Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

rvzr-a.akamaihd.net --- II [Solved]


  • This topic is locked This topic is locked
21 replies to this topic

#1 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 November 2013 - 05:54 AM

hi everyone!

 

i have faced the same problem that bobby730 (here: http://forums.whatth...howtopic=127127) faced.

 

I followed all the steps by Robybel and now have the necessary logs + .zip attached.

 

Be so kind to help me out with the problem as i've no idea how to fix it.

 

 

OTL.txt

 

OTL logfile created on: 08/11/13 15:06:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\vkuznetsov\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy
 
1,97 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,84% Memory free
3,93 Gb Paging File | 2,89 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 51,87 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 351,70 Gb Free Space | 95,54% Space Free | Partition Type: NTFS
 
Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\vkuznetsov\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_161_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\SCNotification.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
PRC - C:\Program Files\ABBYY Lingvo 12\LvAgent.exe (ABBYY (BIT Software))
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\da33c0e56a0139d84211b72513954735\SCNotification.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\e6148158755bfb61edbfdaeb4f54e113\SCClient.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\790aa3269f6a924303104efe3da6f8af\SCClient.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\644dbdc66a606f0710557f8b1794bc35\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0f881bc8833c56ab7fcfef2bcc244441\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CcmExec) -- C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\CCM\TSManager.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CmRcService) -- C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
SRV - (lppsvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (lpasvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131107.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131107.016\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (prepdrvr) -- C:\Windows\System32\drivers\PrepDrv.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\vkuznetsov\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yan...1787312&text=%s
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9717a1766cc8ef8ed320ff954572b8cb}: "URL" =  http://nova.rambler....ef&words={WORDS}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = workflow.frigoglass.com;smtp.frigoglass.local;crm.frigoglass.com;hfm.frigoglass.group;owa.frigoglass.com;intranet.frigoglass.group;frigonet.frigoglass.group;grathplmdev01.frigoglass.group;Grathplmapl01.frigoglass.group;Grathplmdat01.frigoglass.group;grathnbk03.frigoglass.group;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Яндекс"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.search.suggest.enabled: true
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.startup.homepage: "http://www.yandex.ru...79&clid=2015152"
FF - prefs.js..keyword.URL: "http://yandex.ru/yan...id=1787312="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_161.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/08/29 16:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions
[2013/11/01 08:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions\staged
[2013/07/02 09:48:54 | 000,007,859 | ---- | M] () -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\firefox\profiles\yandex.default\searchplugins\yandex.ru-094854.xml
[2013/06/13 20:45:26 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Яндекс (Enabled)
CHR - default_search_provider: search_url = http://yandex.ru/yan...xt={searchTerms}
CHR - default_search_provider: suggest_url = http://suggest.yande...rt={searchTerms}
CHR - homepage: http://www.yandex.ru/?clid=930634
 
O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo 12\Lvagent.exe (ABBYY (BIT Software))
O4 - HKCU..\Run: [Tutor.exe] C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Перевести с помощью ABBYY Lingvo... - C:\Program Files\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKLM\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: grathsps01 ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: grathccmps01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: grathsps01 ([]http in Local intranet)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://3d.stolplit.r...cortvrml165.cab (ParallelGraphics Cortona Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coolruore.frigoglass.group
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{665D7BBF-7CF2-4119-9C46-E7C42948F3A0}: DhcpNameServer = 192.168.60.10
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell - "" = AutoRun
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/08 14:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/08 12:22:28 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Doctor Web
[2013/11/08 10:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 10:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/05 09:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/05 09:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/01 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\vlc
[2013/11/01 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/01 11:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/11/01 08:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Download, kEepoer
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Download, kEepoer
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\61f064c042cc6ba4
[2013/11/01 08:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/22 13:33:45 | 000,000,000 | R--D | C] -- C:\Users\vkuznetsov\Desktop\FeS & FMS
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/10/22 13:01:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/22 13:01:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/18 15:02:54 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Documents\My Received Files
[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\{3DA228BE-34DA-49f4-A081-66465B077429}
[2013/10/10 17:26:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/10 17:26:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/10 17:26:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/10 17:26:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/10 17:26:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/10 17:26:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/10 17:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/10 17:26:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 17:17:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/10/10 17:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/10 16:30:14 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 16:30:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/10 16:30:13 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/10 16:30:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 16:30:12 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/10 16:30:05 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/10/10 16:30:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/10/10 16:01:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/10 16:01:58 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/10 16:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/10/10 15:57:34 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/10/10 15:57:33 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:57:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/10/10 15:57:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/10/10 15:57:18 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/10 15:57:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/10 15:57:17 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/10 15:57:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/10/10 15:57:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:32:55 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/10/10 15:32:54 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/10/10 15:29:05 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/10/10 15:28:09 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:18:45 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/10/10 15:07:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/10/10 15:01:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/10/10 15:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/10/10 15:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/10/10 15:01:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/10/10 15:01:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/10 15:01:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/10/10 14:56:00 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/10/10 14:56:00 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/10/10 12:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012
[2013/10/10 12:13:52 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2013/10/10 12:13:51 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2013/10/10 12:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2013/10/10 12:04:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/08 15:00:52 | 000,029,667 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\112.PNG
[2013/11/08 15:00:30 | 000,036,427 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\111.PNG
[2013/11/08 14:59:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 14:12:24 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:12:24 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:07:32 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/11/08 14:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/08 14:05:03 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 11:58:03 | 000,002,192 | -H-- | M] () -- C:\Users\vkuznetsov\Documents\Default.rdp
[2013/11/08 10:06:52 | 000,001,100 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Registry Life.lnk
[2013/11/08 10:04:00 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 09:08:44 | 121,143,745 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:12:18 | 000,001,025 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
[2013/10/14 12:13:25 | 000,001,745 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/10/14 12:13:17 | 000,685,612 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2013/10/14 12:13:17 | 000,645,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/14 12:13:17 | 000,617,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/14 12:13:17 | 000,611,726 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/10/14 12:13:17 | 000,133,020 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2013/10/14 12:13:17 | 000,129,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/14 12:13:17 | 000,121,904 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/10/14 12:13:17 | 000,106,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/14 12:13:17 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2013/10/14 12:13:17 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2013/10/11 08:42:37 | 000,005,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/10/11 08:38:06 | 000,439,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/11/08 15:00:52 | 000,029,667 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\112.PNG
[2013/11/08 15:00:30 | 000,036,427 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\111.PNG
[2013/11/08 10:04:00 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 08:57:47 | 121,143,745 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:11:01 | 000,001,025 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
[2013/10/14 12:13:17 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2013/10/14 12:13:17 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2013/10/10 12:15:00 | 000,001,745 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/08/30 08:22:09 | 000,000,064 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Roaming\WB.CFG
[2012/09/07 10:58:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/09/07 10:58:27 | 000,645,360 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/09/07 10:58:27 | 000,129,918 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/09/07 10:58:27 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/09/07 10:40:47 | 000,611,726 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2012/09/07 10:40:47 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2012/09/07 10:40:47 | 000,121,904 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2012/09/07 10:40:47 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2012/08/24 09:03:15 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/03/05 08:41:58 | 000,004,096 | -H-- | C] () -- C:\Users\vkuznetsov\AppData\Local\keyfile3.drm
[2011/08/30 10:53:57 | 000,000,017 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Local\resmon.resmoncfg
[2011/02/14 15:55:03 | 000,004,146 | RHS- | C] () -- C:\Users\vkuznetsov\ntuser.pol
[2011/02/14 15:54:32 | 000,005,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 05:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/03/07 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\ChemTable Software
[2013/11/08 14:29:26 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Maxthon3
[2013/10/22 13:12:16 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++
[2011/02/25 11:25:43 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Opera
[2011/02/21 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\QIP
[2011/02/21 15:54:17 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\rambler.ru
[2012/01/10 09:00:21 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Sony
[2011/04/21 14:16:28 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Xerox
[2013/08/29 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Yandex
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 05:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 09:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 09:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 16:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 09:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 09:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 10:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 05:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 05:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 05:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 10:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 09:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 16:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 05:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
<  %systemroot%\*. /rp /s >
 
<  %systemdrive%\$Recycle.Bin|@;true;true;true /fp  >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-60Z1A0 ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multi Flash Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 98,00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 368,00GB
Starting Offset: 104858648576
Hidden sectors: 0
 
 
<   >
[2009/07/14 08:53:46 | 000,032,648 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 08:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

 

 

OTL Extras logfile created on: 08/11/13 15:06:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\vkuznetsov\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy
 
1,97 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,84% Memory free
3,93 Gb Paging File | 2,89 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 51,87 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 351,70 Gb Free Space | 95,54% Space Free | Partition Type: NTFS
 
Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05118944-51A3-42FB-9F22-E2E7CCE619B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17ED74F6-6247-4EEF-A373-B17BC8607D39}" = lport=3389 | protocol=6 | dir=in | app=system |
"{300C5209-C21A-4954-B04C-3D1B3C4D8695}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{31E8A7F2-2680-4739-8EAA-F6E56268ABF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{430FB9CA-EA5A-4638-AAF0-2586E045BF6E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4AFD2F8D-15B0-4B70-8C00-B38EC0D21A88}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F4CA4C3-C7F0-4F96-89BB-29F5DE2D954E}" = rport=445 | protocol=6 | dir=out | app=system |
"{694A2085-9693-4863-99C9-480D759D6E32}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A800264-9500-4390-A60B-F8F111E9A5DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B16FD49-8DA6-4672-ABE7-EDD843D8046D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7113539F-C52E-4B29-ACE4-A484B6B10E18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EE58DA6-6530-4EC5-80B2-69AF6B714F04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{827D6216-4018-43A9-B15A-7B496B87BD70}" = lport=137 | protocol=17 | dir=in | app=system |
"{83930A4B-B134-493C-BF7A-27C063E5D413}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B29D256-13E4-4F91-86C1-98FA6066FC58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9052F53E-8864-47D4-9125-9C5CB84898BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A789A6A3-0042-48B1-A24F-12F06452E7AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A79E3518-6495-4E1B-A1F8-F2572B12ED07}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8913273-EF48-46CA-AD33-169DC50A35B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B39C9C67-2870-452A-A243-C9C2B53C0CBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA059384-C138-41E6-959A-4AB5A81A70FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA01F1A6-E0CB-419B-9B74-99C5B50ADD0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F04C9BB2-407C-4AAF-B770-E1852A00F323}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D37484-395A-4C24-A9A3-3538A5120B44}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{16FB0136-931A-4C7F-B540-1047C8788FDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24F9B451-7373-41A1-94D3-62D717C46BA1}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{2E1054C3-FF72-4FD1-800A-7CDE4EB0D7F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E17CB1B-7F0A-4978-9248-DE77A97B1EE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{2F04718E-2584-41C6-A562-D73EBD0D6673}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{330DFEC6-A3AA-49F6-ABD4-09CB7C9C2CBD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3E10AFF4-BE2F-4427-845D-6045333C7642}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{3ED8B05C-4C42-4CFA-BF45-7BC5DFABC36E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{424CF830-835A-40FE-9311-CA9AD2C7E96C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4D3904F8-6195-40D1-BDFA-B6A8369BAEEE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4D94F2B3-7927-45C1-8256-1E99C7F349ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4F2A87BB-BE3F-4623-A8A0-A18B629DB6E9}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{50693FF4-78D3-4199-9E00-B87B80D21634}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{5F03D9D8-0662-48A5-A2BA-1FDD5416C315}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{6990DDBF-04DE-4243-8D4B-BDA704F0E73F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80653827-323B-45ED-993B-1A22DDEEDFB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8176239F-FD66-452B-B252-CD8A2E71084D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A552AD38-8194-4924-88B3-BB4566600C82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B010DFB1-F2AF-4C00-8E42-0925AA2CA643}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2883780-43D2-4009-996C-5896128947B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEC107F6-02FA-4BB4-A1F7-3081B86BBD89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{C4751E4D-62A3-4041-9B67-7828B009BB4C}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{D6F65CE4-34EE-4872-862D-59720DD72A37}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{DB232EE1-9B2A-4B1A-80E0-1DFAB13FCE2B}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{E84AFB1E-C40C-48A0-9D7C-8ECD5EAC87A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F6C5ED4E-875C-49F9-AD63-8C431EE16B9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F9BF639B-300E-4151-9743-E727DA273A03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF0035D7-095A-4970-828E-5D128ADBC0D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FF70BC3E-4336-4256-A7C2-E609A4774ADC}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045BCAD4-3EBF-4D4E-8166-6B735F5AA298}" = Baan IV BW
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Поддержка программ Apple
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82491233-0FDD-459D-B8DF-C22AD344AAD0}" = Network Scanner Utility 3
"{841D3037-A25B-4783-97D9-A3A6D40D42DC}" = Microsoft Policy Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90150000-012C-0000-0000-0000000FF1CE}" = Microsoft Lync 2013
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1200000-0002-0000-0000-074957833700}" = ABBYY Lingvo 12 European Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD794BF1-657D-43B6-B183-603277B8D6C8}" = Configuration Manager Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{82491233-0FDD-459D-B8DF-C22AD344AAD0}" = Xerox Network Scanner Utility 3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad++" = Notepad++
"Office15.LYNC" = Microsoft Lync 2013
"Opera 12.15.1748" = Opera 12.15
"Registry Life_is1" = Registry Life version 1.64
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"SuperFast Browser" = SuperFast Browser
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 10/10/12 8:25:02 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3373
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 16/04/13 1:32:10 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26/04/13 6:20:28 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3517
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08/11/13 6:05:09 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain COOLRUORE due to the following:   %%1311    This may lead to authentication
 problems. Make sure that this  computer is connected to the network. If the problem
 persists,  please contact your domain administrator.        ADDITIONAL INFO    If this computer
 is a domain controller for the specified domain, it  sets up the secure session to
 the primary domain controller emulator in the specified  domain. Otherwise, this
computer sets up the secure session to any domain controller  in the specified domain.
 
Error - 08/11/13 6:05:10 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 08/11/13 6:05:23 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
 
< End of report >

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-08 15:34:26
-----------------------------
15:34:26.797    OS Version: Windows 6.1.7601 Service Pack 1
15:34:26.797    Number of processors: 2 586 0x170A
15:34:26.797    ComputerName: FRIGOSERVE_PC  UserName: vkuznetsov
15:34:28.207    Initialize success
15:41:18.962    AVAST engine defs: 13110601
15:42:51.177    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:42:51.177    Disk 0 Vendor: WDC_WD5000AAKS-60Z1A0 06.01D06 Size: 476940MB BusType: 3
15:42:51.292    Disk 0 MBR read successfully
15:42:51.294    Disk 0 MBR scan
15:42:51.349    Disk 0 Windows 7 default MBR code
15:42:51.349    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:42:51.369    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99900 MB offset 206848
15:42:51.389    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       376938 MB offset 204802048
15:42:51.389    Disk 0 scanning sectors +976771072
15:42:51.459    Disk 0 scanning C:\Windows\system32\drivers
15:43:03.678    Service scanning
15:43:27.614    Modules scanning
15:43:36.465    Disk 0 trace - called modules:
15:43:36.815    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:43:36.825    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a1e1c8]
15:43:36.825    3 CLASSPNP.SYS[88bb559e] -> nt!IofCallDriver -> [0x859537a8]
15:43:36.835    5 ACPI.sys[888a03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85948908]
15:43:38.397    AVAST engine scan C:\Windows
15:43:40.683    AVAST engine scan C:\Windows\system32
15:47:21.974    AVAST engine scan C:\Windows\system32\drivers
15:47:48.108    AVAST engine scan C:\Users\vkuznetsov
15:50:10.751    AVAST engine scan C:\ProgramData
15:51:14.490    Scan finished successfully
15:53:33.382    Disk 0 MBR has been saved successfully to "C:\Users\vkuznetsov\Desktop\MBR.dat"
15:53:33.382    The log file has been saved successfully to "C:\Users\vkuznetsov\Desktop\aswMBR.txt"

 

and the MBR.dat attached.

 

 

 

 

Looking forward to hearing from You.

 

Thank You in advance!

Attached Files

  • Attached File  MBR.zip   607bytes   62 downloads

    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 08 November 2013 - 10:37 AM

:welcome:

Hello vlad1s57,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.



***


Graduate of the WTT Classroom
Cheers,
Jo

#3 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 09 November 2013 - 12:53 AM

Hi, Jo* :)

Nice to meet ya. Hope you can help me find the solution to my problem.

I'll be back here on Monday and provide you with all the necessary info if required.

Cheers!

#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 09 November 2013 - 02:19 AM

Hello vlad1s57,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#5 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 10 November 2013 - 11:39 PM

Hi, Jo*!

 

On starting my PC I haven't seen any pop-ups yet. Seems they were deleted somehow or else - i do not know for sure. I need some time to test it. If malaware still existas on my PC I will tell you and continue the process of curing with you. If it is OK, I will inform you stright away to get the topic closed.

 

Thanks for assistance, Jo*!

 

C UL8R.


Edited by vlad1s57, 11 November 2013 - 05:48 AM.


#6 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 11 November 2013 - 06:56 AM

Hello vlad1s57,

 

THE ABSENCE OF SYMPTOMS DOES NOT GUARANTEE A CLEAN COMPUTER!

 

Your OTL log indicates, that malware is on your pc.

Are you sure that you need no help?

My advice for you is to do the steps, I've asked for.


Graduate of the WTT Classroom
Cheers,
Jo

#7 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 11 November 2013 - 11:32 PM

Hi, Jo*

 

I will proceed checking my PC as u've recommended.

 

pls, find the logs below:

 

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Adobe Flash Player  11.6.602.161 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.933000 GHz
Memory total: 2111037440, free: 1025323008

Downloaded database version: v2013.11.12.04
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/12/2013 09:21:34
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\Drivers\SRTSPX.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\prepdrv.sys
\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131111.018\NAVEX15.SYS
\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131111.018\NAVENG.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86abc7b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xffffffff86882ca8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85a20150
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xffffffff8594a908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85a20150, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85a21cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85a20150, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85549848, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8594a908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A65EAFDA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204595200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204802048  Numsec = 771969024

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86abc7b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86abc498, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86abc7b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86882ca8, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

After the scan was complete there appeared the notification that there were no malware found. (see the file attached.) 

 

Is there a need to start AdwCleaner?

 

Waiting for ur reply.

 

Thanx in advance!

 

pc: I cannot attach the file


Edited by vlad1s57, 11 November 2013 - 11:35 PM.


#8 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 12 November 2013 - 12:26 AM

Jo*,

 

the last log is here:

# AdwCleaner v3.012 - Report created 12/11/2013 at 10:19:04
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : vkuznetsov - FRIGOSERVE_PC
# Running from : C:\Users\vkuznetsov\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08CE4475-615A-4ED1-B682-21490D905BED}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] - Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

-\\ Mozilla Firefox v

[ File : C:\Users\vkuznetsov\AppData\Roaming\Mozilla\Firefox\Profiles\yandex.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\vkuznetsov\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1527 octets] - [12/11/2013 10:19:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1587 octets] ##########

 

 

Well, seems there's no malware threat on my PC.

 

Thanks for ur assistance!



#9 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 12 November 2013 - 05:19 AM

Hello vlad1s57,


Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo

#10 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 12 November 2013 - 05:27 AM

Jo*, i got no elements at all (to check\uncheck & remove).

 

Have alook at the file attached.

Attached Thumbnails

  • 123.PNG

    Advertisements

Register to Remove


#11 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 12 November 2013 - 05:51 AM

Hello vlad1s57,

press the "Clean" Button and go on as instructed in post #9 please!
Graduate of the WTT Classroom
Cheers,
Jo

#12 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 12 November 2013 - 05:56 AM

Jo*, have a look, please:

 

 

 

# AdwCleaner v3.012 - Report created 12/11/2013 at 15:35:48
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : vkuznetsov - FRIGOSERVE_PC
# Running from : C:\Users\vkuznetsov\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08CE4475-615A-4ED1-B682-21490D905BED}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08CE4475-615A-4ED1-B682-21490D905BED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v

[ File : C:\Users\vkuznetsov\AppData\Roaming\Mozilla\Firefox\Profiles\yandex.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\vkuznetsov\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R2].txt - [1667 octets] - [12/11/2013 15:23:33]
AdwCleaner[S0].txt - [1442 octets] - [12/11/2013 15:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1502 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Enterprise x86
Ran by vkuznetsov on 12/11/13 at 15:41:40,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/13 at 15:43:23,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

OTL logfile created on: 12/11/13 15:47:35 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\vkuznetsov\Desktop

 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy

 

1,97 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 43,01% Memory free

3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,56 Gb Total Space | 53,30 Gb Free Space | 54,63% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 318,04 Gb Free Space | 86,40% Space Free | Partition Type: NTFS

 

Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\vkuznetsov\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_161_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\CCM\SCNotification.exe (Microsoft Corporation)

PRC - C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))

PRC - C:\Program Files\ABBYY Lingvo 12\LvAgent.exe (ABBYY (BIT Software))

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\da33c0e56a0139d84211b72513954735\SCNotification.ni.exe ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\e6148158755bfb61edbfdaeb4f54e113\SCClient.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\790aa3269f6a924303104efe3da6f8af\SCClient.Common.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\644dbdc66a606f0710557f8b1794bc35\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0f881bc8833c56ab7fcfef2bcc244441\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()

MOD - C:\Program Files\Notepad++\NppShell_05.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (CcmExec) -- C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\Windows\CCM\TSManager.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (CmRcService) -- C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)

SRV - (lppsvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)

SRV - (lpasvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)

SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found

DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found

DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131111.018\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131111.018\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (prepdrvr) -- C:\Windows\System32\drivers\PrepDrv.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\vkuznetsov\Desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yan...1787312&text=%s

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{9717a1766cc8ef8ed320ff954572b8cb}: "URL" =  http://nova.rambler....f&words={WORDS}

IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1

IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.bing.com/...Box&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = workflow.frigoglass.com;smtp.frigoglass.local;crm.frigoglass.com;hfm.frigoglass.group;owa.frigoglass.com;intranet.frigoglass.group;frigonet.frigoglass.group;grathplmdev01.frigoglass.group;Grathplmapl01.frigoglass.group;Grathplmdat01.frigoglass.group;grathnbk03.frigoglass.group;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Яндекс"

FF - prefs.js..browser.search.selectedEngine: "Яндекс"

FF - prefs.js..browser.search.suggest.enabled: true

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..keyword.enabled: true

FF - prefs.js..browser.startup.homepage: "http://www.yandex.ru...9&clid=2015152"

FF - prefs.js..keyword.URL: "http://yandex.ru/yan...=1787312&text="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_161.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2013/08/29 16:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions

[2013/11/01 08:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions\staged

[2013/07/02 09:48:54 | 000,007,859 | ---- | M] () -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\firefox\profiles\yandex.default\searchplugins\yandex.ru-094854.xml

[2013/06/13 20:45:26 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Яндекс (Enabled)

CHR - default_search_provider: search_url = http://yandex.ru/yan...t={searchTerms}

CHR - default_search_provider: suggest_url = http://suggest.yande...t={searchTerms}

CHR - homepage: http://www.yandex.ru/?clid=930634

 

O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo 12\Lvagent.exe (ABBYY (BIT Software))

O4 - HKCU..\Run: [Tutor.exe] C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Перевести с помощью ABBYY Lingvo... - C:\Program Files\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))

O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)

O15 - HKLM\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)

O15 - HKLM\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)

O15 - HKLM\..Trusted Domains: frigonet ([]http in Local intranet)

O15 - HKLM\..Trusted Domains: grathsps01 ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]https in Local intranet)

O15 - HKCU\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)

O15 - HKCU\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)

O15 - HKCU\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)

O15 - HKCU\..Trusted Domains: frigonet ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: grathccmps01 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: grathsps01 ([]http in Local intranet)

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://3d.stolplit.r...cortvrml165.cab (ParallelGraphics Cortona Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coolruore.frigoglass.group

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{665D7BBF-7CF2-4119-9C46-E7C42948F3A0}: DhcpNameServer = 192.168.60.10

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell - "" = AutoRun

O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell\AutoRun\command - "" = I:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/12 15:23:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/12 15:22:51 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\vkuznetsov\Desktop\JRT.exe

[2013/11/12 09:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/11/12 09:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/11/12 09:21:34 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2013/11/12 09:20:24 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2013/11/11 08:57:29 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Desktop\cure

[2013/11/08 14:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe

[2013/11/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/11/08 12:22:28 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Doctor Web

[2013/11/08 10:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/11/08 10:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/11/05 09:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/11/05 09:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2013/11/01 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\vlc

[2013/11/01 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/11/01 11:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2013/11/01 08:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft

[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Download, kEepoer

[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\61f064c042cc6ba4

[2013/11/01 08:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2013/10/22 13:33:45 | 000,000,000 | R--D | C] -- C:\Users\vkuznetsov\Desktop\FeS & FMS

[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++

[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++

[2013/10/22 13:01:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2013/10/22 13:01:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2013/10/18 15:02:54 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Documents\My Received Files

[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\ms

[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\{3DA228BE-34DA-49f4-A081-66465B077429}

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/12 15:45:46 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/12 15:45:46 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/12 15:40:46 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini

[2013/11/12 15:38:51 | 000,004,146 | RHS- | M] () -- C:\Users\vkuznetsov\ntuser.pol

[2013/11/12 15:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/12 15:37:30 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/12 15:22:51 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\vkuznetsov\Desktop\JRT.exe

[2013/11/12 14:19:52 | 000,062,730 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\KO.jpg

[2013/11/12 12:50:40 | 000,668,814 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\greetin.gif

[2013/11/12 09:54:16 | 000,002,192 | -H-- | M] () -- C:\Users\vkuznetsov\Documents\Default.rdp

[2013/11/12 09:21:34 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2013/11/12 09:20:46 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2013/11/12 08:38:34 | 001,085,542 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\AdwCleaner.exe

[2013/11/11 14:19:41 | 000,124,158 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\IjeAG1WcvBQ.jpg

[2013/11/08 14:59:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe

[2013/11/08 10:06:52 | 000,001,100 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Registry Life.lnk

[2013/11/08 10:04:00 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/11/05 09:08:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/11/01 11:20:02 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/11/01 09:12:35 | 000,019,151 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar

[2013/11/01 09:08:44 | 121,143,745 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac

[2013/10/22 13:12:18 | 000,001,025 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk

[2013/10/14 12:13:25 | 000,001,745 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog

[2013/10/14 12:13:17 | 000,685,612 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2013/10/14 12:13:17 | 000,645,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013/10/14 12:13:17 | 000,617,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/10/14 12:13:17 | 000,611,726 | ---- | M] () -- C:\Windows\System32\perfh01F.dat

[2013/10/14 12:13:17 | 000,133,020 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2013/10/14 12:13:17 | 000,129,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013/10/14 12:13:17 | 000,121,904 | ---- | M] () -- C:\Windows\System32\perfc01F.dat

[2013/10/14 12:13:17 | 000,106,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/10/14 12:13:17 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini

[2013/10/14 12:13:17 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h

 

========== Files Created - No Company Name ==========

 

[2013/11/12 14:20:25 | 000,062,730 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\KO.jpg

[2013/11/12 12:51:09 | 000,668,814 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\greetin.gif

[2013/11/12 08:38:34 | 001,085,542 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\AdwCleaner.exe

[2013/11/11 14:19:03 | 000,124,158 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\IjeAG1WcvBQ.jpg

[2013/11/08 10:04:00 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/11/05 09:08:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/11/01 11:20:02 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/11/01 09:12:35 | 000,019,151 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar

[2013/11/01 08:57:47 | 121,143,745 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac

[2013/10/22 13:11:01 | 000,001,025 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk

[2013/10/14 12:13:17 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini

[2013/10/14 12:13:17 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h

[2013/08/30 08:22:09 | 000,000,064 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Roaming\WB.CFG

[2012/09/07 10:58:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2012/09/07 10:58:27 | 000,645,360 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2012/09/07 10:58:27 | 000,129,918 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2012/09/07 10:58:27 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2012/09/07 10:40:47 | 000,611,726 | ---- | C] () -- C:\Windows\System32\perfh01F.dat

[2012/09/07 10:40:47 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat

[2012/09/07 10:40:47 | 000,121,904 | ---- | C] () -- C:\Windows\System32\perfc01F.dat

[2012/09/07 10:40:47 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat

[2012/08/24 09:03:15 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini

[2012/03/05 08:41:58 | 000,004,096 | -H-- | C] () -- C:\Users\vkuznetsov\AppData\Local\keyfile3.drm

[2011/08/30 10:53:57 | 000,000,017 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Local\resmon.resmoncfg

[2011/02/14 15:55:03 | 000,004,146 | RHS- | C] () -- C:\Users\vkuznetsov\ntuser.pol

[2011/02/14 15:54:32 | 000,005,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol

 

========== ZeroAccess Check ==========

 

[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 05:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< End of report >



#13 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 12 November 2013 - 11:37 AM

Hello vlad1s57,

did you install and use this proxy server:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080
 

***


Next steps:

1. Java
1.1 Uninstall old Java versions:
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
  • Downloaded Applications
  • Installed Applications and Applets
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo

#14 vlad1s57

vlad1s57

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 13 November 2013 - 01:45 AM

hi  Jo*,

 

To ur question: "did you install and use this proxy server:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080" - have no idea...

 

Java wasn't even installed on my pc. i installed the latest version.

 

Malware found no infected items on my pc (see screenshot attached)

 

Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
vkuznetsov :: FRIGOSERVE_PC [administrator]

Protection: Enabled

13/11/13 11:15:53
mbam-log-2013-11-13 (11-15-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256510
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ESET log (screenshot attached):

 

C:\Users\vkuznetsov\AppData\Roaming\Mozilla\Firefox\Profiles\yandex.default\extensions\staged\po93f9@yyyeb.edu\content\bg.js Win32/Adware.MultiPlug.H application
D:\FRIGOSERVE_PC\Backup Set 2013-11-12 084258\Backup Files 2013-11-12 084258\Backup files 1.zip Win32/Adware.MultiPlug.H application
 

 

can i simply delete (Shift+Del) the backup files from my pc?

 

PC works OK, no pop-ups, speed is OK. nothing strange at all...

Attached Thumbnails

  • 1.PNG
  • 2 threats.PNG

Edited by vlad1s57, 13 November 2013 - 03:59 AM.


#15 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 13 November 2013 - 07:08 AM


Hello vlad1s57,

do you have internet access through a company network?
Is the internet access related to frigoglass?
Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users