acolis

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/17/23 Protection Event Time: 10:05 PM Log File: -Software Information- Version: 4.5.33.272 Components Version: 1.0.2069 Update Package Version: 1.0.72563 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: -Blocked Website Details- Malicious Website: 1 ,firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: sdr.tv IP Address: 188.40.208.165 Port: 80 Type: Outbound File: firefox.exe (end)

sdr.tv 188.40.208.165

All cleaned and done. Thank you very much for your expertice and help

Eset Report: C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll Win32/Toolbar.SearchSuite.B potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Internet Explorer Settings.exe Win32/Toolbar.SearchSuite.B potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\mgrldr.dll Win32/Toolbar.SearchSuite.B potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

Unfortunatly We need to end our work for the night (its night here). I bookmark this page. asked my friend not to download anything till tomorrow and will do the eset scan. Report back tomorrow.

Ran the scan but Log is disabled in settings so no mbam log. It didnt find any threats though. Its a russian OS so had to save the text as unicode. Still in russian though. Btw Did the trick. Chrome installed and running. Could you explain what step might did the trick? Heres the russian log: # AdwCleaner v3.214 - Отчёт создан 06/07/2014 at 21:05:20# Обновлено 29/06/2014 by Xplode# Операционная система : Windows Vista Home Premium Service Pack 1 (32 bits)# Имя пользователя : Oleg - LILA-PC# Запущено из : C:\AdwCleaner.exe# Настройки : Очистить ***** [ Службы ] ***** Service deleted:[#] Служба Удалена : BackupStack ***** [ Файлы / Папки ] ***** Folder deleted:Папка Удалена : C:\ProgramData\DataMngrПапка Удалена : C:\Program Files\Mail.RuПапка Удалена : C:\Program Files\SearchProtectПапка Удалена : C:\Program Files\Common Files\DVDVideoSoft\TBПапка Удалена : C:\Users\Oleg\AppData\Local\GamePlayLabs PluginПапка Удалена : C:\Users\Oleg\AppData\Local\iLividПапка Удалена : C:\Users\Oleg\AppData\Local\ilividmoviestoolbardlaПапка Удалена : C:\Users\Oleg\AppData\Local\Mail.RuПапка Удалена : C:\Users\Oleg\AppData\Local\SearchProtectПапка Удалена : C:\Users\Oleg\AppData\LocalLow\AVG Security ToolbarПапка Удалена : C:\Users\Oleg\AppData\LocalLow\ilividmoviestoolbardlaПапка Удалена : C:\Users\Oleg\AppData\LocalLow\Mail.RuПапка Удалена : C:\Users\Oleg\AppData\Roaming\VOPackageПапка Удалена : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC BackupПапка Удалена : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackageПапка Удалена : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\ilividmoviestoolbardla File Deleted:Файл Удалена : C:\Users\Oleg\Desktop\MyPC Backup.lnkФайл Удалена : C:\Users\Oleg\Desktop\Sync Folder.lnkФайл Удалена : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\.autoreg ***** [ Ярлыки ] ***** ***** [ Реестр (Regedit)] ***** Key Deleted:Ключ Удалён : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaociКлюч Удалён : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLКлюч Удалён : HKLM\SOFTWARE\Classes\Updater.AmiUpdКлюч Удалён : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backupКлюч Удалён : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec If correct translate, Instance Deleted:Значение Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MailRuUpdater] Key Deleted:Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Ключ Удалён : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Ключ Удалён : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}Ключ Удалён : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Instance deleted:Значение Удалён : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Значение Удалён : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Значение Удалён : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] \Key Deleted:Ключ Удалён : HKCU\Software\DataMngrКлюч Удалён : HKCU\Software\GamePlayLabsКлюч Удалён : HKLM\Software\DataMngrКлюч Удалён : HKLM\Software\SearchProtectКлюч Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC BackupКлюч Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC BackupКлюч Удалён : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Браузеры ] ***** -\\ Internet Explorer v7.0.6001.18639 -\\ Mozilla Firefox v File:[ Файл : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ] ************************* AdwCleaner[R0].txt - [5420 octets] - [06/07/2014 21:03:50]AdwCleaner[s0].txt - [5305 octets] - [06/07/2014 21:05:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5365 octets] ##########

Now will try to download install and run crhome

No malwarebytes log, disabled in options. didnt find anything # AdwCleaner v3.214 - ־עק¸ע סמחהאם 06/07/2014 at 21:05:20# ־בםמגכוםמ 29/06/2014 by Xplode# ־ןונאצטמםםא סטסעולא : Windows Vista Home Premium Service Pack 1 (32 bits)# ָל ןמכחמגאעוכ : Oleg - LILA-PC# ַאןףשוםמ טח : C:\AdwCleaner.exe# ֽאסענמיךט : ־קטסעטע ***** [ ׁכףזב ] ***** [#] ׁכףזבא ׃האכוםא : BackupStack ***** [ װאיכ / ֿאןךט ] ***** ֿאןךא ׃האכוםא : C:\ProgramData\DataMngrֿאןךא ׃האכוםא : C:\Program Files\Mail.Ruֿאןךא ׃האכוםא : C:\Program Files\SearchProtectֿאןךא ׃האכוםא : C:\Program Files\Common Files\DVDVideoSoft\TBֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\GamePlayLabs Pluginֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\iLividֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\ilividmoviestoolbardlaֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\Mail.Ruֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\SearchProtectֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\AVG Security Toolbarֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\ilividmoviestoolbardlaֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\Mail.Ruֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\VOPackageֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backupֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackageֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\ilividmoviestoolbardlaװאיכ ׃האכוםא : C:\Users\Oleg\Desktop\MyPC Backup.lnkװאיכ ׃האכוםא : C:\Users\Oleg\Desktop\Sync Folder.lnkװאיכ ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\.autoreg ***** [ נכךט ] ***** ***** [ ׀ווסענ ] ***** ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaociֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Updater.AmiUpdֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backupֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cecַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MailRuUpdater]ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}ַםאקוםטו ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]ַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]ַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]ֺכ‏ק ׃האכ¸ם : HKCU\Software\DataMngrֺכ‏ק ׃האכ¸ם : HKCU\Software\GamePlayLabsֺכ‏ק ׃האכ¸ם : HKLM\Software\DataMngrֺכ‏ק ׃האכ¸ם : HKLM\Software\SearchProtectֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backupֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backupֺכ‏ק ׃האכ¸ם : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ ֱנאףחונ ] ***** -\\ Internet Explorer v7.0.6001.18639 -\\ Mozilla Firefox v [ װאיכ : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ] ************************* AdwCleaner[R0].txt - [5420 octets] - [06/07/2014 21:03:50]AdwCleaner[s0].txt - [5305 octets] - [06/07/2014 21:05:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5365 octets] ########## Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01Ran by Oleg at 2014-07-06 20:24:50 Run:1Running from C:\Boot Mode: Normal ============================================== Content of fixlist:*****************StartHKU\.DEFAULT\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exeHKU\.DEFAULT\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -aHKU\.DEFAULT\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exeStartup: C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)C:\Program Files\MyPC BackupHKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [474624 2013-07-24] () <===== ATTENTIONC:\Program Files\Movies ToolbarShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileC:\Windows\Tasks\At6.job2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin2014-06-29 17:28 - 2014-07-06 16:57 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean2014-06-21 18:44 - 2014-06-30 22:25 - 00000432 _____ () C:\Windows\Tasks\At5.job2014-06-19 16:32 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At4.job2014-06-18 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At3.job2014-06-17 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At2.job2014-06-16 22:22 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At1.job2011-08-03 09:15 - 2011-08-03 09:15 - 00012393 ____A C:\Windows\system32\Drivers\etc\hostsTask: {284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD} - System32\Tasks\At6 => C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com <==== ATTENTIONTask: {6D844100-802A-428E-9A60-5CFC7C731AB3} - \At4 No Task File <==== ATTENTIONTask: {9A0E9242-D524-4DB7-A9E7-FB97BC3767F7} - \At2 No Task File <==== ATTENTIONTask: {9ADE2386-274F-4E4D-AE5D-882C302572E4} - \At1 No Task File <==== ATTENTIONTask: {A428735C-C978-4806-BF44-DCF1041DF041} - System32\Tasks\AmiUpdXp => C:\Users\Oleg\AppData\Local\24930\a10274.exe <==== ATTENTIONTask: {C51C8200-DE3A-4CAC-8FAE-03257C90CD40} - \At3 No Task File <==== ATTENTIONTask: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Oleg\AppData\Local\24930\a10274.exe <==== ATTENTIONTask: C:\Windows\Tasks\At1.job => ?Task: C:\Windows\Tasks\At2.job => ?Task: C:\Windows\Tasks\At3.job => ?Task: C:\Windows\Tasks\At4.job => ?Task: C:\Windows\Tasks\At5.job => ?Task: C:\Windows\Tasks\At6.job => ?AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}End***************** 'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ba3c0b-63fb-11e1-bd1c-00238be13344}' => Key deleted successfully.'HKCR\CLSID\{71ba3c0b-63fb-11e1-bd1c-00238be13344}'=> Key not found.'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78cc74d0-949e-11df-9a11-00238be13344}' => Key deleted successfully.'HKCR\CLSID\{78cc74d0-949e-11df-9a11-00238be13344}'=> Key not found.'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31da1a8-0cc5-11e0-ac9b-00238be13344}' => Key deleted successfully.'HKCR\CLSID\{c31da1a8-0cc5-11e0-ac9b-00238be13344}'=> Key not found.C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.C:\Program Files\MyPC Backup\MyPC Backup.exe => Moved successfully. "C:\Program Files\MyPC Backup" directory move: C:\Program Files\MyPC Backup\aff.conf => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.51.x86.dll => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.52.x64.dll => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.52.x86.dll => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.60.x64.dll => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.60.x86.dll => Moved successfully.C:\Program Files\MyPC Backup\AlphaVSS.Common.dll => Moved successfully.C:\Program Files\MyPC Backup\AWSSDK.dll => Moved successfully.C:\Program Files\MyPC Backup\BackupStack.exe => Moved successfully.C:\Program Files\MyPC Backup\Configuration Updater.exe => Moved successfully.C:\Program Files\MyPC Backup\Crypto32.dll => Moved successfully.C:\Program Files\MyPC Backup\Crypto64.dll => Moved successfully.C:\Program Files\MyPC Backup\de_DE.mo => Moved successfully.C:\Program Files\MyPC Backup\diffstack.dll => Moved successfully.C:\Program Files\MyPC Backup\es_ES.mo => Moved successfully.C:\Program Files\MyPC Backup\fr_FR.mo => Moved successfully.C:\Program Files\MyPC Backup\GetText.dll => Moved successfully.C:\Program Files\MyPC Backup\it_IT.mo => Moved successfully.C:\Program Files\MyPC Backup\LogicNP.EZShellExtensions.dll => Moved successfully.C:\Program Files\MyPC Backup\MPCBClient.dll => Moved successfully.C:\Program Files\MyPC Backup\MPCBContextMenu.dll => Moved successfully.C:\Program Files\MyPC Backup\MPCBIconOverlays.dll => Moved successfully.C:\Program Files\MyPC Backup\mypcbackup.ico => Moved successfully.C:\Program Files\MyPC Backup\ObjectListView.dll => Moved successfully.C:\Program Files\MyPC Backup\pt_PT.mo => Moved successfully.C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe => Moved successfully.C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe => Moved successfully.C:\Program Files\MyPC Backup\RestartExplorer.exe => Moved successfully.C:\Program Files\MyPC Backup\Service Start.exe => Moved successfully.C:\Program Files\MyPC Backup\Shared Stack.dll => Moved successfully.C:\Program Files\MyPC Backup\Signup Wizard.exe => Moved successfully.C:\Program Files\MyPC Backup\syncicon.ico => Moved successfully.C:\Program Files\MyPC Backup\syncing.ico => Moved successfully.C:\Program Files\MyPC Backup\tick.ico => Moved successfully.C:\Program Files\MyPC Backup\uninst.exe => Moved successfully.C:\Program Files\MyPC Backup\UnRegisterExtensions.exe => Moved successfully.C:\Program Files\MyPC Backup\Updater.exe => Moved successfully.C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll => Moved successfully.C:\Program Files\MyPC Backup\x64\System.Data.SQLite.dll => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_003b7a82-30d5-4ef6-ad73-ae6ffcbb217f_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_003b7a82-30d5-4ef6-ad73-ae6ffcbb217f_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_016a1719-d83e-46b2-8cdf-63cdf3bba573_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_016a1719-d83e-46b2-8cdf-63cdf3bba573_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_15c72710-b20d-45a2-bdea-f6d9766177ce_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_15c72710-b20d-45a2-bdea-f6d9766177ce_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_15d230e5-5eb5-41a5-8e27-695962ede9ff_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_15d230e5-5eb5-41a5-8e27-695962ede9ff_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_178cdd86-c685-429e-8326-4a4cc957d7d7_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_178cdd86-c685-429e-8326-4a4cc957d7d7_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_246cc4e9-ee5d-4e38-b581-79fc65f546f3_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_246cc4e9-ee5d-4e38-b581-79fc65f546f3_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_2c3a82fd-7ea0-4a1a-aa3f-08e5ba51cdc5_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_2c3a82fd-7ea0-4a1a-aa3f-08e5ba51cdc5_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3a77385d-47cc-42c7-95c5-4df5dd246b7f_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3a77385d-47cc-42c7-95c5-4df5dd246b7f_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3c8cdfa5-bdd8-441d-b2d7-5201df3f5280_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3c8cdfa5-bdd8-441d-b2d7-5201df3f5280_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3c90b89a-e0c1-4647-be0d-fe8881cfbb18_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_3c90b89a-e0c1-4647-be0d-fe8881cfbb18_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_4555ebf7-6a0e-47c5-b2a6-e4af80c32b7d_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_4555ebf7-6a0e-47c5-b2a6-e4af80c32b7d_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_457e8f5c-c707-4074-8c04-09c9adf91993_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_457e8f5c-c707-4074-8c04-09c9adf91993_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_46dd7ad7-b33b-4151-93a4-218df8623dfa_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_46dd7ad7-b33b-4151-93a4-218df8623dfa_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_55d1e343-0d3f-4a62-9737-a9ef2f7ed685_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_55d1e343-0d3f-4a62-9737-a9ef2f7ed685_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_5b69ef8b-ff45-4208-9f76-61343f1325ea_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_5b69ef8b-ff45-4208-9f76-61343f1325ea_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_5decba73-256c-4dce-8602-b72a3a12d930_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_5decba73-256c-4dce-8602-b72a3a12d930_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_67be5378-ff29-4288-985b-33ac05c5ad9b_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_67be5378-ff29-4288-985b-33ac05c5ad9b_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_6b34e105-95d7-47a9-a5b1-4e858381924b_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_6b34e105-95d7-47a9-a5b1-4e858381924b_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_79815e5f-250f-47b8-a606-bae970bc833b_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_79815e5f-250f-47b8-a606-bae970bc833b_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_8eae549a-9805-44af-ad9b-1a0ec0ef16ea_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_8eae549a-9805-44af-ad9b-1a0ec0ef16ea_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_9a029aa4-f887-4689-ae19-ca8502c74059_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_9a029aa4-f887-4689-ae19-ca8502c74059_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_9ac620bc-1037-406d-9ad3-d5685dc339c5_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_9ac620bc-1037-406d-9ad3-d5685dc339c5_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a3330b35-fe3d-4bf0-a7de-643d6cc6252a_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a3330b35-fe3d-4bf0-a7de-643d6cc6252a_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a6526a1c-d53a-472e-aabb-c39742a14d3d_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a6526a1c-d53a-472e-aabb-c39742a14d3d_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a9eba9c8-ac24-4431-b320-6c36d750d7c8_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_a9eba9c8-ac24-4431-b320-6c36d750d7c8_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_abb2107c-452d-4c0b-b82b-da811dc706bc_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_abb2107c-452d-4c0b-b82b-da811dc706bc_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_b34228fe-4840-443a-8294-590798016e88_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_b34228fe-4840-443a-8294-590798016e88_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_ca8c325d-f87f-4ac2-8bb3-1d980a9d174b_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_ca8c325d-f87f-4ac2-8bb3-1d980a9d174b_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_e28a3259-8817-4423-be98-efa90286b9ad_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_e28a3259-8817-4423-be98-efa90286b9ad_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_f60a3816-7b4d-4d52-b53f-b75f36c863d6_backupKeyCache.block => Moved successfully.C:\Program Files\MyPC Backup\Resources\keycache\_f60a3816-7b4d-4d52-b53f-b75f36c863d6_backupKeyCache.tree => Moved successfully.C:\Program Files\MyPC Backup\log\AUTH.log => Moved successfully.C:\Program Files\MyPC Backup\log\BACKOFF.log => Moved successfully.C:\Program Files\MyPC Backup\log\BACKUP.log => Moved successfully.C:\Program Files\MyPC Backup\log\BACKUP_COMPLETE.log => Moved successfully.C:\Program Files\MyPC Backup\log\CLIENT.log => Moved successfully.C:\Program Files\MyPC Backup\log\EXTERNAL_DRIVE.log => Moved successfully.C:\Program Files\MyPC Backup\log\GRID_RECOVERY.log => Moved successfully.C:\Program Files\MyPC Backup\log\GRID_RECOVERY_INIT.log => Moved successfully.C:\Program Files\MyPC Backup\log\LICENCE.log => Moved successfully.C:\Program Files\MyPC Backup\log\NETWORK_SHARES.log => Moved successfully.C:\Program Files\MyPC Backup\log\PERF_MON.log => Moved successfully.C:\Program Files\MyPC Backup\log\REMOTING.log => Moved successfully.C:\Program Files\MyPC Backup\log\REQUEST.log => Moved successfully.C:\Program Files\MyPC Backup\log\SERVICE.log => Moved successfully.C:\Program Files\MyPC Backup\log\SHELL.log => Moved successfully.C:\Program Files\MyPC Backup\log\UPDATER.log => Moved successfully.C:\Program Files\MyPC Backup\log\UTC_MIGRATION.log => Moved successfully.C:\Program Files\MyPC Backup\log\WAIT_HANDLES.log => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_backup_conf.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_backup_id.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_file_cache.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_queues.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_settings.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_sig_cache.db => Moved successfully.C:\Program Files\MyPC Backup\Database\mpcb_version_queue.db => Moved successfully.C:\Program Files\MyPC Backup\Config\api.ts2 => Moved successfully.Could not move "C:\Program Files\MyPC Backup" directory. => Scheduled to move on reboot. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.C:\Program Files\Movies Toolbar => Moved successfully.'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.C:\Windows\Tasks\At6.job => Moved successfully.C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin => Moved successfully.C:\Users\Oleg\Documents\PCSpeedClean => Moved successfully.C:\Windows\Tasks\At5.job => Moved successfully.C:\Windows\Tasks\At4.job => Moved successfully.C:\Windows\Tasks\At3.job => Moved successfully.C:\Windows\Tasks\At2.job => Moved successfully.C:\Windows\Tasks\At1.job => Moved successfully.C:\Windows\system32\Drivers\etc\hosts => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD}' => Key deleted successfully.C:\Windows\System32\Tasks\At6 => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D844100-802A-428E-9A60-5CFC7C731AB3}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D844100-802A-428E-9A60-5CFC7C731AB3}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A0E9242-D524-4DB7-A9E7-FB97BC3767F7}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0E9242-D524-4DB7-A9E7-FB97BC3767F7}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADE2386-274F-4E4D-AE5D-882C302572E4}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADE2386-274F-4E4D-AE5D-882C302572E4}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A428735C-C978-4806-BF44-DCF1041DF041}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A428735C-C978-4806-BF44-DCF1041DF041}' => Key deleted successfully.C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C51C8200-DE3A-4CAC-8FAE-03257C90CD40}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51C8200-DE3A-4CAC-8FAE-03257C90CD40}' => Key deleted successfully.'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3' => Key deleted successfully.C:\Windows\Tasks\AmiUpdXp.job => Moved successfully.C:\Windows\Tasks\At1.job not found.C:\Windows\Tasks\At2.job not found.C:\Windows\Tasks\At3.job not found.C:\Windows\Tasks\At4.job not found.C:\Windows\Tasks\At5.job not found.C:\Windows\Tasks\At6.job not found.C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-06 20:27:09)<= C:\Program Files\MyPC Backup => Is moved successfully. ==== End of Fixlog ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows Vista Home Premium x86Ran by Oleg on Sun 07/06/2014 at 21:09:44.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URLSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Oleg\AppData\Roaming\getrighttogo"Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 07/06/2014 at 21:14:47.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by Oleg (administrator) on LILA-PC on 06-07-2014 19:18:27 Running from C:\ Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Русский (Россия) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\Join Air\UIExec.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Nullsoft) C:\Program Files\Winamp\winampa.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (AudioVkontakte.ru) C:\ProgramData\VKSaver\VKSaver.exe (Mail.Ru) C:\Users\Oleg\AppData\Local\MailRu\MailRuUpdater.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (Realtek) C:\Program Files\LevelOne\WUA-0605\RtlService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe () C:\Program Files\SMINST\BLService.exe (Realtek Semiconductor Corp.) C:\Program Files\LevelOne\WUA-0605\RtWLan.exe (MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Windows\System32\wercon.exe () C:\Program Files\Join Air\AssistantServices.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft) C:\Program Files\MyPC Backup\Updater.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-01] (AVAST Software) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-01-20] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [updatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-12-24] (CyberLink Corp.) HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [uIExec] => C:\Program Files\Join Air\UIExec.exe [138584 2010-09-19] () HKLM\...\Run: [uCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.) HKLM\...\Run: [Guard.Mail.ru.gui] => C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-06-28] () HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [39424 2009-12-18] (Nullsoft) HKLM\...\Run: [VKSaver] => C:\ProgramData\VKSaver\VKSaver.exe [239616 2014-05-24] (AudioVkontakte.ru) HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMwA4ADcANwAwADAANgAwADUALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBDAEkAUAArADIALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894 HKU\.DEFAULT\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0 HKU\.DEFAULT\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exe HKU\.DEFAULT\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -a HKU\.DEFAULT\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exe HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [MailRuUpdater] => C:\Users\Oleg\AppData\Local\MailRu\MailRuUpdater.exe [2232352 2014-06-17] (Mail.Ru) HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-24] (Piriform Ltd) HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: H - H:\Install.exe HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: I - I:\LaunchU3.exe -a HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {300a505d-893b-11e0-91c7-00238be13344} - G:\LaunchU3.exe -a HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {442c1df5-b6ee-11e0-9238-00238be13344} - I:\LaunchU3.exe -a HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exe HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -a HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {bc63f4a9-ac56-11df-af8e-00238be13344} - F:\wubi.exe --cdmenu HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exe HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {c39750bd-9f5d-11df-8ab1-00238be13344} - I:\LaunchU3.exe -a Startup: C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [474624 2013-07-24] () <===== ATTENTION ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk /r \??\G:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) SearchScopes: HKLM - DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=135294&text={searchTerms} SearchScopes: HKLM - Yandex URL = http://yandex.ru/yandsearch?clid=135294&text={searchTerms} SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf2 SearchScopes: HKCU - Yandex URL = http://yandex.ru/yandsearch?clid=135294&text={searchTerms} SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=n8483-63&apn_uid=9765594060534817&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4c6a1014&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf2 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: MailRuBHO Class - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС») Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС») Toolbar: HKCU - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5 FireFox: ======== FF ProfilePath: C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2014-06-28] FF Extension: Яндекс.Бар - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru [2010-12-11] FF Extension: Спутник @Mail.Ru - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2011-04-26] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01] ========================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [81920 2009-01-20] (Andrea Electronics Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It) S3 DFSR; C:\Windows\system32\DFSR.exe [2091520 2008-01-21] (Корпорация Майкрософт) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-06-28] () S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation) R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed] R2 Realtek11nSU; C:\Program Files\LevelOne\WUA-0605\RtlService.exe [40960 2009-06-30] (Realtek) [File not signed] R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-26] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [249938 2009-01-20] (IDT, Inc.) R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [252784 2010-09-19] () S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Корпорация Майкрософт) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-01] () S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Корпорация Intel) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [44760 2014-06-04] () S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed] R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-20] () [File not signed] R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2011-06-28] (PACE Anti-Piracy, Inc.) R3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athw.sys [1630056 2011-06-02] (TamoSoft) U3 aecln6rp; C:\Windows\system32\Drivers\aecln6rp.sys [0 ] (Microsoft Corporation) S3 cpuz132; \??\C:\Users\Oleg\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-06 19:18 - 2014-07-06 19:19 - 00023409 _____ () C:\FRST.txt 2014-07-06 19:18 - 2014-07-06 19:18 - 00000000 ____D () C:\FRST 2014-07-06 19:13 - 2014-07-06 19:11 - 01074688 _____ (Farbar) C:\FRST.exe 2014-07-06 17:15 - 2014-07-06 17:15 - 00001014 _____ () C:\Windows\PFRO.log 2014-07-06 16:30 - 2014-07-06 16:30 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-06 16:30 - 2014-07-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-06 16:29 - 2014-07-06 16:30 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-06 16:16 - 2014-07-06 16:17 - 00000000 ____D () C:\Users\Oleg\Documents\Visual Studio 2008 2014-07-01 22:32 - 2014-07-01 22:32 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\AVAST Software 2014-07-01 22:31 - 2014-07-06 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-01 22:31 - 2014-07-01 22:31 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-01 22:31 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-01 22:30 - 2014-07-06 16:03 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-01 22:30 - 2014-07-01 22:30 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 22:30 - 2014-07-01 22:30 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-01 22:29 - 2014-07-06 17:39 - 00000000 ____D () C:\Users\Oleg\Desktop\mbar 2014-07-01 22:29 - 2014-07-01 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-01 22:29 - 2014-07-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-01 22:28 - 2014-07-01 22:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit 2014-07-01 22:28 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-07-01 22:28 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-07-01 22:27 - 2014-07-01 22:27 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-01 22:26 - 2014-07-06 17:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 22:26 - 2014-07-01 22:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-01 22:25 - 2014-07-06 17:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-01 22:25 - 2014-07-01 22:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-01 22:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-01 22:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-30 22:32 - 2014-07-06 19:13 - 00000000 ____D () C:\Windows\pss 2014-06-30 22:31 - 2014-07-06 17:08 - 00000432 _____ () C:\Windows\Tasks\At6.job 2014-06-30 22:03 - 2010-06-16 18:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreset 2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin 2014-06-29 17:28 - 2014-07-06 16:57 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean 2014-06-28 22:05 - 2014-06-28 22:05 - 00000000 ____D () C:\Program Files\Аудио и видео скачивание 2014-06-26 01:24 - 2014-06-26 01:24 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay LLC 2014-06-26 01:23 - 2014-06-26 01:25 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay 2014-06-26 01:23 - 2014-06-26 01:23 - 00000874 _____ () C:\Users\Public\Desktop\MediaPlay.lnk 2014-06-26 01:23 - 2014-06-26 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaPlay 2014-06-21 18:44 - 2014-06-30 22:25 - 00000432 _____ () C:\Windows\Tasks\At5.job 2014-06-19 16:32 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At4.job 2014-06-18 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At3.job 2014-06-17 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At2.job 2014-06-16 22:22 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At1.job 2014-06-07 22:16 - 2014-06-25 22:08 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MailRu 2014-06-07 22:13 - 2014-06-07 22:32 - 00000175 _____ () C:\Users\Oleg\Desktop\Искать в Интернете.url 2014-06-07 21:56 - 2014-07-01 16:49 - 00000000 ____D () C:\Users\Oleg\Desktop\staray 2014-06-07 04:23 - 2014-07-06 19:20 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Mail.Ru ==================== One Month Modified Files and Folders ======= 2014-07-06 19:20 - 2014-06-07 04:23 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Mail.Ru 2014-07-06 19:19 - 2014-07-06 19:18 - 00023409 _____ () C:\FRST.txt 2014-07-06 19:18 - 2014-07-06 19:18 - 00000000 ____D () C:\FRST 2014-07-06 19:18 - 2010-07-20 16:49 - 00000285 _____ () C:\ProgramData\hpqp.ini 2014-07-06 19:17 - 2006-11-02 15:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-06 19:16 - 2014-05-23 20:03 - 00000340 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-07-06 19:16 - 2011-12-08 21:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-06 19:16 - 2006-11-02 16:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-06 19:16 - 2006-11-02 15:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-06 19:14 - 2006-11-02 13:33 - 02094110 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-06 19:13 - 2014-06-30 22:32 - 00000000 ____D () C:\Windows\pss 2014-07-06 19:11 - 2014-07-06 19:13 - 01074688 _____ (Farbar) C:\FRST.exe 2014-07-06 17:39 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-06 17:39 - 2014-07-01 22:29 - 00000000 ____D () C:\Users\Oleg\Desktop\mbar 2014-07-06 17:39 - 2014-07-01 22:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 17:20 - 2014-07-01 22:25 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 17:18 - 2006-11-02 16:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-06 17:15 - 2014-07-06 17:15 - 00001014 _____ () C:\Windows\PFRO.log 2014-07-06 17:15 - 2014-06-19 16:32 - 00000364 _____ () C:\Windows\Tasks\At4.job 2014-07-06 17:15 - 2014-06-18 21:39 - 00000364 _____ () C:\Windows\Tasks\At3.job 2014-07-06 17:15 - 2014-06-17 21:39 - 00000364 _____ () C:\Windows\Tasks\At2.job 2014-07-06 17:15 - 2014-06-16 22:22 - 00000364 _____ () C:\Windows\Tasks\At1.job 2014-07-06 17:14 - 2010-07-20 16:40 - 01259975 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 17:12 - 2012-12-30 14:38 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Media Player Classic 2014-07-06 17:12 - 2010-08-20 15:28 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\DAEMON Tools Lite 2014-07-06 17:12 - 2010-07-26 06:46 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\uTorrent 2014-07-06 17:11 - 2010-12-17 13:51 - 00000000 ____D () C:\Windows\Minidump 2014-07-06 17:11 - 2009-03-16 14:33 - 00000000 ____D () C:\Windows\panther 2014-07-06 17:11 - 2006-11-02 14:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-07-06 17:08 - 2014-06-30 22:31 - 00000432 _____ () C:\Windows\Tasks\At6.job 2014-07-06 16:57 - 2014-06-29 17:28 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean 2014-07-06 16:56 - 2010-07-21 12:33 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Deployment 2014-07-06 16:54 - 2010-07-20 17:21 - 00078280 _____ () C:\Users\Oleg\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-06 16:40 - 2006-11-02 15:47 - 00311880 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-06 16:36 - 2010-12-23 20:29 - 00000000 ____D () C:\Program Files\PokerStars 2014-07-06 16:34 - 2010-07-21 12:34 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-06 16:30 - 2014-07-06 16:30 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-06 16:30 - 2014-07-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-06 16:30 - 2014-07-06 16:29 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-06 16:17 - 2014-07-06 16:16 - 00000000 ____D () C:\Users\Oleg\Documents\Visual Studio 2008 2014-07-06 16:03 - 2014-07-01 22:30 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-02 01:05 - 2011-04-16 06:56 - 00000000 ____D () C:\Users\Oleg\AppData\Local\GamePlayLabs Plugin 2014-07-02 00:10 - 2011-06-26 06:16 - 00000000 ____D () C:\Program Files\Unlocker 2014-07-02 00:10 - 2010-11-15 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-07-02 00:10 - 2010-11-15 09:48 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-07-02 00:08 - 2011-07-23 13:23 - 00000000 ____D () C:\Program Files\HDD Regenerator 2014-07-01 23:56 - 2010-08-20 15:50 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL 2 2014-07-01 23:55 - 2010-07-20 17:05 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-01 23:55 - 2010-07-20 16:59 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Adobe 2014-07-01 22:33 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-01 22:32 - 2014-07-01 22:32 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\AVAST Software 2014-07-01 22:31 - 2014-07-01 22:31 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-01 22:31 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-01 22:30 - 2014-07-01 22:30 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-01 22:30 - 2014-07-01 22:30 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-01 22:30 - 2014-07-01 22:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 22:30 - 2014-07-01 22:30 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-01 22:29 - 2014-07-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-01 22:29 - 2014-07-01 22:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit 2014-07-01 22:27 - 2014-07-01 22:27 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-01 22:27 - 2014-07-01 22:26 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-01 22:25 - 2014-07-01 22:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-01 16:49 - 2014-06-07 21:56 - 00000000 ____D () C:\Users\Oleg\Desktop\staray 2014-07-01 16:49 - 2014-05-23 20:05 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\VOPackage 2014-07-01 16:49 - 2014-05-23 20:03 - 00000000 ____D () C:\Users\Oleg\AppData\Local\24930 2014-07-01 16:49 - 2014-05-17 21:14 - 00000000 ____D () C:\Users\Oleg\Desktop\lll 2014-07-01 16:49 - 2006-11-02 15:37 - 00000000 ____D () C:\Windows\ShellNew 2014-06-30 22:30 - 2006-11-02 13:23 - 00000007 ___SH () C:\autoexec.bat 2014-06-30 22:25 - 2014-06-21 18:44 - 00000432 _____ () C:\Windows\Tasks\At5.job 2014-06-30 18:36 - 2014-05-23 20:02 - 00000000 ____D () C:\Program Files\SearchProtect 2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin 2014-06-29 17:30 - 2010-07-21 12:31 - 00000069 _____ () C:\Windows\NeroDigital.ini 2014-06-29 17:28 - 2014-05-23 20:03 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\PC Speed Clean 2014-06-28 22:05 - 2014-06-28 22:05 - 00000000 ____D () C:\Program Files\Аудио и видео скачивание 2014-06-28 22:03 - 2010-07-26 06:55 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Winamp 2014-06-28 01:01 - 2010-12-30 12:48 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru 2014-06-27 21:18 - 2013-10-03 21:48 - 00000000 ____D () C:\Users\Oleg\Desktop\shirim 2014-06-27 21:05 - 2013-10-03 21:55 - 00000000 ____D () C:\Users\Oleg\Desktop\Led Zeppelin II 2014-06-26 16:11 - 2010-08-05 16:42 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2014-06-26 01:25 - 2014-06-26 01:23 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay 2014-06-26 01:24 - 2014-06-26 01:24 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay LLC 2014-06-26 01:23 - 2014-06-26 01:23 - 00000874 _____ () C:\Users\Public\Desktop\MediaPlay.lnk 2014-06-26 01:23 - 2014-06-26 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaPlay 2014-06-25 22:08 - 2014-06-07 22:16 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MailRu 2014-06-14 10:06 - 2011-04-05 20:10 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Dropbox 2014-06-12 11:39 - 2013-07-18 22:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 11:18 - 2010-07-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 11:10 - 2006-11-02 13:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-08 21:07 - 2011-08-03 09:20 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Loc.Mail.Bron.Tok 2014-06-07 22:32 - 2014-06-07 22:13 - 00000175 _____ () C:\Users\Oleg\Desktop\Искать в Интернете.url Files to move or delete: ==================== C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-06 19:23 ==================== End Of Log ============================ Addition.txt

The infected computer is of a friend of mine. Its a laptop. Vista 32Bit After scanning the hard drive in my computer (attached via usb) with malwarebytes, and avast antivirus, and using malwarebytes anti rootkit the chrome browser doesnt work. crash imidiatly and saying its a dep issue, fully uninstalling it or installing a portable version of it didnt help. Internet explorer work ok. Now scanning the system in safe mode with malwarebytes anti malware and anti rootkit. Further assistance needed regarding the chome crash issue. Thank you for your help.