Jump to content

shogel

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by shogel

  1. Can you please advice on safely removing adwarecleaner and FRST? Maybe I`m getting paranoid but it seems it`s taking the desktop much longer to load now. Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO is off. M i c r o s o f t ECHO is off. S e c u r i t y ECHO is off. E s e n t i a l s ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner JavaFX 2.1.1 Java 7 Update 21 Java version out of Date! Adobe Reader 10.1.8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes' Anti-Malware mbamscheduler.exe Market New fomalhaut Fomalhaut.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. It`s incredible but malwarebytes didn`t find anything and I`m not being redirected anymore. Thank you very much for your help and sorry for being stubborn sometimes. Can you please explain shortly where that virus/worm could go if no program detected it? Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.12.16 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 vad :: TRIVADIS-DBA786 [administrator] 14.11.2013 19:43:13 mbam-log-2013-11-14 (19-43-13).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 457378 Time elapsed: 3 hour(s), 30 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. You know a lot more than I do but do you really think I`m that stupid that can`t delete that file? I didn`t do anything because it was not the 1st time I made that scan and it keeps reappearing.
  4. I posted the malwarebytes report with my 1st post.
  5. [OTL Extras logfile created on: 14.11.2013 10:18:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\vad\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.21% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 413.41 Gb Free Space | 88.76% Space Free | Partition Type: NTFS Computer Name: TRIVADIS-DBA786 | User Name: vad | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)"C:\Documents and Settings\vad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)"C:\Documents and Settings\vad\Application Data\ICQM\icq.exe" = C:\Documents and Settings\vad\Application Data\ICQM\icq.exe:*:Enabled:ICQ -- (ICQ)"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin"{30BDEFC3-6D77-4722-A8F1-9BA938BA69C8}" = ChessBase 8.0"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{45B79548-7171-11D5-A1FD-F5EABC70E32B}" = CycleTimer"{4937160D-9A3B-429C-A82E-645116A4EB17}" = VLC TV Player"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10"{5167B770-F0FF-4505-AA98-D4073C337E00}" = Russian Phonetic YaZHert - RusWin.net - Custom"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{58692A10-4A02-403F-B5B5-9D1D076E07FA}" = Deep Rybka 4"{6A79665E-2B6A-4BDF-BEC9-22BE4CA41B15}" = ChessBase Reader"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)"{B70CDBAC-638A-4E67-916A-DB4C6F571031}" = Nero 8 Essentials"{BC86ABDF-8148-44B3-8105-4AE9DDBFDCB6}" = Betting Assistant"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D1CE1C52-06D4-46BF-8FE2-81401F533446}" = Deep Rybka 4"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"BlitzIn 3.0" = BlitzIn 3.0"CCleaner" = CCleaner"ChessBase 7.0" = ChessBase 7.0"ENTERPRISE" = Microsoft Office Enterprise 2007"Gannalyst Professional 5.0_is1" = Gannalyst Professional 5.0"ie8" = Windows Internet Explorer 8"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager"Jagannatha Hora_is1" = Jagannatha Hora 7.64"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Microsoft Security Client" = Microsoft Security Essentials"NVIDIA Drivers" = NVIDIA Drivers"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"PlayChess" = PlayChess "QuoteTracker_is1" = QuoteTracker"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE"uTorrent" = µTorrent"VirtualCloneDrive" = VirtualCloneDrive"WinDjView" = WinDjView 2.0.1"Windows Media Format Runtime" = Windows Media Format Runtime"Windows XP Service Pack" = Windows XP Service Pack 3"WinRAR archiver" = WinRAR 4.20 (32-bit)"ZET 9 Lite 1.69" = ZET 9 Lite 1.69 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"ICQ" = ICQ 8.2 (build 6870) ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 18.06.2013 17:29:20 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0133674a. Error - 19.06.2013 11:01:53 | Computer Name = TRIVADIS-DBA786 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.2.223.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 20.06.2013 09:39:15 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132afc9. Error - 21.06.2013 15:43:29 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132af98. Error - 22.06.2013 17:09:12 | Computer Name = TRIVADIS-DBA786 | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 22.06.2013 21:18:49 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01377c12. Error - 23.07.2013 22:03:58 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x3933e1bb. Error - 24.07.2013 19:22:55 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0133c174. Error - 24.07.2013 19:42:54 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01321236. Error - 24.07.2013 20:40:15 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x013b0d06. [ OSession Events ]Error - 03.10.2012 10:51:19 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.10.2012 11:09:50 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.11.2012 10:28:28 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.11.2012 11:49:54 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.02.2013 07:06:21 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ]Error - 13.11.2013 12:18:25 | Computer Name = TRIVADIS-DBA786 | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort2. Error - 13.11.2013 13:15:51 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 13.11.2013 13:51:19 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 13.11.2013 15:53:58 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 13.11.2013 16:30:20 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 14.11.2013 00:06:20 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 14.11.2013 00:06:54 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 14.11.2013 00:06:58 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 14.11.2013 00:07:03 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 14.11.2013 03:29:06 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. < End of report >code] [OTL logfile created on: 14.11.2013 10:18:34 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\vad\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.21% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 413.41 Gb Free Space | 88.76% Space Free | Partition Type: NTFS Computer Name: TRIVADIS-DBA786 | User Name: vad | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.11.14 10:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vad\My Documents\Downloads\OTL.exePRC - [2013.11.11 21:39:25 | 000,354,304 | ---- | M] () -- C:\Books\Market\New\fomalhaut\Fomalhaut.exePRC - [2013.10.09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exePRC - [2013.08.12 09:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exePRC - [2013.06.11 09:26:38 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exePRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012.12.16 17:11:30 | 000,026,112 | ---- | M] () -- C:\Books\Market\New\calc2\DegreesCalc.exePRC - [2010.09.22 19:19:16 | 008,921,088 | ---- | M] (T2 API, LLC) -- C:\Program Files\QuoteTracker\stocks.exePRC - [2008.06.24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exePRC - [2008.04.14 01:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exePRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exePRC - [2004.07.22 18:31:32 | 002,031,616 | ---- | M] (Stock Market Geometry) -- C:\Books\Market\Excels\cycletimer1.1.2.fixed.cracked-snd-.exe\CycleTimer.exePRC - [2001.03.27 04:08:00 | 000,434,176 | ---- | M] (Ringdale Ltd) -- C:\WINDOWS\system32\gsw32.exe ========== Modules (No Company Name) ========== MOD - [2013.11.11 21:39:25 | 000,354,304 | ---- | M] () -- C:\Books\Market\New\fomalhaut\Fomalhaut.exeMOD - [2013.11.06 11:53:15 | 000,307,728 | ---- | M] () -- C:\Documents and Settings\vad\Application Data\ICQM\ICQ\dll\mramenu.dllMOD - [2013.10.10 01:39:06 | 011,004,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Design\a1a9cfd93cb99ccf8d74c0a972c25a6d\System.Design.ni.dllMOD - [2013.10.10 01:37:19 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\46135dcca7a56a358d491b392356a3d6\System.Data.ni.dllMOD - [2013.10.10 01:37:14 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dllMOD - [2013.10.10 01:37:13 | 000,377,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b55c2bcdabf15134ac65076303ee1057\System.Dynamic.ni.dllMOD - [2013.10.10 01:37:12 | 001,616,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e286d1c2191d2336253f8b49c58c4ccc\Microsoft.CSharp.ni.dllMOD - [2013.10.10 01:37:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f0f425579c47fb0aba720d838366b7f\System.Core.ni.dllMOD - [2013.10.10 01:36:55 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dllMOD - [2013.10.10 01:36:54 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\8aa82f86d6290eb261dcfa5b14c3fb37\System.Security.ni.dllMOD - [2013.10.09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dllMOD - [2013.10.09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dllMOD - [2013.10.09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dllMOD - [2013.10.09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dllMOD - [2013.08.15 02:07:45 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dllMOD - [2013.08.15 02:07:39 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dllMOD - [2013.08.15 02:07:36 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dllMOD - [2013.07.25 12:20:47 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\906825def698b2831547de1c5b8cbbe0\Accessibility.ni.dllMOD - [2013.07.25 02:19:31 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\91bc7f6fd5295405b227cecc0e232ce8\System.Numerics.ni.dllMOD - [2013.07.25 02:19:30 | 014,418,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dllMOD - [2013.07.14 12:20:46 | 000,495,616 | ---- | M] () -- C:\Books\Market\New\fomalhaut\swedll32.dllMOD - [2013.07.10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLLMOD - [2012.12.16 17:11:30 | 000,026,112 | ---- | M] () -- C:\Books\Market\New\calc2\DegreesCalc.exeMOD - [2012.10.31 12:41:26 | 000,495,616 | ---- | M] () -- C:\Books\Market\New\calc2\swedll32.dllMOD - [2010.02.16 22:09:42 | 000,106,504 | ---- | M] () -- C:\Program Files\QuoteTracker\mytrackdll.dllMOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dllMOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dllMOD - [2001.08.04 01:43:54 | 000,227,840 | ---- | M] () -- C:\WINDOWS\system32\SASE.OCXMOD - [1999.08.16 13:39:20 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\SWEDLL32.DLL ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)SRV - [2013.10.08 19:30:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV - [2013.06.11 09:26:38 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2009.08.11 08:19:20 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2009.06.02 09:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV - [2009.05.25 08:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2008.02.14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)DRV - [2007.06.14 14:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5.0: C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}: C:\Program Files\Kartina.TV\VLC\npvlc.dll [2011.04.26 11:53:12 | 000,234,432 | ---- | M] (the VideoLAN Team) [2012.07.10 10:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vad\Application Data\Mozilla\Extensions[2012.12.20 22:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vad\Application Data\Mozilla\Firefox\extensions[2012.12.20 22:23:58 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Documents and Settings\vad\Application Data\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.ch/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Google Update (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - Extension: YouTube = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Google Wallet = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: Gmail = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2002.12.31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)O4 - HKU\S-1-5-21-343818398-1957994488-839522115-1003..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341692739180 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343821156390 (MUWebControl Class)O16 - DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} http://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cab (VideoLAN VLC ActiveX Plugin v2)O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65903CD4-D3F0-4DE6-849E-DB52038BC848}: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2012.07.07 21:09:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.11.14 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2013.11.13 18:54:44 | 000,000,000 | ---D | C] -- C:\FRST[2013.11.13 16:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro[2013.11.13 14:37:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\vad\Start Menu\Programs\Administrative Tools[2013.11.13 14:10:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vad\Recent[2013.11.13 13:41:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2013.11.13 13:40:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013.11.06 11:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Start Menu\Programs\ICQ[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Application Data\ICQ-Profile[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\ICQM[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Application Data\ICQM[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\vad\Desktop\*.tmp files -> C:\Documents and Settings\vad\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.14 10:19:57 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job[2013.11.14 09:51:04 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job[2013.11.14 09:51:04 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2013.11.14 09:30:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2013.11.14 07:19:42 | 000,000,130 | ---- | M] () -- C:\WINDOWS\ChssBase.ini[2013.11.14 05:06:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2013.11.14 05:06:15 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2013.11.14 05:06:09 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2013.11.14 05:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2013.11.14 02:39:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2013.11.14 01:51:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job[2013.11.13 20:16:35 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betting Assistant.lnk[2013.11.13 14:10:20 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2013.11.13 13:40:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2013.11.12 23:40:11 | 000,017,862 | ---- | M] () -- C:\Documents and Settings\vad\Desktop\pic.PNG[2013.11.06 11:53:20 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\vad\Desktop\ICQ.lnk[2013.11.06 11:53:20 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\vad\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk[2013.10.27 12:22:17 | 000,498,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2013.10.27 12:22:17 | 000,086,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2013.10.16 02:01:02 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\vad\Desktop\*.tmp files -> C:\Documents and Settings\vad\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.14 02:39:15 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK[2013.11.12 23:40:11 | 000,017,862 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\pic.PNG[2013.11.11 00:47:12 | 001,157,644 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\Gann, W.D. - The Tunnel Thru the Air.pdf[2013.11.06 11:53:20 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\ICQ.lnk[2013.11.06 11:53:20 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk[2013.03.19 22:55:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2013.03.19 22:27:54 | 000,000,321 | ---- | C] () -- C:\WINDOWS\R0Edit.ini[2013.03.19 22:26:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\R0SYSTEM.INI[2012.12.20 23:09:32 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\vad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.11.05 19:44:36 | 000,012,961 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\Microsoft Excel 97-2003.CAL[2012.11.05 19:43:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2012.09.28 21:51:50 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\default.pls[2012.08.01 15:41:05 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI[2012.07.19 15:02:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2012.07.08 09:30:00 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ChssBase.ini[2012.07.08 09:08:33 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\vad\.rnd[2012.07.07 23:57:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012.07.07 23:01:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2012.07.07 23:00:20 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012.07.07 21:24:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll[2012.07.07 21:23:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2012.07.07 21:23:30 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini[2012.07.07 21:23:27 | 000,019,855 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2012.07.07 21:23:27 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2012.07.07 21:10:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2012.07.07 21:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.07.08 10:19:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== Files - Unicode (All) ==========[2013.09.23 15:08:58 | 008,248,530 | R--- | C] ()(C:\Documents and Settings\vad\Desktop\????? ?.?. - ????? ????, 1990.djvu) -- C:\Documents and Settings\vad\Desktop\Оснос В.В. - Дебют Рети, 1990.djvu[2013.09.21 20:50:21 | 000,209,526 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???????? ??? ??????.jpg) -- C:\Documents and Settings\vad\Desktop\картинка для Вадима.jpg[2013.09.21 20:50:20 | 000,209,526 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???????? ??? ??????.jpg) -- C:\Documents and Settings\vad\Desktop\картинка для Вадима.jpg[2013.09.19 11:36:26 | 008,248,530 | R--- | M] ()(C:\Documents and Settings\vad\Desktop\????? ?.?. - ????? ????, 1990.djvu) -- C:\Documents and Settings\vad\Desktop\Оснос В.В. - Дебют Рети, 1990.djvu[2013.09.17 21:21:02 | 000,193,396 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???.69 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр.69 Каббала чисел.jpg[2013.09.17 21:21:02 | 000,190,982 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\??? 70 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр 70 Каббала Чисел.jpg[2013.09.17 21:21:01 | 000,193,396 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???.69 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр.69 Каббала чисел.jpg[2013.09.17 21:21:01 | 000,190,982 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\??? 70 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр 70 Каббала Чисел.jpg[2013.02.12 21:09:20 | 000,497,424 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???????.png) -- C:\Documents and Settings\vad\Desktop\ОБЛОЖКА.png[2013.02.12 21:08:58 | 000,497,424 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???????.png) -- C:\Documents and Settings\vad\Desktop\ОБЛОЖКА.png[2013.02.12 20:41:23 | 001,655,075 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???? ? ???????..docx) -- C:\Documents and Settings\vad\Desktop\Ганн и Планеты..docx[2013.02.12 20:40:44 | 001,655,075 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???? ? ???????..docx) -- C:\Documents and Settings\vad\Desktop\Ганн и Планеты..docx[2012.12.30 17:14:06 | 001,535,461 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\????.png) -- C:\Documents and Settings\vad\Desktop\ЛУНА.png[2012.12.30 17:13:27 | 001,535,461 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\????.png) -- C:\Documents and Settings\vad\Desktop\ЛУНА.png < End of report >code]
  6. [scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2013 Ran by vad (administrator) on TRIVADIS-DBA786 on 13-11-2013 18:55:01Running from C:\Documents and Settings\vad\My Documents\DownloadsMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe(T2 API, LLC) C:\Program Files\QuoteTracker\stocks.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Anatoly Zaytsev) C:\ZET 9\zet.exe() C:\Books\Market\New\calc2\DegreesCalc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1657376 2009-08-05] ()HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33628160 2009-06-17] (VIA Technologies, Inc.)HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\Pac7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)HKCU\...\Run: [Google Update] - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-07] (Google Inc.)HKCU\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341692739180DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} http://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cabDPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61 Chrome: =======CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No FileCHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Google Update) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Extension: (YouTube) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Google Wallet) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Gmail) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)R1 MpKsla546ac45; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0188115E-92AA-4185-9C2E-2E17823E54D9}\MpKsla546ac45.sys [40392 2013-11-13] (Microsoft Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [56992 2009-08-11] (NVIDIA Corporation)R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1374464 2009-06-02] (VIA Technologies, Inc.)S4 IntelIde; No ImagePathU5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U1 WS2IFSL; U3 fgxyrfod; \??\C:\DOCUME~1\vad\LOCALS~1\Temp\fgxyrfod.sys [x]U3 mbr; \??\C:\DOCUME~1\vad\LOCALS~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-13 18:54 - 2013-11-13 18:54 - 00000000 ____D C:\FRST2013-11-13 17:20 - 2013-11-13 17:20 - 00000000 _____ C:\Documents and Settings\vad\Desktop\ark.txt2013-11-13 16:20 - 2013-11-13 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro2013-11-13 14:38 - 2013-11-13 14:38 - 00023508 _____ C:\Documents and Settings\vad\Desktop\attach.txt2013-11-13 14:38 - 2013-11-13 14:38 - 00008046 _____ C:\Documents and Settings\vad\Desktop\dds.txt2013-11-13 13:58 - 2013-11-13 13:58 - 00001219 _____ C:\Documents and Settings\vad\Desktop\AdwCleaner[s0].txt2013-11-13 13:50 - 2013-11-13 13:51 - 00001731 _____ C:\Documents and Settings\vad\Desktop\JRT.txt2013-11-13 13:41 - 2013-11-13 13:41 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-13 13:40 - 2013-11-13 13:56 - 00000000 ____D C:\AdwCleaner2013-11-06 11:53 - 2013-11-06 11:54 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQ-Profile2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Start Menu\ICQ.lnk2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Desktop\ICQ.lnk2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Program Files\ICQM2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Start Menu\Programs\ICQ2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQM ==================== One Month Modified Files and Folders ======= 2013-11-13 18:55 - 2012-07-10 14:17 - 00000000 ____D C:\Program Files\QuoteTracker2013-11-13 18:54 - 2013-11-13 18:54 - 00000000 ____D C:\FRST2013-11-13 18:53 - 2012-07-10 11:57 - 00000000 ____D C:\Documents and Settings\vad\Application Data\Skype2013-11-13 18:51 - 2013-03-18 17:33 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-11-13 18:51 - 2012-07-07 22:49 - 00001182 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job2013-11-13 18:30 - 2012-07-08 09:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2013-11-13 18:18 - 2012-07-07 21:08 - 02085976 _____ C:\WINDOWS\WindowsUpdate.log2013-11-13 17:31 - 2012-07-10 15:00 - 00000000 ____D C:\ZET 92013-11-13 17:20 - 2013-11-13 17:20 - 00000000 _____ C:\Documents and Settings\vad\Desktop\ark.txt2013-11-13 16:30 - 2013-11-13 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro2013-11-13 16:11 - 2013-02-13 22:58 - 00000000 ____D C:\Documents and Settings\vad\Application Data\vlc2013-11-13 14:54 - 2013-02-14 13:21 - 00002305 _____ C:\Documents and Settings\All Users\Desktop\Betting Assistant.lnk2013-11-13 14:38 - 2013-11-13 14:38 - 00023508 _____ C:\Documents and Settings\vad\Desktop\attach.txt2013-11-13 14:38 - 2013-11-13 14:38 - 00008046 _____ C:\Documents and Settings\vad\Desktop\dds.txt2013-11-13 14:10 - 2013-03-18 17:33 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-11-13 14:10 - 2012-08-01 16:27 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-11-13 14:10 - 2012-08-01 16:27 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-11-13 14:10 - 2012-07-08 10:22 - 00079824 _____ C:\Documents and Settings\vad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-11-13 14:10 - 2012-07-07 23:00 - 00326704 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-11-13 14:10 - 2012-07-07 21:12 - 00000000 ____D C:\Documents and Settings\vad2013-11-13 14:10 - 2012-07-07 21:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-11-13 14:10 - 2009-08-06 08:44 - 00248739 _____ C:\WINDOWS\system32\NvApps.xml2013-11-13 14:10 - 2002-12-31 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-11-13 14:09 - 2012-07-07 21:12 - 00000178 ___SH C:\Documents and Settings\vad\ntuser.ini2013-11-13 14:09 - 2012-07-07 21:11 - 00032550 _____ C:\WINDOWS\SchedLgU.Txt2013-11-13 13:58 - 2013-11-13 13:58 - 00001219 _____ C:\Documents and Settings\vad\Desktop\AdwCleaner[s0].txt2013-11-13 13:56 - 2013-11-13 13:40 - 00000000 ____D C:\AdwCleaner2013-11-13 13:51 - 2013-11-13 13:50 - 00001731 _____ C:\Documents and Settings\vad\Desktop\JRT.txt2013-11-13 13:41 - 2013-11-13 13:41 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-13 13:40 - 2012-07-19 15:02 - 00000069 _____ C:\WINDOWS\NeroDigital.ini2013-11-13 13:28 - 2012-12-25 00:44 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job2013-11-13 02:35 - 2012-07-08 09:30 - 00000130 _____ C:\WINDOWS\ChssBase.ini2013-11-13 01:51 - 2012-07-07 22:49 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job2013-11-13 01:09 - 2013-08-27 14:59 - 00000000 ____D C:\Documents and Settings\vad\.thinkorswim2013-11-13 01:08 - 2012-10-24 15:22 - 00000000 ____D C:\Program Files\thinkTDA2013-11-12 22:26 - 2012-07-08 10:25 - 00054784 _____ C:\Documents and Settings\vad\Desktop\stats.xls2013-11-11 23:18 - 2012-07-08 10:25 - 00075264 _____ C:\Documents and Settings\vad\Desktop\My bets1.xls2013-11-09 22:52 - 2012-07-10 10:25 - 00000000 ____D C:\Documents and Settings\vad\Application Data\Mozilla2013-11-08 16:30 - 2012-07-10 11:57 - 00000000 ___RD C:\Program Files\Skype2013-11-08 16:30 - 2012-07-10 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-11-06 11:54 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQ-Profile2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Start Menu\ICQ.lnk2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Desktop\ICQ.lnk2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Program Files\ICQM2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Start Menu\Programs\ICQ2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQM2013-10-27 12:22 - 2012-07-07 23:01 - 00597242 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-10-16 02:01 - 2012-08-01 12:40 - 00001917 _____ C:\WINDOWS\epplauncher.mif2013-10-16 02:01 - 2012-08-01 12:40 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2013-10-16 02:00 - 2012-08-01 12:40 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-10-14 11:32 - 2012-07-08 10:19 - 00000000 ____D C:\WINDOWS\Microsoft.NET Some content of TEMP:====================C:\Documents and Settings\vad\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================] [Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2013 Ran by vad at 2013-11-13 18:55:35Running from C:\Documents and Settings\vad\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== µTorrent (Version: 3.3.0.29625)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Reader X (10.1.8) (Version: 10.1.8)Betting Assistant (Version: 1.0.64)BlitzIn 3.0CCleaner (Version: 3.21)ChessBase 7.0ChessBase 8.0ChessBase Reader (Version: 2)CycleTimer (Version: 1.1.2)Deep Rybka 4 (Version: 12.0.0)Gannalyst Professional 5.0Google Chrome (HKCU Version: 30.0.1599.101)Google Talk Plugin (Version: 4.9.1.16010)Google Update Helper (Version: 1.3.21.165)ICQ 8.2 (build 6870) (HKCU Version: 8.2.6870.0)Jagannatha Hora 7.64 (Version: 7.64)Java 7 Update 21 (Version: 7.0.210)Java Auto Updater (Version: 2.1.9.5)JavaFX 2.1.1 (Version: 2.1.1)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Security Client (Version: 4.3.0219.0)Microsoft Security Essentials (Version: 4.3.219.0)Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Nero 8 Essentials (Version: 8.3.618)neroxml (Version: 1.0.0)NVIDIA Drivers (Version: 1.9)NVIDIA nView Desktop Manager (Version: 125.18)Platform (Version: 1.34)PlayChess (Version: )QuoteTrackerREALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)Russian Phonetic YaZHert - RusWin.net - Custom (Version: 1.0.3.40)Skype™ 6.10 (Version: 6.10.104)thinkorswim from TD AMERITRADEUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit EditionUpdate for Windows Internet Explorer 8 (KB2598845) (Version: 1)Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB2863058) (Version: 1)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)VCRedistSetup (Version: 1.0.0)VIA Plattform-Geräte-Manager (Version: 1.34)VirtualCloneDriveVLC TV Player (Version: 1.0.5.0)WebFldrs XP (Version: 9.50.7523)WinDjView 2.0.1 (Version: 2.0.1)Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Media Format RuntimeWindows XP Service Pack 3 (Version: 20080414.031525)WinRAR 4.20 (32-bit) (Version: 4.20.0)ZET 9 Lite 1.69 ==================== Restore Points ========================= 15-08-2013 01:00:26 Software Distribution Service 3.015-08-2013 09:17:34 Software Distribution Service 3.016-08-2013 11:53:56 Software Distribution Service 3.018-08-2013 10:03:04 Software Distribution Service 3.019-08-2013 10:44:53 Software Distribution Service 3.020-08-2013 11:24:12 Software Distribution Service 3.021-08-2013 12:21:30 Software Distribution Service 3.022-08-2013 16:54:16 Software Distribution Service 3.024-08-2013 10:58:39 Software Distribution Service 3.025-08-2013 12:37:19 Software Distribution Service 3.027-08-2013 11:23:16 Software Distribution Service 3.028-08-2013 12:38:37 Software Distribution Service 3.029-08-2013 01:00:15 Software Distribution Service 3.030-08-2013 09:56:03 Software Distribution Service 3.031-08-2013 12:45:07 Software Distribution Service 3.002-09-2013 10:53:01 Software Distribution Service 3.003-09-2013 12:18:55 Software Distribution Service 3.004-09-2013 19:29:49 System Checkpoint05-09-2013 09:03:01 Software Distribution Service 3.006-09-2013 10:15:49 Software Distribution Service 3.007-09-2013 18:42:36 Software Distribution Service 3.008-09-2013 20:47:54 Software Distribution Service 3.010-09-2013 09:16:51 Software Distribution Service 3.011-09-2013 10:18:58 Software Distribution Service 3.012-09-2013 01:00:34 Software Distribution Service 3.012-09-2013 02:06:49 Software Distribution Service 3.012-09-2013 16:44:35 Software Distribution Service 3.013-09-2013 01:00:30 Software Distribution Service 3.013-09-2013 03:14:54 Software Distribution Service 3.014-09-2013 01:00:28 Software Distribution Service 3.014-09-2013 01:59:04 Software Distribution Service 3.014-09-2013 10:56:04 Software Distribution Service 3.015-09-2013 11:06:34 Software Distribution Service 3.016-09-2013 13:00:59 System Checkpoint17-09-2013 09:58:40 Software Distribution Service 3.019-09-2013 09:58:11 Software Distribution Service 3.021-09-2013 08:29:54 Software Distribution Service 3.022-09-2013 11:43:10 Software Distribution Service 3.024-09-2013 10:55:08 Software Distribution Service 3.025-09-2013 11:04:39 Software Distribution Service 3.027-09-2013 09:22:40 Software Distribution Service 3.028-09-2013 13:04:14 Software Distribution Service 3.030-09-2013 09:48:36 Software Distribution Service 3.002-10-2013 07:43:54 Software Distribution Service 3.003-10-2013 09:37:15 System Checkpoint04-10-2013 10:01:13 Software Distribution Service 3.005-10-2013 15:40:33 System Checkpoint06-10-2013 09:07:38 Software Distribution Service 3.007-10-2013 09:11:42 Software Distribution Service 3.008-10-2013 09:53:57 Software Distribution Service 3.009-10-2013 12:53:12 System Checkpoint10-10-2013 00:33:47 Software Distribution Service 3.010-10-2013 03:01:24 Software Distribution Service 3.011-10-2013 06:12:50 Software Distribution Service 3.013-10-2013 19:56:21 Software Distribution Service 3.014-10-2013 01:00:14 Software Distribution Service 3.015-10-2013 08:52:12 Software Distribution Service 3.016-10-2013 01:00:15 Software Distribution Service 3.017-10-2013 03:36:37 Software Distribution Service 3.018-10-2013 08:58:52 Software Distribution Service 3.019-10-2013 23:28:20 System Checkpoint20-10-2013 11:09:13 Software Distribution Service 3.021-10-2013 12:46:03 System Checkpoint22-10-2013 09:39:37 Software Distribution Service 3.023-10-2013 11:02:53 Software Distribution Service 3.025-10-2013 11:38:57 Software Distribution Service 3.026-10-2013 12:34:35 System Checkpoint27-10-2013 11:32:38 Software Distribution Service 3.028-10-2013 19:54:07 System Checkpoint29-10-2013 10:34:36 Software Distribution Service 3.030-10-2013 11:40:18 Software Distribution Service 3.001-11-2013 12:11:37 Software Distribution Service 3.002-11-2013 22:29:55 Software Distribution Service 3.004-11-2013 11:36:39 Software Distribution Service 3.006-11-2013 10:22:50 Software Distribution Service 3.007-11-2013 11:26:35 System Checkpoint08-11-2013 11:14:14 Software Distribution Service 3.009-11-2013 11:15:37 Software Distribution Service 3.010-11-2013 12:28:16 Software Distribution Service 3.012-11-2013 00:01:33 Software Distribution Service 3.013-11-2013 13:20:51 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2002-12-31 13:00 - 2002-12-31 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job => C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job => C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-06 11:53 - 2013-11-06 11:53 - 00307728 _____ () C:\Documents and Settings\vad\Application Data\ICQM\ICQ\dll\mramenu.dll2012-07-10 14:17 - 2010-02-16 22:09 - 00106504 _____ () C:\Program Files\QuoteTracker\MYTRACKDLL.DLL2002-12-31 13:00 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2002-12-31 13:00 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2013-10-16 00:54 - 2013-10-09 01:02 - 04055504 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll2013-10-16 00:54 - 2013-10-09 01:02 - 00415184 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll2013-10-16 00:54 - 2013-10-09 01:01 - 01604560 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll2011-02-02 15:51 - 2011-02-02 15:51 - 00491520 _____ () C:\ZET 9\swedll32.dll2003-10-09 11:11 - 2003-10-09 11:11 - 00115712 _____ () C:\ZET 9\SAPI_DLL.DLL2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL2013-10-16 00:54 - 2013-10-09 01:02 - 13584336 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (11/11/2013 04:52:10 PM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01c3120b.Processing media-specific event for [cb70.exe!ws!] Error: (11/11/2013 07:48:17 AM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01336742.Processing media-specific event for [cb70.exe!ws!] Error: (11/10/2013 10:13:28 PM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132074e.Processing media-specific event for [cb70.exe!ws!] Error: (11/08/2013 01:14:53 AM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01336732.Processing media-specific event for [cb70.exe!ws!] Error: (11/07/2013 07:53:07 AM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132118e.Processing media-specific event for [cb70.exe!ws!] Error: (11/06/2013 07:22:22 PM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132af5d.Processing media-specific event for [cb70.exe!ws!] Error: (11/04/2013 03:50:55 PM) (Source: MPSampleSubmission) (User: )Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.3.219.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (11/04/2013 00:58:14 PM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0109afc8.Processing media-specific event for [cb70.exe!ws!] Error: (11/03/2013 06:33:49 PM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x39334399.Processing media-specific event for [cb70.exe!ws!] Error: (11/03/2013 02:03:36 AM) (Source: Application Error) (User: )Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0133676a.Processing media-specific event for [cb70.exe!ws!] System errors:=============Error: (11/13/2013 06:51:19 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (11/13/2013 06:15:51 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (11/13/2013 05:18:25 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 05:18:25 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 05:13:14 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 05:10:34 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 05:09:03 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 05:03:19 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (11/13/2013 04:23:33 PM) (Source: 0) (User: )Description: \Device\Ide\IdePort2 Error: (11/13/2013 04:03:01 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Microsoft Office Sessions:=========================Error: (02/23/2013 00:06:21 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/14/2012 04:49:54 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/04/2012 03:28:28 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/26/2012 04:09:50 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/03/2012 03:51:19 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 53%Total physical RAM: 2047.04 MBAvailable physical RAM: 945.53 MBTotal Pagefile: 3939.98 MBAvailable Pagefile: 2866.61 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:413.33 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0E8E0E8D)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================]
  7. Can we try to solve this problem without using combofix?
  8. I`m sorry, I heard about bad experiences about using combofix in the past and I`d prefer not to use it. Could you draw any conclusions about the problem I have from the files I sent you?
  9. Hi Marius, Gmer said that it didn`t find any modifications and the text file was empty. Sieh an - ein Eidgenosse!
  10. Good afternoon, I hope you can help me. Both google chrome and IE keep loading the www.adf.ly website. Malwarebytes found a PUP "pricegong" but doesn`t seem to remove it completely. I found your instructions here: https://forums.malwarebytes.org/index.php?showtopic=130750 (logs arttached) but the problem is still there. Thank you. JRT.txt dds.txt MBAM-log-2013-11-13 (12-48-01).txt AdwCleanerS0.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.