Jump to content

Infected computer Google Chrome Crash


Recommended Posts

The infected computer is of a friend of mine.

 

Its a laptop.

Vista 32Bit

 

After scanning the hard drive in my computer (attached via usb) with malwarebytes, and avast antivirus, and using malwarebytes anti rootkit the chrome browser doesnt work. crash imidiatly and saying its a dep issue, fully uninstalling it or installing a portable version of it didnt help.

Internet explorer work ok.

 

Now scanning the system in safe mode with malwarebytes anti malware and anti rootkit.

 

Further assistance needed regarding the chome crash issue.

 

Thank you for your help.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by Oleg (administrator) on LILA-PC on 06-07-2014 19:18:27

Running from C:\

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Русский (Россия)

Internet Explorer Version 7

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files\Join Air\UIExec.exe

(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe

(Nullsoft) C:\Program Files\Winamp\winampa.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe

(AudioVkontakte.ru) C:\ProgramData\VKSaver\VKSaver.exe

(Mail.Ru) C:\Users\Oleg\AppData\Local\MailRu\MailRuUpdater.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe

(Realtek) C:\Program Files\LevelOne\WUA-0605\RtlService.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

() C:\Program Files\SMINST\BLService.exe

(Realtek Semiconductor Corp.) C:\Program Files\LevelOne\WUA-0605\RtWLan.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

() C:\Program Files\CyberLink\Shared files\RichVideo.exe

(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Windows\System32\wercon.exe

() C:\Program Files\Join Air\AssistantServices.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft) C:\Program Files\MyPC Backup\Updater.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-01] (AVAST Software)

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-01-20] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)

HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)

HKLM\...\Run: [updatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-12-24] (CyberLink Corp.)

HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)

HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)

HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)

HKLM\...\Run: [uIExec] => C:\Program Files\Join Air\UIExec.exe [138584 2010-09-19] ()

HKLM\...\Run: [uCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)

HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)

HKLM\...\Run: [Guard.Mail.ru.gui] => C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-06-28] ()

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [39424 2009-12-18] (Nullsoft)

HKLM\...\Run: [VKSaver] => C:\ProgramData\VKSaver\VKSaver.exe [239616 2014-05-24] (AudioVkontakte.ru)


HKU\.DEFAULT\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)

HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0

HKU\.DEFAULT\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exe

HKU\.DEFAULT\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -a

HKU\.DEFAULT\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exe

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [MailRuUpdater] => C:\Users\Oleg\AppData\Local\MailRu\MailRuUpdater.exe [2232352 2014-06-17] (Mail.Ru)

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-24] (Piriform Ltd)

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: H - H:\Install.exe

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: I - I:\LaunchU3.exe -a

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {300a505d-893b-11e0-91c7-00238be13344} - G:\LaunchU3.exe -a

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {442c1df5-b6ee-11e0-9238-00238be13344} - I:\LaunchU3.exe -a

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exe

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -a

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {bc63f4a9-ac56-11df-af8e-00238be13344} - F:\wubi.exe --cdmenu

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exe

HKU\S-1-5-21-3433088785-3194705973-805201386-1000\...\MountPoints2: {c39750bd-9f5d-11df-8ab1-00238be13344} - I:\LaunchU3.exe -a

Startup: C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [474624 2013-07-24] () <===== ATTENTION

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

BootExecute: autocheck autochk /r \??\G:autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ru&c=91&bd=Presario&pf=cnnb

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: HKCU - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)

SearchScopes: HKLM - DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=135294&text={searchTerms}



SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf2


SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 



SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf2

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: MailRuBHO Class - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)

Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)

Toolbar: HKCU - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)




Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5

 

FireFox:

========

FF ProfilePath: C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Extension: No Name - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2014-06-28]

FF Extension: Яндекс.Бар - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru [2010-12-11]

FF Extension: Спутник @Mail.Ru - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2011-04-26]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-28]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01]

 

========================== Services (Whitelisted) =================

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [81920 2009-01-20] (Andrea Electronics Corporation)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)

S3 DFSR; C:\Windows\system32\DFSR.exe [2091520 2008-01-21] (Корпорация Майкрософт)

R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]

R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-06-28] ()

S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]

R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]

R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)

R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]

R2 Realtek11nSU; C:\Program Files\LevelOne\WUA-0605\RtlService.exe [40960 2009-06-30] (Realtek) [File not signed]

R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-26] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [249938 2009-01-20] (IDT, Inc.)

R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [252784 2010-09-19] ()

S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Корпорация Майкрософт)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-01] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-01] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-01] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-01] ()

S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Корпорация Intel)

R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [44760 2014-06-04] ()

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)

R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]

R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-20] () [File not signed]

R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2011-06-28] (PACE Anti-Piracy, Inc.)

R3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athw.sys [1630056 2011-06-02] (TamoSoft)

U3 aecln6rp; C:\Windows\system32\Drivers\aecln6rp.sys [0 ] (Microsoft Corporation)

S3 cpuz132; \??\C:\Users\Oleg\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]

S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-06 19:18 - 2014-07-06 19:19 - 00023409 _____ () C:\FRST.txt

2014-07-06 19:18 - 2014-07-06 19:18 - 00000000 ____D () C:\FRST

2014-07-06 19:13 - 2014-07-06 19:11 - 01074688 _____ (Farbar) C:\FRST.exe

2014-07-06 17:15 - 2014-07-06 17:15 - 00001014 _____ () C:\Windows\PFRO.log

2014-07-06 16:30 - 2014-07-06 16:30 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-06 16:30 - 2014-07-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-06 16:29 - 2014-07-06 16:30 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-06 16:16 - 2014-07-06 16:17 - 00000000 ____D () C:\Users\Oleg\Documents\Visual Studio 2008

2014-07-01 22:32 - 2014-07-01 22:32 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\AVAST Software

2014-07-01 22:31 - 2014-07-06 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-01 22:31 - 2014-07-01 22:31 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-07-01 22:31 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-07-01 22:30 - 2014-07-06 16:03 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-01 22:30 - 2014-07-01 22:30 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-01 22:30 - 2014-07-01 22:30 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-01 22:29 - 2014-07-06 17:39 - 00000000 ____D () C:\Users\Oleg\Desktop\mbar

2014-07-01 22:29 - 2014-07-01 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2014-07-01 22:29 - 2014-07-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk

2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2014-07-01 22:28 - 2014-07-01 22:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit

2014-07-01 22:28 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll

2014-07-01 22:28 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll

2014-07-01 22:27 - 2014-07-01 22:27 - 00000000 ____D () C:\Program Files\AVAST Software

2014-07-01 22:26 - 2014-07-06 17:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-01 22:26 - 2014-07-01 22:27 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-07-01 22:25 - 2014-07-06 17:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-01 22:25 - 2014-07-01 22:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-01 22:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-01 22:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-30 22:32 - 2014-07-06 19:13 - 00000000 ____D () C:\Windows\pss

2014-06-30 22:31 - 2014-07-06 17:08 - 00000432 _____ () C:\Windows\Tasks\At6.job

2014-06-30 22:03 - 2010-06-16 18:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreset

2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin

2014-06-29 17:28 - 2014-07-06 16:57 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean

2014-06-28 22:05 - 2014-06-28 22:05 - 00000000 ____D () C:\Program Files\Аудио и видео скачивание

2014-06-26 01:24 - 2014-06-26 01:24 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay LLC

2014-06-26 01:23 - 2014-06-26 01:25 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay

2014-06-26 01:23 - 2014-06-26 01:23 - 00000874 _____ () C:\Users\Public\Desktop\MediaPlay.lnk

2014-06-26 01:23 - 2014-06-26 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaPlay

2014-06-21 18:44 - 2014-06-30 22:25 - 00000432 _____ () C:\Windows\Tasks\At5.job

2014-06-19 16:32 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At4.job

2014-06-18 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At3.job

2014-06-17 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At2.job

2014-06-16 22:22 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At1.job

2014-06-07 22:16 - 2014-06-25 22:08 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MailRu

2014-06-07 22:13 - 2014-06-07 22:32 - 00000175 _____ () C:\Users\Oleg\Desktop\Искать в Интернете.url

2014-06-07 21:56 - 2014-07-01 16:49 - 00000000 ____D () C:\Users\Oleg\Desktop\staray

2014-06-07 04:23 - 2014-07-06 19:20 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Mail.Ru

 

==================== One Month Modified Files and Folders =======

 

2014-07-06 19:20 - 2014-06-07 04:23 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Mail.Ru

2014-07-06 19:19 - 2014-07-06 19:18 - 00023409 _____ () C:\FRST.txt

2014-07-06 19:18 - 2014-07-06 19:18 - 00000000 ____D () C:\FRST

2014-07-06 19:18 - 2010-07-20 16:49 - 00000285 _____ () C:\ProgramData\hpqp.ini

2014-07-06 19:17 - 2006-11-02 15:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-06 19:16 - 2014-05-23 20:03 - 00000340 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-07-06 19:16 - 2011-12-08 21:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-07-06 19:16 - 2006-11-02 16:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-06 19:16 - 2006-11-02 15:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-06 19:14 - 2006-11-02 13:33 - 02094110 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-06 19:13 - 2014-06-30 22:32 - 00000000 ____D () C:\Windows\pss

2014-07-06 19:11 - 2014-07-06 19:13 - 01074688 _____ (Farbar) C:\FRST.exe

2014-07-06 17:39 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-06 17:39 - 2014-07-01 22:29 - 00000000 ____D () C:\Users\Oleg\Desktop\mbar

2014-07-06 17:39 - 2014-07-01 22:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-06 17:20 - 2014-07-01 22:25 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-06 17:18 - 2006-11-02 16:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-06 17:15 - 2014-07-06 17:15 - 00001014 _____ () C:\Windows\PFRO.log

2014-07-06 17:15 - 2014-06-19 16:32 - 00000364 _____ () C:\Windows\Tasks\At4.job

2014-07-06 17:15 - 2014-06-18 21:39 - 00000364 _____ () C:\Windows\Tasks\At3.job

2014-07-06 17:15 - 2014-06-17 21:39 - 00000364 _____ () C:\Windows\Tasks\At2.job

2014-07-06 17:15 - 2014-06-16 22:22 - 00000364 _____ () C:\Windows\Tasks\At1.job

2014-07-06 17:14 - 2010-07-20 16:40 - 01259975 _____ () C:\Windows\WindowsUpdate.log

2014-07-06 17:12 - 2012-12-30 14:38 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Media Player Classic

2014-07-06 17:12 - 2010-08-20 15:28 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\DAEMON Tools Lite

2014-07-06 17:12 - 2010-07-26 06:46 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\uTorrent

2014-07-06 17:11 - 2010-12-17 13:51 - 00000000 ____D () C:\Windows\Minidump

2014-07-06 17:11 - 2009-03-16 14:33 - 00000000 ____D () C:\Windows\panther

2014-07-06 17:11 - 2006-11-02 14:18 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-06 17:08 - 2014-06-30 22:31 - 00000432 _____ () C:\Windows\Tasks\At6.job

2014-07-06 16:57 - 2014-06-29 17:28 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean

2014-07-06 16:56 - 2010-07-21 12:33 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Deployment

2014-07-06 16:54 - 2010-07-20 17:21 - 00078280 _____ () C:\Users\Oleg\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-06 16:40 - 2006-11-02 15:47 - 00311880 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-06 16:36 - 2010-12-23 20:29 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-06 16:34 - 2010-07-21 12:34 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-06 16:30 - 2014-07-06 16:30 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-06 16:30 - 2014-07-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-06 16:30 - 2014-07-06 16:29 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-06 16:17 - 2014-07-06 16:16 - 00000000 ____D () C:\Users\Oleg\Documents\Visual Studio 2008

2014-07-06 16:03 - 2014-07-01 22:30 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-02 01:05 - 2011-04-16 06:56 - 00000000 ____D () C:\Users\Oleg\AppData\Local\GamePlayLabs Plugin

2014-07-02 00:10 - 2011-06-26 06:16 - 00000000 ____D () C:\Program Files\Unlocker

2014-07-02 00:10 - 2010-11-15 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2014-07-02 00:10 - 2010-11-15 09:48 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-07-02 00:08 - 2011-07-23 13:23 - 00000000 ____D () C:\Program Files\HDD Regenerator

2014-07-01 23:56 - 2010-08-20 15:50 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL 2

2014-07-01 23:55 - 2010-07-20 17:05 - 00000000 ____D () C:\ProgramData\Adobe

2014-07-01 23:55 - 2010-07-20 16:59 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Adobe

2014-07-01 22:33 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2014-07-01 22:32 - 2014-07-01 22:32 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\AVAST Software

2014-07-01 22:31 - 2014-07-01 22:31 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-07-01 22:31 - 2014-07-01 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-07-01 22:30 - 2014-07-01 22:30 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-01 22:30 - 2014-07-01 22:30 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-07-01 22:30 - 2014-07-01 22:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-01 22:30 - 2014-07-01 22:30 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-01 22:29 - 2014-07-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk

2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2014-07-01 22:29 - 2014-07-01 22:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit

2014-07-01 22:27 - 2014-07-01 22:27 - 00000000 ____D () C:\Program Files\AVAST Software

2014-07-01 22:27 - 2014-07-01 22:26 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-07-01 22:25 - 2014-07-01 22:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-01 22:25 - 2014-07-01 22:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-01 16:49 - 2014-06-07 21:56 - 00000000 ____D () C:\Users\Oleg\Desktop\staray

2014-07-01 16:49 - 2014-05-23 20:05 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\VOPackage

2014-07-01 16:49 - 2014-05-23 20:03 - 00000000 ____D () C:\Users\Oleg\AppData\Local\24930

2014-07-01 16:49 - 2014-05-17 21:14 - 00000000 ____D () C:\Users\Oleg\Desktop\lll

2014-07-01 16:49 - 2006-11-02 15:37 - 00000000 ____D () C:\Windows\ShellNew

2014-06-30 22:30 - 2006-11-02 13:23 - 00000007 ___SH () C:\autoexec.bat

2014-06-30 22:25 - 2014-06-21 18:44 - 00000432 _____ () C:\Windows\Tasks\At5.job

2014-06-30 18:36 - 2014-05-23 20:02 - 00000000 ____D () C:\Program Files\SearchProtect

2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin

2014-06-29 17:30 - 2010-07-21 12:31 - 00000069 _____ () C:\Windows\NeroDigital.ini

2014-06-29 17:28 - 2014-05-23 20:03 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\PC Speed Clean

2014-06-28 22:05 - 2014-06-28 22:05 - 00000000 ____D () C:\Program Files\Аудио и видео скачивание

2014-06-28 22:03 - 2010-07-26 06:55 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Winamp

2014-06-28 01:01 - 2010-12-30 12:48 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru

2014-06-27 21:18 - 2013-10-03 21:48 - 00000000 ____D () C:\Users\Oleg\Desktop\shirim

2014-06-27 21:05 - 2013-10-03 21:55 - 00000000 ____D () C:\Users\Oleg\Desktop\Led Zeppelin II

2014-06-26 16:11 - 2010-08-05 16:42 - 00000052 _____ () C:\Windows\system32\DOErrors.log

2014-06-26 01:25 - 2014-06-26 01:23 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay

2014-06-26 01:24 - 2014-06-26 01:24 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MediaPlay LLC

2014-06-26 01:23 - 2014-06-26 01:23 - 00000874 _____ () C:\Users\Public\Desktop\MediaPlay.lnk

2014-06-26 01:23 - 2014-06-26 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaPlay

2014-06-25 22:08 - 2014-06-07 22:16 - 00000000 ____D () C:\Users\Oleg\AppData\Local\MailRu

2014-06-14 10:06 - 2011-04-05 20:10 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Dropbox

2014-06-12 11:39 - 2013-07-18 22:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 11:18 - 2010-07-20 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 11:10 - 2006-11-02 13:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-06-08 21:07 - 2011-08-03 09:20 - 00000000 ____D () C:\Users\Oleg\AppData\Local\Loc.Mail.Bron.Tok

2014-06-07 22:32 - 2014-06-07 22:13 - 00000175 _____ () C:\Users\Oleg\Desktop\Искать в Интернете.url

 

Files to move or delete:

====================

C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At5.job

C:\Windows\Tasks\At6.job

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-06 19:23

 

==================== End Of Log ============================

 

 

 

 

 

 

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs in your next reply.. Also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites

No malwarebytes log, disabled in options. didnt find anything

 

 

# AdwCleaner v3.214 - ־עק¸ע סמחהאם 06/07/2014 at 21:05:20
# ־בםמגכוםמ 29/06/2014 by Xplode
# ־ןונאצטמםםא סטסעולא : Windows Vista Home Premium Service Pack 1 (32 bits)
# ָל ןמכחמגאעוכ : Oleg - LILA-PC
# ַאןףשוםמ טח : C:\AdwCleaner.exe
# ֽאסענמיךט : ־קטסעטע
 
***** [ ׁכףזב ] *****
 
[#] ׁכףזבא ׃האכוםא : BackupStack
 
***** [ װאיכ / ֿאןךט ] *****
 
ֿאןךא ׃האכוםא : C:\ProgramData\DataMngr
ֿאןךא ׃האכוםא : C:\Program Files\Mail.Ru
ֿאןךא ׃האכוםא : C:\Program Files\SearchProtect
ֿאןךא ׃האכוםא : C:\Program Files\Common Files\DVDVideoSoft\TB
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\GamePlayLabs Plugin
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\iLivid
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\ilividmoviestoolbardla
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\Mail.Ru
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Local\SearchProtect
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\AVG Security Toolbar
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\ilividmoviestoolbardla
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\LocalLow\Mail.Ru
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\VOPackage
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
ֿאןךא ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\ilividmoviestoolbardla
װאיכ ׃האכוםא : C:\Users\Oleg\Desktop\MyPC Backup.lnk
װאיכ ׃האכוםא : C:\Users\Oleg\Desktop\Sync Folder.lnk
װאיכ ׃האכוםא : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\.autoreg
 
***** [ נכךט ] *****
 
 
***** [ ׀ווסענ ] *****
 
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Updater.AmiUpd
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
ַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MailRuUpdater]
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ַםאקוםטו ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
ַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
ַםאקוםטו ׃האכ¸ם : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
ֺכ‏ק ׃האכ¸ם : HKCU\Software\DataMngr
ֺכ‏ק ׃האכ¸ם : HKCU\Software\GamePlayLabs
ֺכ‏ק ׃האכ¸ם : HKLM\Software\DataMngr
ֺכ‏ק ׃האכ¸ם : HKLM\Software\SearchProtect
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
ֺכ‏ק ׃האכ¸ם : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
ֺכ‏ק ׃האכ¸ם : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
ֺכ‏ק ׃האכ¸ם : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ ֱנאףחונ ] *****
 
-\\ Internet Explorer v7.0.6001.18639
 
 
-\\ Mozilla Firefox v
 
[ װאיכ : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [5420 octets] - [06/07/2014 21:03:50]
AdwCleaner[s0].txt - [5305 octets] - [06/07/2014 21:05:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5365 octets] ##########
 
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Oleg at 2014-07-06 20:24:50 Run:1
Running from C:\
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKU\.DEFAULT\...\MountPoints2: {71ba3c0b-63fb-11e1-bd1c-00238be13344} - G:\QsSetup.exe
HKU\.DEFAULT\...\MountPoints2: {78cc74d0-949e-11df-9a11-00238be13344} - H:\LaunchU3.exe -a
HKU\.DEFAULT\...\MountPoints2: {c31da1a8-0cc5-11e0-ac9b-00238be13344} - G:\Install.exe
Startup: C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files\MyPC Backup
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [474624 2013-07-24] () <===== ATTENTION
C:\Program Files\Movies Toolbar
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
C:\Windows\Tasks\At6.job
2014-06-30 18:09 - 2014-06-30 18:09 - 00012393 _____ () C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin
2014-06-29 17:28 - 2014-07-06 16:57 - 00000000 ____D () C:\Users\Oleg\Documents\PCSpeedClean
2014-06-21 18:44 - 2014-06-30 22:25 - 00000432 _____ () C:\Windows\Tasks\At5.job
2014-06-19 16:32 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At4.job
2014-06-18 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At3.job
2014-06-17 21:39 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At2.job
2014-06-16 22:22 - 2014-07-06 17:15 - 00000364 _____ () C:\Windows\Tasks\At1.job
2011-08-03 09:15 - 2011-08-03 09:15 - 00012393 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD} - System32\Tasks\At6 => C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com <==== ATTENTION
Task: {6D844100-802A-428E-9A60-5CFC7C731AB3} - \At4 No Task File <==== ATTENTION
Task: {9A0E9242-D524-4DB7-A9E7-FB97BC3767F7} - \At2 No Task File <==== ATTENTION
Task: {9ADE2386-274F-4E4D-AE5D-882C302572E4} - \At1 No Task File <==== ATTENTION
Task: {A428735C-C978-4806-BF44-DCF1041DF041} - System32\Tasks\AmiUpdXp => C:\Users\Oleg\AppData\Local\24930\a10274.exe <==== ATTENTION
Task: {C51C8200-DE3A-4CAC-8FAE-03257C90CD40} - \At3 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Oleg\AppData\Local\24930\a10274.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
End
*****************
 
'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ba3c0b-63fb-11e1-bd1c-00238be13344}' => Key deleted successfully.
'HKCR\CLSID\{71ba3c0b-63fb-11e1-bd1c-00238be13344}'=> Key not found.
'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78cc74d0-949e-11df-9a11-00238be13344}' => Key deleted successfully.
'HKCR\CLSID\{78cc74d0-949e-11df-9a11-00238be13344}'=> Key not found.
'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31da1a8-0cc5-11e0-ac9b-00238be13344}' => Key deleted successfully.
'HKCR\CLSID\{c31da1a8-0cc5-11e0-ac9b-00238be13344}'=> Key not found.
C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files\MyPC Backup\MyPC Backup.exe => Moved successfully.
 
"C:\Program Files\MyPC Backup" directory move:
 
C:\Program Files\MyPC Backup\aff.conf => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.51.x86.dll => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.52.x64.dll => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.52.x86.dll => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.60.x64.dll => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.60.x86.dll => Moved successfully.
C:\Program Files\MyPC Backup\AlphaVSS.Common.dll => Moved successfully.
C:\Program Files\MyPC Backup\AWSSDK.dll => Moved successfully.
C:\Program Files\MyPC Backup\BackupStack.exe => Moved successfully.
C:\Program Files\MyPC Backup\Configuration Updater.exe => Moved successfully.
C:\Program Files\MyPC Backup\Crypto32.dll => Moved successfully.
C:\Program Files\MyPC Backup\Crypto64.dll => Moved successfully.
C:\Program Files\MyPC Backup\de_DE.mo => Moved successfully.
C:\Program Files\MyPC Backup\diffstack.dll => Moved successfully.
C:\Program Files\MyPC Backup\es_ES.mo => Moved successfully.
C:\Program Files\MyPC Backup\fr_FR.mo => Moved successfully.
C:\Program Files\MyPC Backup\GetText.dll => Moved successfully.
C:\Program Files\MyPC Backup\it_IT.mo => Moved successfully.
C:\Program Files\MyPC Backup\LogicNP.EZShellExtensions.dll => Moved successfully.
C:\Program Files\MyPC Backup\MPCBClient.dll => Moved successfully.
C:\Program Files\MyPC Backup\MPCBContextMenu.dll => Moved successfully.
C:\Program Files\MyPC Backup\MPCBIconOverlays.dll => Moved successfully.
C:\Program Files\MyPC Backup\mypcbackup.ico => Moved successfully.
C:\Program Files\MyPC Backup\ObjectListView.dll => Moved successfully.
C:\Program Files\MyPC Backup\pt_PT.mo => Moved successfully.
C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe => Moved successfully.
C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe => Moved successfully.
C:\Program Files\MyPC Backup\RestartExplorer.exe => Moved successfully.
C:\Program Files\MyPC Backup\Service Start.exe => Moved successfully.
C:\Program Files\MyPC Backup\Shared Stack.dll => Moved successfully.
C:\Program Files\MyPC Backup\Signup Wizard.exe => Moved successfully.
C:\Program Files\MyPC Backup\syncicon.ico => Moved successfully.
C:\Program Files\MyPC Backup\syncing.ico => Moved successfully.
C:\Program Files\MyPC Backup\tick.ico => Moved successfully.
C:\Program Files\MyPC Backup\uninst.exe => Moved successfully.
C:\Program Files\MyPC Backup\UnRegisterExtensions.exe => Moved successfully.
C:\Program Files\MyPC Backup\Updater.exe => Moved successfully.
C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll => Moved successfully.
C:\Program Files\MyPC Backup\x64\System.Data.SQLite.dll => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_003b7a82-30d5-4ef6-ad73-ae6ffcbb217f_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_003b7a82-30d5-4ef6-ad73-ae6ffcbb217f_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_016a1719-d83e-46b2-8cdf-63cdf3bba573_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_016a1719-d83e-46b2-8cdf-63cdf3bba573_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_15c72710-b20d-45a2-bdea-f6d9766177ce_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_15c72710-b20d-45a2-bdea-f6d9766177ce_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_15d230e5-5eb5-41a5-8e27-695962ede9ff_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_15d230e5-5eb5-41a5-8e27-695962ede9ff_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_178cdd86-c685-429e-8326-4a4cc957d7d7_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_178cdd86-c685-429e-8326-4a4cc957d7d7_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_246cc4e9-ee5d-4e38-b581-79fc65f546f3_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_246cc4e9-ee5d-4e38-b581-79fc65f546f3_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_2c3a82fd-7ea0-4a1a-aa3f-08e5ba51cdc5_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_2c3a82fd-7ea0-4a1a-aa3f-08e5ba51cdc5_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3a77385d-47cc-42c7-95c5-4df5dd246b7f_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3a77385d-47cc-42c7-95c5-4df5dd246b7f_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3c8cdfa5-bdd8-441d-b2d7-5201df3f5280_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3c8cdfa5-bdd8-441d-b2d7-5201df3f5280_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3c90b89a-e0c1-4647-be0d-fe8881cfbb18_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_3c90b89a-e0c1-4647-be0d-fe8881cfbb18_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_4555ebf7-6a0e-47c5-b2a6-e4af80c32b7d_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_4555ebf7-6a0e-47c5-b2a6-e4af80c32b7d_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_457e8f5c-c707-4074-8c04-09c9adf91993_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_457e8f5c-c707-4074-8c04-09c9adf91993_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_46dd7ad7-b33b-4151-93a4-218df8623dfa_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_46dd7ad7-b33b-4151-93a4-218df8623dfa_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_55d1e343-0d3f-4a62-9737-a9ef2f7ed685_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_55d1e343-0d3f-4a62-9737-a9ef2f7ed685_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_5b69ef8b-ff45-4208-9f76-61343f1325ea_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_5b69ef8b-ff45-4208-9f76-61343f1325ea_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_5decba73-256c-4dce-8602-b72a3a12d930_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_5decba73-256c-4dce-8602-b72a3a12d930_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_67be5378-ff29-4288-985b-33ac05c5ad9b_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_67be5378-ff29-4288-985b-33ac05c5ad9b_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_6b34e105-95d7-47a9-a5b1-4e858381924b_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_6b34e105-95d7-47a9-a5b1-4e858381924b_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_79815e5f-250f-47b8-a606-bae970bc833b_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_79815e5f-250f-47b8-a606-bae970bc833b_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_8eae549a-9805-44af-ad9b-1a0ec0ef16ea_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_8eae549a-9805-44af-ad9b-1a0ec0ef16ea_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_9a029aa4-f887-4689-ae19-ca8502c74059_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_9a029aa4-f887-4689-ae19-ca8502c74059_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_9ac620bc-1037-406d-9ad3-d5685dc339c5_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_9ac620bc-1037-406d-9ad3-d5685dc339c5_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a3330b35-fe3d-4bf0-a7de-643d6cc6252a_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a3330b35-fe3d-4bf0-a7de-643d6cc6252a_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a6526a1c-d53a-472e-aabb-c39742a14d3d_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a6526a1c-d53a-472e-aabb-c39742a14d3d_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a9eba9c8-ac24-4431-b320-6c36d750d7c8_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_a9eba9c8-ac24-4431-b320-6c36d750d7c8_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_abb2107c-452d-4c0b-b82b-da811dc706bc_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_abb2107c-452d-4c0b-b82b-da811dc706bc_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_b34228fe-4840-443a-8294-590798016e88_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_b34228fe-4840-443a-8294-590798016e88_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_ca8c325d-f87f-4ac2-8bb3-1d980a9d174b_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_ca8c325d-f87f-4ac2-8bb3-1d980a9d174b_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_e28a3259-8817-4423-be98-efa90286b9ad_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_e28a3259-8817-4423-be98-efa90286b9ad_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_f60a3816-7b4d-4d52-b53f-b75f36c863d6_backupKeyCache.block => Moved successfully.
C:\Program Files\MyPC Backup\Resources\keycache\_f60a3816-7b4d-4d52-b53f-b75f36c863d6_backupKeyCache.tree => Moved successfully.
C:\Program Files\MyPC Backup\log\AUTH.log => Moved successfully.
C:\Program Files\MyPC Backup\log\BACKOFF.log => Moved successfully.
C:\Program Files\MyPC Backup\log\BACKUP.log => Moved successfully.
C:\Program Files\MyPC Backup\log\BACKUP_COMPLETE.log => Moved successfully.
C:\Program Files\MyPC Backup\log\CLIENT.log => Moved successfully.
C:\Program Files\MyPC Backup\log\EXTERNAL_DRIVE.log => Moved successfully.
C:\Program Files\MyPC Backup\log\GRID_RECOVERY.log => Moved successfully.
C:\Program Files\MyPC Backup\log\GRID_RECOVERY_INIT.log => Moved successfully.
C:\Program Files\MyPC Backup\log\LICENCE.log => Moved successfully.
C:\Program Files\MyPC Backup\log\NETWORK_SHARES.log => Moved successfully.
C:\Program Files\MyPC Backup\log\PERF_MON.log => Moved successfully.
C:\Program Files\MyPC Backup\log\REMOTING.log => Moved successfully.
C:\Program Files\MyPC Backup\log\REQUEST.log => Moved successfully.
C:\Program Files\MyPC Backup\log\SERVICE.log => Moved successfully.
C:\Program Files\MyPC Backup\log\SHELL.log => Moved successfully.
C:\Program Files\MyPC Backup\log\UPDATER.log => Moved successfully.
C:\Program Files\MyPC Backup\log\UTC_MIGRATION.log => Moved successfully.
C:\Program Files\MyPC Backup\log\WAIT_HANDLES.log => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_backup_conf.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_backup_id.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_file_cache.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_queues.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_settings.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_sig_cache.db => Moved successfully.
C:\Program Files\MyPC Backup\Database\mpcb_version_queue.db => Moved successfully.
C:\Program Files\MyPC Backup\Config\api.ts2 => Moved successfully.
Could not move "C:\Program Files\MyPC Backup" directory. => Scheduled to move on reboot.
 
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
C:\Program Files\Movies Toolbar => Moved successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Users\Oleg\AppData\Local\Bron.tok.A12.em.bin => Moved successfully.
C:\Users\Oleg\Documents\PCSpeedClean => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{284D1162-B9A9-4BB2-B9A2-54A3AAC4F3AD}' => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D844100-802A-428E-9A60-5CFC7C731AB3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D844100-802A-428E-9A60-5CFC7C731AB3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A0E9242-D524-4DB7-A9E7-FB97BC3767F7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0E9242-D524-4DB7-A9E7-FB97BC3767F7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADE2386-274F-4E4D-AE5D-882C302572E4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADE2386-274F-4E4D-AE5D-882C302572E4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A428735C-C978-4806-BF44-DCF1041DF041}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A428735C-C978-4806-BF44-DCF1041DF041}' => Key deleted successfully.
C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C51C8200-DE3A-4CAC-8FAE-03257C90CD40}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51C8200-DE3A-4CAC-8FAE-03257C90CD40}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3' => Key deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job => Moved successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At3.job not found.
C:\Windows\Tasks\At4.job not found.
C:\Windows\Tasks\At5.job not found.
C:\Windows\Tasks\At6.job not found.
C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-06 20:27:09)<=
 
C:\Program Files\MyPC Backup => Is moved successfully.
 
==== End of Fixlog ====
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by Oleg on Sun 07/06/2014 at 21:09:44.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Oleg\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/06/2014 at 21:14:47.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Link to post
Share on other sites

Ran the scan but Log is disabled in settings so no mbam log. It didnt find any threats though.

 

Its a russian OS so had to save the text as unicode. Still in russian though.

 

Btw Did the trick. Chrome installed and running. Could you explain what step might did the trick?

 

Heres the russian log:

 

# AdwCleaner v3.214 - Отчёт создан 06/07/2014 at 21:05:20
# Обновлено 29/06/2014 by Xplode
# Операционная система : Windows Vista Home Premium Service Pack 1 (32 bits)
# Имя пользователя : Oleg - LILA-PC
# Запущено из : C:\AdwCleaner.exe
# Настройки : Очистить
 
***** [ Службы ] *****
 
Service deleted:
[#] Служба Удалена : BackupStack
 
***** [ Файлы / Папки ] *****
 
Folder deleted:
Папка Удалена : C:\ProgramData\DataMngr
Папка Удалена : C:\Program Files\Mail.Ru
Папка Удалена : C:\Program Files\SearchProtect
Папка Удалена : C:\Program Files\Common Files\DVDVideoSoft\TB
Папка Удалена : C:\Users\Oleg\AppData\Local\GamePlayLabs Plugin
Папка Удалена : C:\Users\Oleg\AppData\Local\iLivid
Папка Удалена : C:\Users\Oleg\AppData\Local\ilividmoviestoolbardla
Папка Удалена : C:\Users\Oleg\AppData\Local\Mail.Ru
Папка Удалена : C:\Users\Oleg\AppData\Local\SearchProtect
Папка Удалена : C:\Users\Oleg\AppData\LocalLow\AVG Security Toolbar
Папка Удалена : C:\Users\Oleg\AppData\LocalLow\ilividmoviestoolbardla
Папка Удалена : C:\Users\Oleg\AppData\LocalLow\Mail.Ru
Папка Удалена : C:\Users\Oleg\AppData\Roaming\VOPackage
Папка Удалена : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Папка Удалена : C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Папка Удалена : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\ilividmoviestoolbardla
 
File Deleted:
Файл Удалена : C:\Users\Oleg\Desktop\MyPC Backup.lnk
Файл Удалена : C:\Users\Oleg\Desktop\Sync Folder.lnk
Файл Удалена : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\.autoreg
 
***** [ Ярлыки ] *****
 
 
***** [ Реестр (Regedit)] *****
 
Key Deleted:
Ключ Удалён : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Ключ Удалён : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Ключ Удалён : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Ключ Удалён : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Ключ Удалён : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
 
If correct translate, Instance Deleted:
Значение Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MailRuUpdater]
 
Key Deleted:
Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Ключ Удалён : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Удалён : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Ключ Удалён : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Ключ Удалён : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Ключ Удалён : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
 
 
Instance deleted:
Значение Удалён : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Значение Удалён : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Значение Удалён : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
\
Key Deleted:
Ключ Удалён : HKCU\Software\DataMngr
Ключ Удалён : HKCU\Software\GamePlayLabs
Ключ Удалён : HKLM\Software\DataMngr
Ключ Удалён : HKLM\Software\SearchProtect
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Ключ Удалён : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Ключ Удалён : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Ключ Удалён : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Браузеры ] *****
 
-\\ Internet Explorer v7.0.6001.18639
 
 
-\\ Mozilla Firefox v
 
File:
[ Файл : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [5420 octets] - [06/07/2014 21:03:50]
AdwCleaner[s0].txt - [5305 octets] - [06/07/2014 21:05:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5365 octets] ##########
 
Link to post
Share on other sites

Your system had adware infection and browser hijacker, infection we clean with FRST, hijacker and usual dross we clean out with AdwCleaner and JRT.... One more scan to do...

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Kevin

Link to post
Share on other sites

Eset Report:

 

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll Win32/Toolbar.SearchSuite.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Internet Explorer Settings.exe Win32/Toolbar.SearchSuite.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\mgrldr.dll Win32/Toolbar.SearchSuite.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
Link to post
Share on other sites

Those entries are all in Quarantine so are safe, no issues... Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if there are any remaining issues or concerns, if none are we ok to close out?

 

Thanks,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.