svchost virus and police scam help

Lindaru · July 28, 2013

This scam window appeared last night and locked my entire computer saying that I have broken law and that I have to pay 100 euros in order to unlock it.

I opened Task Manager and noticed that it was svchost.exe, so I though it might be trojan or worse.
I installed Malwarebytes Anti-malware to fix this problem but it may not find it at all, I use Vista also.

Is there any fix for this?

MrCharlie · July 28, 2013

Welcome to the forum, here's how we deal with that malware:

Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
- - Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    Select Command Prompt
    Once in the Command Prompt:
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Lindaru · July 28, 2013

Thank you for the help.
I think I found the reason for that scam thing, I went to safe mode and let Malwarebytes rootkit do it's job I found these:

Infected: HKLM\SOFTWARE\CLASSES\VideoEgg.ActiveXLoader --> [Adware.VideoEgg]
Infected: c:\Users\User\AppData\Local\Temp\fvJcrgR.exe --> [Exploit.Drop.GS]
Infected: c:\Users\User\AppData\Roaming\cglogs.dat --> [Malware.Trace]
Infected: c:\Users\Public\Documents\Server\admin.txt --> [Malware.Trace]
Infected: c:\Users\Public\Documents\Server\server.dat --> [Malware.Trace]
Infected: HKCU\SOFTWARE\VideoEgg --> [Adware.VideoEgg]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU --> [backdoor.HMCPol.Gen]
Infected: HKCU\SOFTWARE\MOZILLAPLUGINS\@videoegg.com/Publisher,version=1.5 --> [Adware.VideoEgg]
Infected: HKLM\SOFTWARE\VideoEgg --> [Adware.VideoEgg]
Infected: HKLM\SOFTWARE\MOZILLAPLUGINS\@videoegg.com/Publisher,version=1.5 --> [Adware.VideoEgg]
Infected: c:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K9NGCWU\SvchostAnalyzer[1].exe --> [Heuristics.Reserved.Word.Exploit].

What are Exploit.Drop.GS and Malware.Trace?
When I tooked these out and rebooted my computer, there was not any scam screens anymore.

MrCharlie · July 28, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (pick the correct version)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Lindaru · July 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Pertti (administrator) on 28-07-2013 18:14:15
Running from C:\Users\Pertti\Desktop
Microsoft® Windows Vista™ Home Basic (X86) OS Language: 040B
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
( ) C:\Windows\system32\lxebcoms.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Common\FSHDLL32.EXE
() C:\Windows\system32\PnkBstrA.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
() C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(F-Secure Corporation) C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
() C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
(Yuna Software) C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
(Blabbers Communications LTD) C:\Program Files\BrowserCompanion\BCHelper.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Rambler) C:\Users\Pertti\AppData\Local\Rambler\RamblerUpdater\RUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMA.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(ITE Tech Inc.) C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
(Microsoft Corporation) C:\Windows\system32\msconfig.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingBar.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-09-07] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [869936 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-09] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [siSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2007-08-14] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [TouchPadHotKey] - C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [364544 2007-08-13] ()
HKLM\...\Run: [symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [517768 2007-03-12] (Symantec Corporation)
HKLM\...\Run: [F-Secure Manager] - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE [199264 2009-08-05] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] - C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe [2349664 2009-08-05] (F-Secure Corporation)
HKLM\...\Run: [NapsterShell] - C:\Program Files\Napster\napster.exe /systray [x]
HKLM\...\Run: [lxebmon.exe] - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2010-05-05] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2010-05-05] ()
HKLM\...\Run: [DivX Download Manager] - "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [PlusService] - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304 2013-01-23] (Yuna Software)
HKLM\...\Run: [browser companion helper] - C:\Program Files\BrowserCompanion\BCHelper.exe [192816 2011-10-27] (Blabbers Communications LTD)
HKLM\...\Run: [ALUAlert] - C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [492912 2007-09-26] (Symantec Corporation)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296056 2011-12-04] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [FileZilla Server Interface] - C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-10-26] (Nullsoft, Inc.)
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [217544 2008-02-22] (Alcohol Soft Development Team)
HKCU\...\Run: [eMuleAutoStart] - C:\Program Files\easyMule\eMule.exe -AutoStart [x]
HKCU\...\Run: [steam] - C:\Program Files\Steam\steam.exe [1631144 2013-03-29] (Valve Corporation)
HKCU\...\Run: [Rambler Update] - C:\Users\Pertti\AppData\Local\Rambler\RamblerUpdater\RUpdate.exe [1215696 2012-09-27] (Rambler)
HKCU\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray [x]
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {87605c6d-c784-11dd-8c78-806e6f6e6963} - D:\VMC_PBStarter.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
HKU\Linda\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
HKU\Linda\...\Policies\system: [LogonHoursAction] 2
HKU\Linda\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlayStation® sisällönhallinta-apu.lnk
ShortcutTarget: PlayStation® sisällönhallinta-apu.lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WirelessSelector.lnk
ShortcutTarget: WirelessSelector.lnk -> C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe (ITE Tech Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2949154
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
SearchScopes: HKCU - {25477387-2310-45df-933D-E9416D3D0303} URL = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = http://plusnetwork.com/?sp=brw&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {892936CE-24E5-486E-A5B3-B6F232CF202B} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A02C43D8-0356-4EB2-A88C-65BBDAFE4845}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2949154
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
BHO: Ginyas Browser Companion - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Ginyas Browser Companion Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
BHO: No Name - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Browsing Protection Class - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Elisa Tietoturvapalvelu\NRS\iescript\baselitmus.dll (F-Secure Corporation)
BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
Toolbar: HKLM - HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Elisa Tietoturvapalvelu\NRS\iescript\baselitmus.dll (F-Secure Corporation)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
Toolbar: HKCU -No Name - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No File
Toolbar: HKCU -No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default
FF user.js: detected! => C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\user.js

FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=2 - C:\Users\Pertti\AppData\Local\Google\Update\1.2.121.9\npGoogleOneClick.dll No File
FF SearchPlugin: C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\searchplugins\Messenger Plus Smartbar Search.xml
FF SearchPlugin: C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\esnips.xml
FF Extension: No Name - C:\Users\Pertti\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ginyas Browser Companion - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\bbrs_002@blabbers.com
FF Extension: LavaFox V2-Green - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\zigboom@ymail.com
FF Extension: firefox - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: survey-remover - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\survey-remover@gmx.com.xpi
FF Extension: No Name - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Pertti\AppData\Roaming\Mozilla\Firefox\Profiles\x43lo7fe.default\Extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}.xpi
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] C:\Program Files\Elisa Tietoturvapalvelu\NRS\litmus-ff@f-secure.com
FF Extension: No Name - C:\Program Files\Elisa Tietoturvapalvelu\NRS\litmus-ff@f-secure.com
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

Chrome:
=======
CHR Extension: (Ginyas Browser Companion) - C:\Users\Pertti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0
CHR HKLM\...\Chrome\Extension: [bdfnefeleaelcjifkbdfbfnhdbdlhmlk] - C:\Users\Pertti\AppData\Local\Temp\bdfnefeleaelcjifkbdfbfnhdbdlhmlk.crx
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Pertti\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Pertti\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx

========================== Services (Whitelisted) =================

R2 Automaattinen LiveUpdate-ajastustoiminto; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe [215648 2009-08-05] (F-Secure Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R3 FSDFWD; C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe [522848 2009-08-05] (F-Secure Corporation)
R2 FSMA; C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE [186976 2009-08-05] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe [60352 2013-06-06] (F-Secure Corporation)
S2 gupdate1c9e45b5d191831; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-03] (Google Inc.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [284296 2007-03-12] (Symantec Corporation)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-05-13] ()
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-05] (Viewpoint Corporation)
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S2 WebCake Desktop Updater; "C:\Program Files\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Pertti\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
S2 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
R3 F-Secure Gatekeeper; C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Elisa Tietoturvapalvelu\HIPS\drivers\fshs.sys [68064 2009-08-05] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2012-08-15] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [36792 2010-12-16] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [73160 2010-12-16] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [12384 2009-08-05] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [29184 2006-05-31] (http://libusb-win32.sourceforge.net)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-07-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [6656 2006-11-02] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 PsSdk30; C:\Windows\system32\Drivers\PsSdk30.drv [22528 2009-07-10] ()
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [36928 2011-01-16] (microOLAP Technologies LTD)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [14168 2007-07-30] (Zeal SoftStudio)
S1 alfijeag; \??\C:\Windows\system32\drivers\alfijeag.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S1 mftqdiuw; \??\C:\Windows\system32\drivers\mftqdiuw.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-28 18:14 - 2013-07-28 18:14 - 00000000 ____D C:\FRST
2013-07-28 18:13 - 2013-07-28 18:13 - 01221130 _____ (Farbar) C:\Users\Pertti\Desktop\FRST.exe
2013-07-28 18:09 - 2013-07-28 18:09 - 00000508 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-07-28 16:57 - 2013-07-28 17:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-28 16:56 - 2013-07-28 16:56 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-07-28 16:46 - 2013-07-28 17:36 - 00000000 ____D C:\Users\Pertti\mbar
2013-07-28 16:44 - 2013-07-28 16:44 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe
2013-07-28 16:37 - 2013-07-28 16:37 - 00000000 ____D C:\Users\Linda\AppData\Local\WinZip
2013-07-28 10:30 - 2013-07-28 10:56 - 00002406 _____ C:\Users\Pertti\Desktop\Rkill.txt
2013-07-28 10:12 - 2013-07-28 10:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-28 09:49 - 2013-07-28 09:49 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-07-28 03:45 - 2013-07-28 03:45 - 00054016 _____ C:\Windows\system32\Drivers\icup.sys
2013-07-28 03:17 - 2013-07-28 03:47 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Winamp
2013-07-28 03:08 - 2013-07-28 03:23 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 01:07 - 2013-07-28 01:07 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\Malwarebytes
2013-07-28 01:06 - 2013-07-28 01:06 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-28 01:06 - 2013-07-28 01:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 01:06 - 2013-07-28 01:06 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 01:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-28 00:48 - 2013-07-28 00:48 - 00000000 ____D C:\Users\Linda\AppData\Local\Macromedia
2013-07-28 00:21 - 2013-07-28 16:27 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Skype
2013-07-27 23:22 - 2013-07-27 23:22 - 00002276 _____ C:\Windows\epplauncher.mif
2013-07-27 22:20 - 2013-07-27 22:20 - 00000000 ____D C:\0ad80e917c990b045380cb
2013-07-27 22:01 - 2013-07-27 22:01 - 00000000 ____D C:\Users\Linda\AppData\Roaming\F-Secure
2013-07-27 21:48 - 2013-07-27 21:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-27 21:28 - 2013-07-27 21:28 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Macromedia
2013-07-27 20:17 - 2013-07-27 20:17 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Sony Corporation
2013-07-27 19:48 - 2013-07-27 19:48 - 00177640 _____ C:\Users\Pertti\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-23 00:08 - 2013-02-27 15:56 - 00131072 _____ C:\Users\Pertti\Desktop\SLUS_01297-7.mcr
2013-07-20 21:00 - 2013-07-20 21:00 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\DownLite
2013-07-20 20:59 - 2013-07-20 21:00 - 00000000 ____D C:\Program Files\DownLite
2013-07-19 23:31 - 2013-07-19 23:31 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-17 01:56 - 2013-07-17 10:46 - 00002505 _____ C:\Users\Pertti\LOST LYRICKS.txt
2013-07-10 10:44 - 2013-07-10 11:04 - 00000000 ____D C:\Program Files\JDownloader
2013-07-10 10:39 - 2013-07-10 10:40 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Pertti\Downloads\WebInstaller(1).exe
2013-07-08 16:16 - 2013-07-08 16:59 - 131174400 _____ C:\Users\Pertti\Downloads\Final_Fantasy_III_USA_PSN_PSP-PLAYASiA.ffinsider.iso

==================== One Month Modified Files and Folders =======

2013-07-28 18:14 - 2011-09-20 05:48 - 05866781 _____ C:\action.log
2013-07-28 18:13 - 2013-07-28 18:13 - 01221130 _____ (Farbar) C:\Users\Pertti\Desktop\FRST.exe
2013-07-28 18:12 - 2011-09-20 05:48 - 00655360 _____ C:\alertlog.dat
2013-07-28 18:09 - 2013-07-28 18:09 - 00000508 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-07-28 18:02 - 2008-03-25 22:39 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\Skype
2013-07-28 17:58 - 2013-01-25 18:13 - 00000932 _____ C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
2013-07-28 17:52 - 2007-12-21 15:58 - 00000000 ____D C:\Users\Pertti
2013-07-28 17:44 - 2012-01-07 23:17 - 00000000 ____D C:\Program Files\Steam
2013-07-28 17:42 - 2010-12-23 12:28 - 00140300 _____ C:\ProgramData\lxebscan.log
2013-07-28 17:39 - 2013-07-28 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-28 17:38 - 2013-01-25 18:12 - 00001000 _____ C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
2013-07-28 17:38 - 2013-01-25 18:12 - 00001000 _____ C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
2013-07-28 17:37 - 2013-01-25 18:13 - 00001000 _____ C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
2013-07-28 17:37 - 2013-01-25 18:12 - 00000000 ____D C:\ProgramData\GinyasBrowserCompanion
2013-07-28 17:37 - 2009-06-30 19:18 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 17:37 - 2007-12-21 23:30 - 00261758 _____ C:\Windows\PFRO.log
2013-07-28 17:37 - 2006-11-02 15:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 17:37 - 2006-11-02 15:45 - 00003200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:37 - 2006-11-02 15:45 - 00003200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:36 - 2013-07-28 16:46 - 00000000 ____D C:\Users\Pertti\mbar
2013-07-28 17:36 - 2010-12-16 17:58 - 00000000 ___HD C:\Users\Public\Documents\Server
2013-07-28 17:36 - 2006-11-02 14:18 - 00000000 ____D C:\Windows\tapi
2013-07-28 17:20 - 2008-02-27 13:15 - 00001356 _____ C:\Users\Pertti\AppData\Local\d3d9caps.dat
2013-07-28 16:56 - 2013-07-28 16:56 - 00031560 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-07-28 16:50 - 2006-11-02 15:58 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-28 16:49 - 2007-12-21 23:38 - 01891908 _____ C:\Windows\WindowsUpdate.log
2013-07-28 16:44 - 2013-07-28 16:44 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe
2013-07-28 16:40 - 2013-06-01 09:31 - 00000000 ____D C:\Users\Linda\Desktop\mbar
2013-07-28 16:37 - 2013-07-28 16:37 - 00000000 ____D C:\Users\Linda\AppData\Local\WinZip
2013-07-28 16:37 - 2012-07-09 09:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 16:32 - 2009-06-30 19:19 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 16:27 - 2013-07-28 00:21 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Skype
2013-07-28 10:56 - 2013-07-28 10:30 - 00002406 _____ C:\Users\Pertti\Desktop\Rkill.txt
2013-07-28 10:12 - 2013-07-28 10:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-28 09:49 - 2013-07-28 09:49 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-07-28 09:45 - 2011-06-11 17:50 - 00000000 ____D C:\Windows\Minidump
2013-07-28 03:47 - 2013-07-28 03:17 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Winamp
2013-07-28 03:45 - 2013-07-28 03:45 - 00054016 _____ C:\Windows\system32\Drivers\icup.sys
2013-07-28 03:23 - 2013-07-28 03:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 03:12 - 2008-03-25 22:38 - 00000000 ____D C:\ProgramData\Skype
2013-07-28 03:11 - 2013-02-19 18:07 - 00002493 _____ C:\Users\Public\Desktop\Skype.lnk
2013-07-28 01:07 - 2013-07-28 01:07 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\Malwarebytes
2013-07-28 01:06 - 2013-07-28 01:06 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-28 01:06 - 2013-07-28 01:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 01:06 - 2013-07-28 01:06 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 00:48 - 2013-07-28 00:48 - 00000000 ____D C:\Users\Linda\AppData\Local\Macromedia
2013-07-28 00:21 - 2013-02-19 18:07 - 00000000 ___RD C:\Program Files\Skype
2013-07-28 00:16 - 2011-09-16 15:33 - 76650552 _____ C:\ProgramData\lxeb.log
2013-07-27 23:22 - 2013-07-27 23:22 - 00002276 _____ C:\Windows\epplauncher.mif
2013-07-27 23:05 - 2011-07-22 02:23 - 00000440 ____H C:\Windows\Tasks\User_Feed_Synchronization-{3792B88E-14EB-4F68-A893-A0DFEBA2F3F8}.job
2013-07-27 22:20 - 2013-07-27 22:20 - 00000000 ____D C:\0ad80e917c990b045380cb
2013-07-27 22:01 - 2013-07-27 22:01 - 00000000 ____D C:\Users\Linda\AppData\Roaming\F-Secure
2013-07-27 21:48 - 2013-07-27 21:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-27 21:28 - 2013-07-27 21:28 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Macromedia
2013-07-27 20:30 - 2008-09-25 07:10 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Adobe
2013-07-27 20:17 - 2013-07-27 20:17 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Sony Corporation
2013-07-27 19:48 - 2013-07-27 19:48 - 00177640 _____ C:\Users\Pertti\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-26 01:53 - 2007-12-25 16:57 - 00241664 _____ C:\Users\Pertti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-23 14:06 - 2011-07-19 21:01 - 00000000 ____D C:\Users\Pertti\AppData\Local\WMTools Downloaded Files
2013-07-23 11:50 - 2013-02-09 21:27 - 00000000 ____D C:\Users\Pertti\Videot 2
2013-07-23 11:49 - 2011-08-26 15:34 - 00000000 ____D C:\Users\Pertti\Project WMM
2013-07-23 11:46 - 2011-07-19 20:58 - 00002339 _____ C:\Users\Pertti\Desktop\Windows Movie Maker 2.6.lnk
2013-07-23 02:50 - 2009-08-01 19:13 - 00000000 ___RD C:\Users\Pertti\PSP Games
2013-07-21 14:04 - 2013-04-27 13:31 - 00000000 ____D C:\Program Files\Bruteforce Save Data
2013-07-21 13:59 - 2013-02-11 17:12 - 00000000 ____D C:\Users\Pertti\.objectdb
2013-07-21 13:57 - 2006-11-02 13:33 - 02142990 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 21:07 - 2008-07-10 16:54 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\uTorrent
2013-07-20 21:00 - 2013-07-20 21:00 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\DownLite
2013-07-20 21:00 - 2013-07-20 20:59 - 00000000 ____D C:\Program Files\DownLite
2013-07-20 00:35 - 2012-08-08 17:09 - 00000000 ____D C:\Users\Pertti\FLStudio music files
2013-07-19 23:31 - 2013-07-19 23:31 - 00000000 ____D C:\Users\Pertti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 23:31 - 2006-11-02 15:35 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-17 10:46 - 2013-07-17 01:56 - 00002505 _____ C:\Users\Pertti\LOST LYRICKS.txt
2013-07-13 11:49 - 2011-07-09 07:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 11:56 - 2007-09-08 03:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 12:04 - 2013-02-13 17:12 - 00000000 ____D C:\Users\Pertti\JDownloader
2013-07-10 11:04 - 2013-07-10 10:44 - 00000000 ____D C:\Program Files\JDownloader
2013-07-10 10:40 - 2013-07-10 10:39 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Pertti\Downloads\WebInstaller(1).exe
2013-07-08 16:59 - 2013-07-08 16:16 - 131174400 _____ C:\Users\Pertti\Downloads\Final_Fantasy_III_USA_PSN_PSP-PLAYASiA.ffinsider.iso
2013-07-04 18:20 - 2009-03-21 18:33 - 00000000 ____D C:\Users\Pertti\Tracing
2013-06-28 10:47 - 2012-05-08 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\User\cheatsConverter.exe
C:\Users\User\DeSmuME.exe
C:\Users\User\DeSmuME_dev.exe
C:\Users\User\DeSmuME_nosse2.exe
C:\Users\User\ffdshow.reg
C:\Users\User\HxD.exe
C:\Users\User\IvaliceSE.exe
C:\Users\User\NO$GBA.EXE
C:\Users\User\ps2save-builder.exe
C:\Users\User\VisualBoyAdvance.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit

Lindaru · July 28, 2013