732 [GMT 4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Program Files\Geocell Connect\AssistantServices.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\SysSafe\SysSafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Firemin\Firemin.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.ru/cnt/10445?gp=blackbear16
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyServer = 54.207.114.172:3333
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mWinlogon: Userinit = c:\windows\system32\userinit.exe,,c:\program files\xebkaysd\gkswkcyt.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_65\bin\ssv.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - c:\program files\download master\dmiehlp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_65\bin\jp2ssv.dll
TB: DM Bar: {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - c:\program files\download master\dmbar.dll
TB: DM Bar: {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - c:\program files\download master\dmbar.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [SystemSafe] c:\syssafe\SysSafe.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\firemin.lnk - c:\firemin\Firemin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Закачать ВСЕ при помощи Download Master - c:\program files\download master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\download master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files\download master\remdown.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\download master\dmaster.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343464635875
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://gsmserver.com/smartclip/SmartClip.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 188.138.127.195 web-technology.eu
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\16uh8n8l.default\
FF - prefs.js: network.proxy.ftp - 54.207.114.172
FF - prefs.js: network.proxy.ftp_port - 3333
FF - prefs.js: network.proxy.gopher - 54.207.114.172
FF - prefs.js: network.proxy.gopher_port - 3333
FF - prefs.js: network.proxy.http - 54.207.114.172
FF - prefs.js: network.proxy.http_port - 3333
FF - prefs.js: network.proxy.socks - 54.207.114.172
FF - prefs.js: network.proxy.socks_port - 3333
FF - prefs.js: network.proxy.ssl - 54.207.114.172
FF - prefs.js: network.proxy.ssl_port - 3333
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_226.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R0 UdDrv;Executive Software Filter;c:\windows\system32\drivers\UdDrv.sys [2005-6-29 55552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2013-5-24 142648]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
R2 UI Assistant Service;UI Assistant Service;c:\program files\geocell connect\AssistantServices.exe [2015-10-22 454106]
R2 UndeleteService;Executive Software Undelete;c:\program files\executive software\undelete\UdServe.exe [2005-6-28 483425]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-5-19 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-5-19 13440]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2015-7-20 76544]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2012-4-19 12800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 acatusb;Mobile Ref Design Board Serice;c:\windows\system32\drivers\acatusb.sys [2009-10-14 43140]
S3 ALCATELUSB;Alcatel HSPA Modem Service;c:\windows\system32\drivers\AlcatelUsb.sys [2015-8-28 18816]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2015-8-26 25856]
S3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\drivers\lgandnetbus.sys [2015-10-26 24576]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2015-10-26 25088]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\drivers\lgandnetdiag2.sys --> c:\windows\system32\drivers\lgandnetdiag2.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2015-10-26 30208]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys --> c:\windows\system32\drivers\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2015-9-6 24576]
S3 awUSB;awUSB;c:\windows\system32\drivers\USBDrv.sys [2014-10-16 13824]
S3 BRCM;Broadcom USB to Serial Service;c:\windows\system32\drivers\bcmvcp.sys [2013-11-12 79616]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2015-9-8 6272]
S3 csstusb;TI CSST USB Driver;c:\windows\system32\drivers\csstusb.sys [2006-1-30 51712]
S3 DFU;DFU - Kernel Driver (WDM);c:\windows\system32\drivers\52xdfu.sys [2013-8-20 12416]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-6-5 83864]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-8-6 20032]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2015-6-24 38608]
S3 dmtoolusb;LOCOSTO Flash Interface;c:\windows\system32\drivers\dmtoolusb.sys [2007-6-25 18304]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [2006-5-19 18880]
S3 eGateUSB;eGateUSB;c:\windows\system32\drivers\eGateUSB.sys [2015-9-7 73728]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2014-11-5 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2014-11-5 9160]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2015-7-20 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2015-7-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2014-4-30 112640]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2014-6-5 16896]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2012-4-19 34639]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-3-31 13224]
S3 gnusbnet;Gionee USB-NDIS miniport;c:\windows\system32\drivers\gnusbnet.sys --> c:\windows\system32\drivers\gnusbnet.sys [?]
S3 gnusbser;Gionee USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gnusbser.sys [2015-9-12 107904]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2015-9-6 24576]
S3 htcdiag;HTC Android Diag Port;c:\windows\system32\drivers\htcdiag.sys [2009-10-14 101376]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 21248]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2015-7-20 96000]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2015-7-20 70272]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2015-7-20 27520]
S3 HWHandSet;HWUSBSERSP;c:\windows\system32\drivers\hw_quusbmdm.sys [2014-3-26 195200]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys --> c:\windows\system32\drivers\hwusbser.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2015-7-20 102656]
S3 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\samsung\samsung networking wizard\ICM_Service.exe [2011-3-18 204883]
S3 libusb0;libusb-win32 - Kernel Driver 01/18/2012 1.2.6.0;c:\windows\system32\drivers\libusb0.sys [2013-1-29 42592]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2015-10-22 9216]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2015-7-28 17672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-8-30 23256]
S3 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-8-30 1311714]
S3 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\all users\application data\mobilebrserv\mbbService.exe [2014-9-12 417760]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2013-8-16 103552]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2015-9-8 26240]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2015-9-8 21376]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2015-9-8 42752]
S3 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2014-4-8 316892]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2015-9-8 23936]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2015-9-8 24960]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 mssbox_usb;mssbox_usb;c:\windows\system32\drivers\mssbox_usb.sys [2012-4-19 34952]
S3 mstrgen;MCCI® Firmware Update Driver for MTK;c:\windows\system32\drivers\mstrgen.sys [2012-6-8 62080]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2015-9-1 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2015-9-1 8576]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2012-8-17 3567]
S3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;c:\windows\system32\drivers\PSMNBUS.sys [2015-7-22 84480]
S3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;c:\windows\system32\drivers\PSMNMDM.sys [2015-7-22 169088]
S3 PSMNMDMVSP;Pantech Android MDM Diagnostic Serial Port Ver1;c:\windows\system32\drivers\PSMNMDMVSP.sys [2015-7-22 169088]
S3 PSMNMSMVSP;Pantech Android MSM Diagnostic Serial Port Ver1;c:\windows\system32\drivers\PSMNMSMVSP.sys [2015-7-22 169088]
S3 PSMNOBEX;Pantech Android USB OBEX Device Ver1;c:\windows\system32\drivers\PSMNOBEX.sys [2015-7-22 169216]
S3 PSMNVSP;Pantech Android USB Serial Port Ver1;c:\windows\system32\drivers\PSMNVSP.sys [2015-7-22 169088]
S3 ptuc_bus;PANTECH Mobile USB Devices;c:\windows\system32\drivers\ptuc_bus.sys [2014-7-1 22272]
S3 ptuc_flt;PANTECH USB Filter Service;c:\windows\system32\drivers\ptuc_flt.sys [2014-7-1 3584]
S3 ptuc_mdm;PANTECH USB Packet Services;c:\windows\system32\drivers\ptuc_mdm.sys [2014-7-1 40448]
S3 ptuc_prt;PANTECH UMTS Diagnostic Serial Ports;c:\windows\system32\drivers\ptuc_prt.sys [2014-7-1 39296]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2014-11-5 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2014-11-5 10320]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2015-9-7 103424]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\drivers\qcusbmdm.sys [2012-5-10 59632]
S3 qcusbmdm6k;Qualcomm Proprietary USB Driver (PID 6000);c:\windows\system32\drivers\qcusbmdm6k.sys [2012-6-6 59632]
S3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\drivers\qcusbnet.sys [2015-9-12 419840]
S3 qcusbnmea;Qualcomm NMEA Port;c:\windows\system32\drivers\qcusbnmea.sys [2012-6-6 59632]
S3 qcusbser;Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2012-5-10 205312]
S3 qcusbser6k;Qualcomm Diagnostic Port 6000;c:\windows\system32\drivers\qcusbser6k.sys [2012-6-6 59632]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-4-18 27064]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [2014-4-2 46160]
S3 SamUsb;MTBox Device;c:\windows\system32\drivers\mtbox.sys [2005-9-7 31452]
S3 SciandroidU2S;Spreadtrum Anroid USB to Serial port driver for DL;c:\windows\system32\drivers\SciU2S.sys [2013-1-9 117248]
S3 SciCmpst;Spreadtrum Composite USB2Serial Driver;c:\windows\system32\drivers\SciCmpst.sys [2013-8-4 117248]
S3 SciModem;Spreadtrum USB Modem Driver;c:\windows\system32\drivers\SciModem.sys [2013-8-17 117248]
S3 SciU2S;Spreadtrum USB to Serial port driver for DL;c:\windows\system32\drivers\SciU2S.sys [2013-1-9 117248]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2014-5-29 215552]
S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys --> c:\windows\system32\drivers\siusbmod.sys [?]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2014-6-14 108032]
S3 sprd_acm_modem;sprd_acm_modem;c:\windows\system32\drivers\sprd_acm.sys [2013-8-4 67712]
S3 sprd_enum;sprd_enum;c:\windows\system32\drivers\sprd_enum.sys [2013-8-4 84224]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2014-2-4 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2014-2-4 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2014-2-4 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2014-2-4 100224]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2014-6-5 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2014-6-5 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2014-6-5 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2014-6-5 130248]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2014-6-5 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2014-6-5 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2014-6-5 153672]
S3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;c:\windows\system32\drivers\ssdudfu.sys [2014-2-4 80968]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-6-5 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2014-6-5 181912]
S3 ssudrmnet;SAMSUNG Mobile USB RMNET Drivers;c:\windows\system32\drivers\ssudrmnet.sys [2014-6-5 59160]
S3 ssudrmnetmp;SAMSUNG Mobile USB RMNET Network Adapter Drivers;c:\windows\system32\drivers\ssudrmnetmp.sys [2014-6-5 80664]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2014-6-5 181912]
S3 SU2SCpst;Spreadtrum USB to Serial port driver for AT&Diag;c:\windows\system32\drivers\SciU2S.sys [2013-1-9 117248]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 694752]
S3 SzCCID;USB SmartCard Reader Driver;c:\windows\system32\drivers\SzCCID.sys [2013-8-4 26112]
S3 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-7-29 5495056]
S3 token;USB Token Service;c:\windows\system32\drivers\eps2kt1.sys [2012-4-19 21888]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\ufs2xx.sys [2012-4-19 68832]
S3 Usbatos;LGE SP DL USB Serial Port;c:\windows\system32\drivers\lgusbatos.sys [2014-12-17 22144]
S3 usbUDisc;usbUDisc;c:\windows\system32\drivers\USBDrv.sys [2014-10-16 13824]
S3 USBZTECCID;ZTE USB Smartcard Driver;c:\windows\system32\drivers\zteusbccid.sys --> c:\windows\system32\drivers\ZTEusbccid.sys [?]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 9728]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S3 VSD2XX;VSD2XX.SYS USB - RS232 device driver;c:\windows\system32\drivers\VSD2XX.sys [2013-4-20 25596]
S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys --> c:\windows\system32\drivers\lgvzandnetadb.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys --> c:\windows\system32\drivers\lgvzandnetdiag.sys [?]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\drivers\lgvzandnetdiag2.sys --> c:\windows\system32\drivers\lgvzandnetdiag2.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys --> c:\windows\system32\drivers\lgvzandnetmdm.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys --> c:\windows\system32\drivers\lgvzandnetndis.sys [?]
S3 wdf_usb;wdf_usb;c:\windows\system32\drivers\usb2ser.sys [2013-8-4 58112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2014-1-21 25952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2013-11-30 113688]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2013-11-30 113688]
S3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\drivers\zghsnmea.sys [2013-11-30 113688]
S3 zghsser;ZTE General Handset Serial Port;c:\windows\system32\drivers\zghsser.sys [2015-7-28 117960]
S3 zte_massejct;ZTEMassEjctServ;c:\windows\system32\drivers\zte_massejct.sys --> c:\windows\system32\drivers\zte_massejct.sys [?]
S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\zteusbnmeaext2.sys --> c:\windows\system32\drivers\ZTEusbnmeaext2.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\zteusbnet.sys --> c:\windows\system32\drivers\ZTEusbnet.sys [?]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-8-30 2048984]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-11-01 09:14:10    188928    --s---w-    C:\gkswkcyt.exe
2015-11-01 06:38:19    --------    d-----w-    C:\LS990
2015-10-30 10:27:06    --------    d-----w-    c:\program files\xebkaysd
2015-10-30 10:26:58    --------    d-----w-    c:\program files\MONKEY VIRUS REMOVAL TOOL
2015-10-29 08:04:53    43008    ----a-w-    C:\1.bin
2015-10-29 00:43:55    11264    ----a-w-    c:\windows\MTKCRC.dll
2015-10-28 08:16:25    43520    ----a-w-    c:\windows\system32\SciDrvCoInst.dll
2015-10-26 14:12:33    --------    d-----w-    C:\LG_Root
2015-10-26 10:54:22    --------    d-----w-    C:\LG_VS980_Root
2015-10-26 08:41:07    30208    ----a-w-    c:\windows\system32\drivers\lgandnetmodem.sys
2015-10-26 08:41:07    25216    ----a-w-    c:\windows\system32\drivers\lgusbmodem.sys
2015-10-26 08:41:07    25088    ----a-w-    c:\windows\system32\drivers\lgandnetdiag.sys
2015-10-26 08:41:07    24576    ----a-w-    c:\windows\system32\drivers\lgandnetbus.sys
2015-10-26 08:41:07    22016    ----a-w-    c:\windows\system32\drivers\lgusbdiag.sys
2015-10-26 08:41:07    13056    ----a-w-    c:\windows\system32\drivers\lgusbbus.sys
2015-10-26 07:27:44    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\Telecom Logic
2015-10-26 07:22:44    --------    d-----w-    c:\program files\Telecom Logic
2015-10-22 12:55:48    9216    ----a-w-    c:\windows\system32\drivers\massfilter.sys
2015-10-22 12:55:48    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbser6k.sys
2015-10-22 12:55:48    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbnmea.sys
2015-10-22 12:55:48    107520    ----a-w-    c:\windows\system32\drivers\ZTEusbmdm6k.sys
2015-10-22 12:55:37    --------    d-----w-    c:\program files\Geocell Connect
2015-10-20 07:39:00    --------    d-----w-    C:\root_ZVA
2015-10-15 09:37:35    591322    ----a-r-    c:\documents and settings\administrator\application data\microsoft\installer\{e45d53e7-dada-46ef-b5c0-c41d3be06bfc}\BlackBerry.exe
2015-10-14 07:36:49    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\pangu
2015-10-12 11:15:18    18816    ----a-w-    c:\windows\system32\drivers\cdrombus.sys
2015-10-12 11:15:03    --------    d-----w-    c:\program files\Mobile Upgrade Q
2015-10-09 06:16:36    --------    d-----w-    C:\AHT2
2015-10-09 05:53:44    77472    ----a-r-    c:\windows\system32\drivers\U81xmgmt.sys
2015-10-09 05:53:27    75456    ----a-r-    c:\windows\system32\drivers\U81xobex.sys
2015-10-09 05:52:23    84480    ----a-r-    c:\windows\system32\drivers\U81xmdm.sys
2015-10-09 05:52:23    6144    ----a-r-    c:\windows\system32\drivers\U81xcmnt.sys
2015-10-09 05:52:23    6144    ----a-r-    c:\windows\system32\drivers\U81xcm.sys
2015-10-09 05:52:23    6064    ----a-r-    c:\windows\system32\drivers\U81xmdfl.sys
2015-10-09 05:52:14    5744    ----a-r-    c:\windows\system32\drivers\U81xwhnt.sys
2015-10-09 05:52:14    5744    ----a-r-    c:\windows\system32\drivers\U81xwh.sys
2015-10-09 05:52:14    52352    ----a-r-    c:\windows\system32\drivers\U81xbus.sys
2015-10-08 11:12:36    --------    d-----w-    c:\documents and settings\administrator\application data\VOWSoft
2015-10-08 11:12:31    --------    d-----w-    c:\program files\VOWSoft iPod Software
2015-10-08 11:02:29    --------    d-----w-    c:\program files\Elcomsoft
2015-10-08 11:02:28    --------    d-----w-    c:\program files\Elcomsoft Password Recovery
2015-10-08 11:02:28    --------    d-----w-    c:\documents and settings\all users\application data\Elcomsoft Password Recovery
2015-10-08 07:22:58    --------    d-----w-    C:\LS996 flax2 root and unlock
2015-10-06 10:22:59    --------    d-----w-    c:\documents and settings\all users\application data\{b2dae9f0-ed02-1263-b2da-ae9f0ed0a7c3}
2015-10-06 10:22:48    --------    d-----w-    c:\documents and settings\all users\application data\{d078dd62-132f-af59-d078-8dd621327588}
2015-10-04 11:24:48    --------    d-----w-    c:\documents and settings\all users\application data\RFA_Backups
2015-10-04 11:24:10    --------    d-----w-    c:\program files\RFA 10
2015-10-04 11:24:10    --------    d-----w-    c:\documents and settings\all users\application data\Registry First Aid
2015-10-04 06:25:48    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2015-10-04 06:25:46    770384    ----a-w-    c:\program files\mozilla firefox\msvcr100.dll
2015-10-04 06:25:46    421200    ----a-w-    c:\program files\mozilla firefox\msvcp100.dll
2015-10-04 06:25:46    3578992    ----a-w-    c:\program files\mozilla firefox\mozjs.dll
2015-10-04 06:25:46    3494512    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2015-10-04 06:25:46    17008    ----a-w-    c:\program files\mozilla firefox\mozalloc.dll
2015-10-03 12:16:32    --------    d-----w-    C:\865f1d2b3d8e6010f202250eafe52a
2015-10-02 12:16:09    --------    d-----w-    C:\973aea535a2ea903b13d4aaa8c1a8338
.
==================== Find3M  ====================
.
2015-10-25 06:24:36    97888    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-10-25 06:24:33    146432    ----a-w-    c:\windows\system32\javacpl.cpl
2015-10-22 12:57:17    13816    ----a-w-    c:\windows\system32\unikey.sys
2015-10-19 05:29:57    780488    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-10-19 05:29:57    142536    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-04 14:13:19    13115354    ----a-w-    C:\tanks.exe
2015-09-26 09:38:08    58880    ----a-w-    c:\windows\system32\hra33.dll
2015-09-26 09:22:51    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-08 09:28:22    33824    ----a-w-    c:\windows\system32\drivers\oreans32.sys
2015-09-07 07:31:16    25600    ----a-w-    c:\documents and settings\administrator\usbsermptxp.sys
2015-09-07 07:31:16    22768    ----a-w-    c:\documents and settings\administrator\usbsermpt.sys
2015-08-16 07:15:35    23312    ----a-w-    c:\windows\system32\_shfoldr.dll
2008-04-14 12:00:00    1384479    --sh--r-    c:\windows\system32\msvbvm60.dll
.
============= FINISH: 13:19:39.12 ===============
 



#3 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:39 PM

Posted 01 November 2015 - 11:10 PM


Hi IkaMazini,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....


Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Also, are you aware of the proxy being used in FireFox?

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#4 IkaMazini

IkaMazini
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 03:41 AM

I restore C:\ from old backup created with Acronis... But with many exe i have problems

Here screen:

KsqMgbu.jpg

 

Addition.txt included in attachment, i can`t post log from Addition.txt

 

Log FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by Administrator (administrator) on SKRASOFT (02-11-2015 12:30:26)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Executive Software International) C:\Program Files\Executive Software\Undelete\UdServe.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Max Computing) C:\SysSafe\SysSafe.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Firemin\Firemin.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2007-11-15] (Logitech, Inc.)
Winlogon\Notify\WgaLogon: C:\WINDOWS\system32\WgaLogon.dll [2010-02-22] ()
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Run: [SystemSafe] => C:\SysSafe\SysSafe.exe [262144 2002-03-01] (Max Computing)
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
HKU\S-1-5-18\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Firemin.lnk [2012-04-27]
ShortcutTarget: Firemin.lnk -> C:\Firemin\Firemin.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-04-18]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D816DBCF-61BE-4986-B39D-6970654F6E0C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-507921405-2146974159-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files\Download Master\dmiehlp.dll [2013-06-20] (WestByte)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
Toolbar: HKLM - DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} hxxp://gsmserver.com/smartclip/SmartClip.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2012-04-18] (Logitech Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-01]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com [2015-11-01]
FF Extension: Xmarks - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\foxmarks@kei.com [2015-11-02]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com [2015-11-01]
FF Extension: Simple Mail - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\simplemail@telega.phpnet.us [2015-11-01]
FF Extension: ColorZilla - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-11-01]
FF Extension: Page Speed - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2015-11-01] [not signed]
FF Extension: CSS Usage - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\csscoverage@spaghetticoder.org.xpi [2015-06-22]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\firebug@software.joehewitt.com.xpi [2015-10-04] [not signed]
FF Extension: MEGA - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\firefox@mega.co.nz.xpi [2015-11-01] [not signed]
FF Extension: FirePHP - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2015-06-22]
FF Extension: Firepicker - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\firepicker@thedarkone.xpi [2015-06-22]
FF Extension: FireRainbow - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\firerainbow@hildebrand.cz.xpi [2015-06-22]
FF Extension: FireSass for Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\firesass@sass-lang.com.xpi [2012-12-02] [not signed]
FF Extension: Fastest Notifier for Facebook™ - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\jid1-fqmYMwCpa2AZKx@jetpack.xpi [2015-06-22]
FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2015-06-22]
FF Extension: Proxy Tool - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\proxytool@proxylist.co.xpi [2015-06-22]
FF Extension: Rainbow - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\rainbow@colors.org.xpi [2015-06-22]
FF Extension: Restart Button - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\restartbutton@strk.jp.xpi [2015-06-22]
FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2015-10-04]
FF Extension: TinEye Reverse Image Search - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\tineye@ideeinc.com.xpi [2015-08-27]
FF Extension: YSlow - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\yslow@yahoo-inc.com.xpi [2015-06-22]
FF Extension: CSSsir - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{0103572f-d20f-4039-9eaa-ded7c4a97124}.xpi [2015-06-22]
FF Extension: Remove Cookies for Site - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2015-06-22]
FF Extension: Organize Status Bar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}.xpi [2015-09-07] [not signed]
FF Extension: Stylish - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-22]
FF Extension: ImageShack Fix - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{4dee534b-24e6-430e-97a3-2439bc546e8e}.xpi [2015-06-22]
FF Extension: Font Information - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{70ded480-0a45-4099-84d1-65aa1cb1575e}.xpi [2015-06-22]
FF Extension: Base64 ⇒ Encoder - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{ad4fb47f-4ae5-4405-79c9-19fc7034c4d3}.xpi [2015-06-22]
FF Extension: QuickJS - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{bb65e674-b194-4b6e-8033-5fa0afe3a198}.xpi [2015-06-22]
FF Extension: Web Developer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-06-22]
FF Extension: Extended Statusbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2015-06-22]
FF Extension: Tab Mix Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-10-04]
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-10-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dljdacfojgikogldjffnkdcielnklkce] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (VPN.S HTTP Proxy) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\decfmjjdfcldhoonmgjadlilkdblonge [2014-11-19]
OPR Extension: (HideMyAss - Free Web Proxy) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\hlpdbioabohahlmpghnfknhaihleineg [2014-11-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-28] (SUPERAntiSpyware.com)
S3 ICM_UpdaterService; C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
S3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [731104 2014-05-15] (Apple Inc.) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [300508 2007-11-15] (Logitech, Inc.) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [31303646 2011-06-12] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
S3 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [316896 2014-04-08] (Motorola Mobility LLC) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [327136 2010-01-09] (Microsoft Corporation) [File not signed]
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4817874 2010-01-09] (Microsoft Corporation) [File not signed]
S3 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [345052 2012-12-07] () [File not signed]
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [193592 2005-03-02] (SafeNet, Inc)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [902108 2012-06-11] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [694742 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UndeleteService; C:\Program Files\Executive Software\Undelete\UdServe.exe [483425 2005-06-28] (Executive Software International) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a016bus; C:\WINDOWS\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\WINDOWS\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\WINDOWS\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\WINDOWS\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\WINDOWS\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)
S3 acatusb; C:\WINDOWS\System32\Drivers\acatusb.sys [43140 2009-10-14] (Marvell Israel (MISL) Ltd.) [File not signed]
R3 actser; C:\WINDOWS\System32\drivers\actser.sys [29440 2004-08-23] (Siemens AG) [File not signed]
S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 awUSB; C:\WINDOWS\System32\DRIVERS\USBDrv.sys [13824 2014-10-16] (Scott)
S3 BRCM; C:\WINDOWS\System32\Drivers\bcmvcp.sys [79616 2011-12-27] (Broadcom Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 csstusb; C:\WINDOWS\System32\DRIVERS\csstusb.sys [51712 2006-01-30] (Windows ® Server 2003 DDK provider) [File not signed]
S3 DFU; C:\WINDOWS\System32\DRIVERS\52xdfu.sys [12416 2010-02-03] (NXP Semiconductors) [File not signed]
S3 dmtoolusb; C:\WINDOWS\System32\Drivers\dmtoolusb.sys [18304 2007-06-25] (Windows ® 2000 DDK provider) [File not signed]
R3 Egatebus; C:\WINDOWS\System32\drivers\egatebus.sys [15328 2006-05-19] (Axalto)
S3 Egatecard; C:\WINDOWS\System32\Drivers\egate.sys [18880 2006-05-19] (Axalto)
R3 Egaterdr; C:\WINDOWS\System32\drivers\egaterdr.sys [13440 2006-05-19] (Axalto)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FlashUSB; C:\WINDOWS\System32\DRIVERS\FlashUSB.sys [16384 2013-05-02] (Intel Mobile Communications)
S3 FTD2XX; C:\WINDOWS\System32\Drivers\FTD2XX.sys [34639 2005-12-15] (FTDI Ltd.) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [110240 2015-09-14] (FTDI Ltd.)
S3 gnusbnet; C:\WINDOWS\System32\DRIVERS\gnusbnet.sys [133632 2012-07-06] (QUALCOMM Incorporated)
S3 gnusbser; C:\WINDOWS\System32\DRIVERS\gnusbser.sys [107904 2012-07-06] (QUALCOMM Incorporated)
S3 htcdiag; C:\WINDOWS\System32\DRIVERS\htcdiag.sys [101376 2009-10-14] (HTC Corporation)
S3 HWHandSet; C:\WINDOWS\System32\DRIVERS\hw_quusbmdm.sys [195200 2011-10-24] (Huawei Technologies Co., Ltd.) [File not signed]
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2013-04-06] (http://libusb-win32.sourceforge.net)
S3 MobileAdapter; C:\WINDOWS\System32\DRIVERS\qscnusb.sys [103552 2009-08-28] (QUALCOMM Incorporated) [File not signed]
S3 mssbox_usb; C:\WINDOWS\System32\Drivers\mssbox_usb.sys [34952 2010-03-05] ()
S3 mstrgen; C:\WINDOWS\System32\DRIVERS\mstrgen.sys [62080 2009-07-22] (MCCI)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2014-12-09] () [File not signed]
S3 PortTalk; C:\WINDOWS\System32\drivers\PortTalk.sys [3567 2012-08-17] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 ptuc_bus; C:\WINDOWS\System32\Drivers\ptuc_bus.sys [22272 2007-03-20] (PANTECH)
S3 ptuc_flt; C:\WINDOWS\System32\DRIVERS\ptuc_flt.sys [3584 2007-02-26] (Pantech Corporation)
S3 ptuc_mdm; C:\WINDOWS\System32\Drivers\ptuc_mdm.sys [40448 2007-03-20] (PANTECH)
S3 ptuc_prt; C:\WINDOWS\System32\Drivers\ptuc_prt.sys [39296 2007-03-20] (PANTECH)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S3 qcusbmdm; C:\WINDOWS\System32\DRIVERS\qcusbmdm.sys [59632 2003-03-11] (QUALCOMM Incorporated) [File not signed]
S3 qcusbmdm6k; C:\WINDOWS\System32\DRIVERS\qcusbmdm6k.sys [59632 2003-03-11] (QUALCOMM Incorporated) [File not signed]
S3 qcusbnmea; C:\WINDOWS\System32\DRIVERS\qcusbnmea.sys [59632 2003-03-11] (QUALCOMM Incorporated) [File not signed]
S3 qcusbser; C:\WINDOWS\System32\DRIVERS\qcusbser.sys [98560 2014-02-26] (QUALCOMM Incorporated) [File not signed]
S3 qcusbser6k; C:\WINDOWS\System32\DRIVERS\qcusbser6k.sys [59632 2003-03-11] (QUALCOMM Incorporated) [File not signed]
R3 R5BaseSmc; C:\WINDOWS\System32\DRIVERS\smccard.sys [12800 2012-04-19] (OEM)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [45080 2013-03-20] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 s117bus; C:\WINDOWS\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 SamUsb; C:\WINDOWS\System32\Drivers\mtbox.sys [31452 2005-09-07] (Your Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SciandroidU2S; C:\WINDOWS\System32\DRIVERS\SciU2S.sys [117248 2011-10-20] (Spreadtrum Communication Inc.) [File not signed]
S3 SciCmpst; C:\WINDOWS\System32\DRIVERS\SciCmpst.sys [117248 2011-10-20] (Spreadtrum Communication Inc.) [File not signed]
S3 SciModem; C:\WINDOWS\System32\DRIVERS\SciModem.sys [117248 2011-10-20] (Spreadtrum Communication Inc.) [File not signed]
S3 SciU2S; C:\WINDOWS\System32\DRIVERS\SciU2S.sys [117248 2011-10-20] (Spreadtrum Communication Inc.) [File not signed]
S3 SE27bus; C:\WINDOWS\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI)
S3 SE2Cbus; C:\WINDOWS\System32\DRIVERS\SE2Cbus.sys [61600 2006-05-01] (MCCI)
R2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [7776 2005-08-31] () [File not signed]
R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
S3 SIS163u; C:\WINDOWS\System32\DRIVERS\sis163u.sys [215552 2005-11-02] (Silicon Integrated Systems Corp.)
S3 smhwser; C:\WINDOWS\System32\DRIVERS\smhwser.sys [108032 2010-02-04] (QUALCOMM Incorporated)
S3 sprd_acm_modem; C:\WINDOWS\System32\DRIVERS\sprd_acm.sys [67712 2011-08-22] (SpreadTrum) [File not signed]
S3 sprd_enum; C:\WINDOWS\System32\DRIVERS\sprd_enum.sys [84224 2011-08-22] (SpreadTrum) [File not signed]
S3 sscebus; C:\WINDOWS\System32\DRIVERS\sscebus.sys [136904 2013-05-02] (MCCI Corporation)
S3 sscemdfl; C:\WINDOWS\System32\DRIVERS\sscemdfl.sys [17864 2013-05-02] (MCCI Corporation)
S3 sscemdm; C:\WINDOWS\System32\DRIVERS\sscemdm.sys [153672 2013-05-02] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\DRIVERS\ssdudfu.sys [80968 2012-06-27] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\DRIVERS\ssm_bus.sys [104448 2012-06-27] (MCCI Corporation)
S3 ssm_mdfl; C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys [14848 2012-06-27] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys [132608 2012-06-27] (MCCI Corporation)
S3 ssudobex; C:\WINDOWS\System32\DRIVERS\ssudobex.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\DRIVERS\ssudrmnet.sys [59160 2013-05-02] (DEVGURU Co., LTD.)
S3 ssudrmnetmp; C:\WINDOWS\System32\DRIVERS\ssudrmnetmp.sys [80664 2013-05-02] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\DRIVERS\ssudserd.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2012-06-27] (MCCI)
S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2012-06-27] (MCCI Corporation)
S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2012-06-27] (MCCI Corporation)
S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2012-06-27] (MCCI Corporation)
S3 SU2SCpst; C:\WINDOWS\System32\DRIVERS\SciU2S.sys [117248 2011-10-20] (Spreadtrum Communication Inc.) [File not signed]
S3 SzCCID; C:\WINDOWS\System32\DRIVERS\SzCCID.sys [26112 2011-12-23] (Generic)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2014-02-05] (Microsoft Corporation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2015-01-05] (Acronis)
S3 token; C:\WINDOWS\System32\DRIVERS\eps2kt1.sys [21888 2012-04-19] ()
R0 UdDrv; C:\WINDOWS\system32\Drivers\UdDrv.sys [55552 2005-06-29] (Executive Software)
S3 UFS2XX; C:\WINDOWS\System32\drivers\UFS2XX.sys [68832 2013-08-19] (FTDI Ltd.)
S3 Usbatos; C:\WINDOWS\System32\DRIVERS\lgusbatos.sys [22144 2009-11-25] (LG Electronics Inc.)
S3 USBCCID; C:\WINDOWS\System32\DRIVERS\usbccid.sys [30208 2006-11-02] (Microsoft Corporation) [File not signed]
S3 usbUDisc; C:\WINDOWS\System32\DRIVERS\USBDrv.sys [13824 2014-10-16] (Scott)
S3 vodafone_K3805-z_cdc_acm; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [85888 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cdc_ecm; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [50304 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cpo; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_cpo.sys [9728 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [80000 2010-09-01] (Vodafone)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18167 2003-09-30] (ELTIMA Software) [File not signed]
S3 VSD2XX; C:\WINDOWS\System32\Drivers\VSD2XX.sys [25596 2003-10-30] (FTDI Ltd.) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [47232 2004-04-08] (ELTIMA Software) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [58112 2011-05-18] (MediaTek Inc.) [File not signed]
S3 WnsDrvr; C:\WINDOWS\system32\Drivers\WnsDrvr.sys [25952 2014-01-21] (Microsoft Corporation) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-07-07] (ZTE Incorporated)
S3 zghsmdm; C:\WINDOWS\System32\DRIVERS\zghsmdm.sys [113688 2011-07-07] (ZTE Incorporated)
S3 zghsnmea; C:\WINDOWS\System32\DRIVERS\zghsnmea.sys [113688 2011-07-07] (ZTE Incorporated)
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [389756 2006-02-24] (Vimicro Corporation) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
U2 CertPropSvc; no ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwmobile; system32\DRIVERS\hwusbser.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\DRIVERS\massfilter_hs.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 phunter; C:\WINDOWS\system32\unikey.sys [13816 2014-12-26] ()
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 USBZTECCID; system32\DRIVERS\ZTEusbccid.sys [X]
U1 WS2IFSL; no ImagePath
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 zte_massejct; System32\Drivers\zte_massejct.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 12:30 - 2015-11-02 12:30 - 00030007 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-11-02 12:30 - 2015-11-02 12:30 - 00000000 ____D C:\FRST
2015-11-02 12:30 - 2015-11-02 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2015-11-02 12:26 - 2015-11-02 12:26 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\SigmaKey.lnk
2015-11-02 12:26 - 2015-11-02 12:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GsmServer
2015-11-02 12:24 - 2015-11-02 12:25 - 51218935 _____ (GsmServer ) C:\Documents and Settings\Administrator\Desktop\SigmaKey_Software_Setup_v2.13.02.exe
2015-11-02 12:18 - 2015-11-02 12:18 - 00000685 _____ C:\Documents and Settings\All Users\Desktop\NCK BOX Android MTK Module v.1.8.6.2.lnk
2015-11-02 12:18 - 2015-11-02 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCK Box
2015-11-02 12:15 - 2015-11-02 12:15 - 00000582 _____ C:\Documents and Settings\All Users\Desktop\NCK BOX Main Module v6.2.6.lnk
2015-11-02 11:57 - 2015-11-02 11:58 - 38255081 _____ C:\Documents and Settings\Administrator\Desktop\Viber_v5.6.0.2413.apk
2015-11-02 11:19 - 2015-11-02 11:19 - 00001442 _____ C:\Documents and Settings\Administrator\Desktop\InfinityBox BEST.lnk
2015-11-02 10:38 - 2015-11-02 10:38 - 00000494 _____ C:\WINDOWS\Tasks\Motorola Device Manager Update.job
2015-11-02 10:38 - 2015-11-02 10:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Motorola Device Manager
2015-11-02 10:37 - 2015-11-02 10:37 - 34236544 _____ (Motorola Mobility) C:\Documents and Settings\Administrator\Desktop\MotorolaDeviceManager_2.5.4.exe
2015-11-02 09:42 - 2015-11-02 09:42 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-02 09:42 - 2015-11-02 09:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-11-02 09:40 - 2015-11-02 09:40 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-11-02 09:40 - 2015-11-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-11-02 09:33 - 2015-11-02 12:30 - 01701888 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-11-02 09:25 - 2015-11-02 09:25 - 00000769 _____ C:\Documents and Settings\Administrator\Desktop\Uninstall Tool.lnk
2015-11-02 09:24 - 2015-11-02 09:24 - 00000000 ____D C:\Program Files\Wise
2015-11-01 16:47 - 2015-11-01 16:47 - 00000000 ____D C:\Documents and Settings\Administrator\TMP
2015-11-01 16:43 - 2015-11-01 16:43 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\VolcanoUtility_v3.0.9_Volcano Module
2015-11-01 16:39 - 2015-11-01 16:43 - 130076145 _____ C:\Documents and Settings\Administrator\Desktop\VolcanoUtility_v3.0.9_Volcano Module.rar
2015-11-01 16:34 - 2015-11-01 16:35 - 00000000 ____D C:\LS990
2015-11-01 16:28 - 2015-11-01 16:28 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\lgunitedmobiledriver_s4981man38ap22_ml_whql_ver_3.8.1
2015-11-01 16:27 - 2015-11-01 16:28 - 08280685 _____ C:\Documents and Settings\Administrator\Desktop\lgunitedmobiledriver_s4981man38ap22_ml_whql_ver_3.8.1.rar
2015-11-01 16:26 - 2015-11-01 16:26 - 10002396 _____ (Acresso Software Inc. ) C:\Documents and Settings\Administrator\Desktop\LGAndroidADBDriver.exe
2015-11-01 16:25 - 2015-11-02 11:56 - 00034484 _____ C:\WINDOWS\Wdf01009Inst.log
2015-11-01 16:25 - 2015-11-02 11:56 - 00020206 _____ C:\WINDOWS\setupact.log
2015-11-01 16:25 - 2015-11-01 16:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-01 16:18 - 2015-11-01 16:19 - 393976792 _____ (Octoplus team ) C:\Documents and Settings\Administrator\Desktop\install_octoplus_octopus_lg_2.0.9.exe
2015-11-01 16:17 - 2015-11-01 16:17 - 00001612 _____ C:\Documents and Settings\Administrator\Desktop\Поиграй!.lnk
2015-11-01 16:16 - 2015-11-01 16:16 - 00000638 _____ C:\Documents and Settings\All Users\Desktop\NsPro.lnk
2015-11-01 16:15 - 2015-11-01 16:16 - 40949208 _____ () C:\Documents and Settings\Administrator\Desktop\NsPro v6.8.1 small.exe
2015-11-01 16:13 - 2015-11-01 16:13 - 38380028 _____ (Fast Unlocking ltd.) C:\Documents and Settings\Administrator\Desktop\NCKBox_Main_Module_v6.2.6.exe
2015-11-01 16:13 - 2015-11-01 16:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\NCK Team
2015-11-01 16:11 - 2015-11-01 16:11 - 28689222 _____ (NCK Team) C:\Documents and Settings\Administrator\Desktop\NCKBox_Android_MTK_Module_v1.8.6.2.exe
2015-11-01 16:08 - 2015-11-02 11:19 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\InfinityBox
2015-11-01 16:06 - 2015-11-01 16:06 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\HUATool
2015-11-01 16:05 - 2015-11-01 16:05 - 00000000 ____D C:\AHT2
2015-11-01 15:59 - 2015-11-01 16:01 - 00000000 ____D C:\BST
2015-11-01 15:57 - 2015-11-02 12:28 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-01 15:57 - 2015-11-02 12:28 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-01 15:57 - 2015-11-01 15:57 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-11-01 15:54 - 2015-11-01 16:00 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\GsmBest Team
2015-11-01 15:45 - 2015-11-01 16:00 - 00005556 _____ C:\WINDOWS\DPINST.LOG
2015-11-01 15:41 - 2015-11-02 12:25 - 00000000 ____D C:\AdvanceBox Turbo Flasher
2015-11-01 15:41 - 2015-11-01 15:41 - 00000449 _____ C:\Documents and Settings\All Users\Desktop\ATFJ.exe.lnk
2015-11-01 15:41 - 2015-11-01 15:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advance-Box
2015-11-01 15:38 - 2015-11-01 15:38 - 00096072 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-11-01 15:36 - 2015-10-04 17:50 - 43672039 _____ C:\Documents and Settings\Administrator\Desktop\Firefox 27.0.1 (en-US) - 2015-10-04.pcv
2015-11-01 15:23 - 2015-11-01 15:23 - 67455968 _____ (LGETool.com ) C:\Documents and Settings\Administrator\Desktop\lgetool_253.exe
2015-11-01 15:00 - 2015-11-01 15:00 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-01 15:00 - 2015-11-01 15:00 - 00000000 ____D C:\Documents and Settings\Administrator\.oracle_jre_usage
2015-11-01 14:59 - 2015-11-01 15:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-11-01 14:57 - 2015-11-02 09:37 - 42276312 _____ (Apple Inc.) C:\Documents and Settings\Administrator\Desktop\QuickTimeInstaller.exe
2015-11-01 14:57 - 2015-11-01 14:57 - 00762328 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\Desktop\jre-8u65-windows-i586-iftw.exe
2015-10-29 04:43 - 2015-10-29 05:21 - 00011264 _____ C:\WINDOWS\MTKCRC.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 12:30 - 2012-04-18 16:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-11-02 12:28 - 2014-06-06 13:09 - 00000394 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383042886.job
2015-11-02 12:28 - 2014-03-19 15:28 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-02 12:28 - 2013-10-29 14:34 - 00000000 ____D C:\Program Files\Opera
2015-11-02 12:28 - 2012-04-18 16:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-02 12:27 - 2015-01-05 10:17 - 00003210 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-02 12:27 - 2012-04-18 16:18 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-11-02 12:27 - 2012-04-18 16:13 - 00032470 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-02 12:26 - 2012-04-19 10:33 - 00000000 ____D C:\Program Files\GsmServer
2015-11-02 12:21 - 2012-04-19 14:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2015-11-02 12:18 - 2014-02-16 10:22 - 00000000 ____D C:\NCK Box
2015-11-02 12:11 - 2012-04-18 19:52 - 00143690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-02 12:05 - 2015-01-05 10:58 - 00182952 _____ C:\WINDOWS\setupapi.log
2015-11-02 12:01 - 2014-08-05 16:04 - 00045058 _____ C:\BROM_DLL.log
2015-11-02 11:58 - 2014-02-05 17:49 - 00016390 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-11-02 11:25 - 2014-05-17 11:29 - 00000420 _____ C:\Documents and Settings\Administrator\Desktop\iPhone orders.txt.lnk
2015-11-02 10:38 - 2013-08-18 17:07 - 00000000 ____D C:\Program Files\Motorola Mobility
2015-11-02 10:38 - 2012-09-03 16:11 - 00000000 ____D C:\Temp
2015-11-02 10:37 - 2012-04-18 16:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-02 09:42 - 2013-02-11 11:45 - 00000000 ___RD C:\Program Files\Skype
2015-11-02 09:42 - 2012-04-19 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-11-02 09:40 - 2014-03-06 12:18 - 00000000 ____D C:\Program Files\QuickTime
2015-11-02 09:26 - 2013-12-23 12:08 - 00000000 ____D C:\Program Files\Uninstall Tool
2015-11-02 09:25 - 2013-12-23 12:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Tool
2015-11-02 09:24 - 2012-04-18 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\WinTools
2015-11-01 16:47 - 2012-04-18 16:18 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-01 16:28 - 2012-05-25 14:54 - 00000000 ____D C:\Program Files\LG Electronics
2015-11-01 16:17 - 2012-04-19 15:12 - 00000000 ____D C:\Program Files\Download Master
2015-11-01 16:16 - 2012-04-19 11:33 - 00000000 ____D C:\Program Files\NsPro
2015-11-01 16:14 - 2015-01-04 11:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Fast Unlocking ltd
2015-11-01 15:57 - 2012-04-18 16:06 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-11-01 15:50 - 2012-04-18 16:26 - 00000000 ____D C:\Program Files\PowerArchiver
2015-11-01 15:23 - 2014-04-16 13:53 - 00000000 ____D C:\Program Files\SgTool
2015-11-01 15:23 - 2014-04-16 13:53 - 00000000 ____D C:\Program Files\LGE Tool
2015-11-01 15:23 - 2014-04-16 13:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\LGETool
2015-11-01 15:16 - 2015-01-05 10:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nico Mak Computing
2015-11-01 15:01 - 2014-10-23 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-11-01 15:01 - 2013-03-06 09:30 - 00000000 ____D C:\Program Files\Java
2015-11-01 15:00 - 2014-05-26 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
2015-11-01 14:59 - 2014-10-23 18:33 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-11-01 14:59 - 2014-10-23 18:33 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-11-01 14:59 - 2014-10-23 18:33 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-11-01 14:58 - 2014-08-16 11:14 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-11-01 14:58 - 2014-04-22 14:16 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-01 14:58 - 2014-04-22 14:16 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-01 14:54 - 2013-09-02 09:48 - 00000000 ____D C:\Program Files\Common Files\Acronis
2015-11-01 14:52 - 2015-01-05 10:18 - 00003540 _____ C:\WINDOWS\KB959765.log
2015-11-01 14:52 - 2008-04-14 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2014-02-04 16:15 - 2014-02-04 16:15 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2012-11-04 12:55 - 2012-11-04 12:55 - 0001157 _____ () C:\Documents and Settings\Administrator\Application Data\BBMS_EXCEPTION.txt
2013-08-15 12:44 - 2014-12-16 11:21 - 0000197 _____ () C:\Documents and Settings\Administrator\Application Data\licecap.ini
2014-05-26 14:53 - 2014-05-26 15:08 - 0000600 _____ () C:\Documents and Settings\Administrator\Application Data\winscp.rnd
2012-12-06 10:35 - 2014-04-28 09:53 - 0000132 _____ () C:\Documents and Settings\Administrator\Application Data\Настройки формата BMP в Adobe CS5
2012-05-21 13:50 - 2014-10-15 18:26 - 0000132 _____ () C:\Documents and Settings\Administrator\Application Data\Настройки формата PNG в Adobe CS5
2012-05-21 14:45 - 2014-10-15 18:26 - 0001456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Сохранить для Web 12.0 Prefs
2012-04-20 19:16 - 2014-12-19 11:58 - 0012800 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 16:40 - 2014-10-15 12:16 - 0000294 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\firebolt_setting.ini
2012-10-31 16:00 - 2012-10-31 16:00 - 0000051 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Kosong.Bron.Tok.txt
2012-11-01 09:53 - 2012-11-01 09:53 - 0012393 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ListHost17.txt
2013-01-10 10:59 - 2014-05-26 15:08 - 0000600 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
2012-12-26 12:02 - 2013-02-13 14:17 - 0005428 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
2012-11-01 09:53 - 2012-11-01 09:53 - 0012393 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Update.17.Bron.Tok.bin
2012-07-05 14:34 - 2012-07-05 14:34 - 0017408 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Attached Files


Edited by IkaMazini, 02 November 2015 - 03:44 AM.


#5 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:39 PM

Posted 02 November 2015 - 05:24 PM

Thank you for the logs; the posting was fine.  And thank you for the details on the exe errors.

 

Couple of questions before we go on ....

 

  1. The restore via Acronis; was this a file backup / restore or an image backup / restore?
  2. Have you tried running a CHKDSK /F scan on the harddrive before or after the restore?

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#6 IkaMazini

IkaMazini
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 06:39 AM

 

Thank you for the logs; the posting was fine.  And thank you for the details on the exe errors.

Thank you for attention

 

 

The restore via Acronis; was this a file backup / restore or an image backup / restore?

This backup "MyBackup.tib" created January 05, 2015 before infecting my computer

Or... I did not understand you :( I`m very bad speak English language

 

 

Have you tried running a CHKDSK /F scan on the harddrive before or after the restore?

No. I forget :(

 

 

I am 100% sure that the virus I receive from this Instaler.EXE

http://www.4shared.com/rar/vCmmDnx_ba/VIRUS.html

Pass: 12345678

 

WARNING for all other users: DO NOT DOWNLOAD AND EXTRACT THIS ARCHIVE


Edited by IkaMazini, 03 November 2015 - 06:54 AM.


#7 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:39 PM

Posted 03 November 2015 - 10:05 PM

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Light Image Resizer 4.3.0.0
Download Master version 6.6.2.1485


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Firemin.lnk [2012-04-27]
ShortcutTarget: Firemin.lnk -> C:\Firemin\Firemin.exe ()
C:\Firemin
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files\Download Master\dmiehlp.dll [2013-06-20] (WestByte)
C:\Program Files\Download Master
Toolbar: HKLM - DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-01]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com [2015-11-01]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com [2015-11-01]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
U2 CertPropSvc; no ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwmobile; system32\DRIVERS\hwusbser.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\DRIVERS\massfilter_hs.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 USBZTECCID; system32\DRIVERS\ZTEusbccid.sys [X]
U1 WS2IFSL; no ImagePath
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 zte_massejct; System32\Drivers\zte_massejct.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-507921405-2146974159-1801674531-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

Is there a reason you do not have any AntiVirus active on this system?
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#8 IkaMazini

IkaMazini
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 12:59 AM

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x86) Version:31-10-2015
Ran by Administrator (2015-11-04 09:45:11) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-507921405-2146974159-1801674531-500\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Firemin.lnk [2012-04-27]
ShortcutTarget: Firemin.lnk -> C:\Firemin\Firemin.exe ()
C:\Firemin
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files\Download Master\dmiehlp.dll [2013-06-20] (WestByte)
C:\Program Files\Download Master
Toolbar: HKLM - DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll [2012-05-23] (WestByte Software)
Toolbar: HKU\S-1-5-21-507921405-2146974159-1801674531-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-01]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com [2015-11-01]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com [2015-11-01]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
U2 CertPropSvc; no ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwmobile; system32\DRIVERS\hwusbser.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\DRIVERS\massfilter_hs.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 USBZTECCID; system32\DRIVERS\ZTEusbccid.sys [X]
U1 WS2IFSL; no ImagePath
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 zte_massejct; System32\Drivers\zte_massejct.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-507921405-2146974159-1801674531-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoAutorun => value removed successfully.
HKU\S-1-5-21-507921405-2146974159-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully.
HKU\S-1-5-21-507921405-2146974159-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSharedDocuments => value removed successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Firemin.lnk => moved successfully
C:\Firemin\Firemin.exe => moved successfully
C:\Firemin => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF} => key not found. 
HKCR\CLSID\{9961627E-4059-41B4-8E0E-A7D6B3854ADF} => key not found. 
"C:\Program Files\Download Master" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} => value not found.
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} => key not found. 
HKU\S-1-5-21-507921405-2146974159-1801674531-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} => value removed successfully.
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} => key not found. 
HKU\S-1-5-21-507921405-2146974159-1801674531-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
Firefox "newtab" removed successfully.
FF Session Restore: -> removed successfully.
Firefox Proxy settings were reset.
C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml => moved successfully
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com => moved successfully
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\artur.dubovoy@gmail.com" => not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com => moved successfully
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com => path removed successfully.
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\16uh8n8l.default\Extensions\pavel.sherbakov@gmail.com" => not found.
Andbus => service removed successfully.
AndDiag => service removed successfully.
AndGps => service removed successfully.
ANDModem => service removed successfully.
AndNetDiag2 => service removed successfully.
andnetndis => service removed successfully.
BTCFilterService => service removed successfully.
CertPropSvc => service removed successfully.
ew_hwusbdev => service removed successfully.
ew_usbenumfilter => service removed successfully.
huawei_cdcacm => service removed successfully.
huawei_cdcecm => service removed successfully.
huawei_enumerator => service removed successfully.
huawei_ext_ctrl => service removed successfully.
hwmobile => service removed successfully.
hwusbdev => service removed successfully.
IntelIde => service removed successfully.
massfilter => service removed successfully.
massfilter_hs => service removed successfully.
motandroidusb => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
MotDev => service removed successfully.
motmodem => service removed successfully.
MotoSwitchService => service removed successfully.
Motousbnet => service removed successfully.
motport => service removed successfully.
motusbdevice => service removed successfully.
PCTINDIS5 => service removed successfully.
siusbmod => service removed successfully.
usbbus => service removed successfully.
UsbDiag => service removed successfully.
USBModem => service removed successfully.
USBZTECCID => service removed successfully.
WS2IFSL => service removed successfully.
ZTEusbMB => service removed successfully.
ZTEusbmdm6k => service removed successfully.
ZTEusbnet => service removed successfully.
ZTEusbnmea => service removed successfully.
ZTEusbser6k => service removed successfully.
zte_massejct => service removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe => moved successfully
"HKU\S-1-5-21-507921405-2146974159-1801674531-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

The following command was not found: advfirewall set allprofiles state on.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-507921405-2146974159-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-507921405-2146974159-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

EmptyTemp: => 633.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:46:28 ====
LAST >>>>

Is there a reason you do not have any AntiVirus active on this system?

 

No. Only SUPERAntiSpyware Free Edition and i it use very rare.



#9 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:39 PM

Posted 04 November 2015 - 07:22 PM

How is your system running?
 

FIRST>>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
     
     
Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



 

SECOND>>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Please make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps

The report screen will open.
a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps

At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
ExportSaved_zpsac3a71eb.png

The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:39 PM

Posted 23 November 2015 - 10:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users