Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

JS/Kryptik.I trojan

This is a discussion on JS/Kryptik.I trojan within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have XP Pro SP3, and Eset Nod 32 warning Warning appiers wnen I open (some) Web pages. How to


 
 
Thread Tools Search this Thread
Old 07-26-2015, 02:41 AM   #1
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



I have XP Pro SP3, and Eset Nod 32 warning



Warning appiers wnen I open (some) Web pages. How to fix this? Combo fix, maybe?

Here are required files

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.51.2
Run by Suad at 11:37:28 on 2015-07-26
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1527.358 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\Suad\Application Data\uTorrent\uTorrent.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Program Files\WinZip\FAH\FAHWindow32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_51\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [uTorrent] "c:\documents and settings\suad\application data\utorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [Adobe Speed Launcher] 1437858478
mRun: [SkyTel] SkyTel.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [ThpSrv] thpsrv /logon
mRun: [TFNF5] TFNF5.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\suad\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fah.lnk - c:\program files\winzip\fah\FAHConsole.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WzPreloader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
TCP: Interfaces\{3D613E94-4D96-4B66-A027-6D91900CFB7C} : NameServer = 217.75.192.10 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\suad\application data\mozilla\firefox\profiles\zs188pgc.default-1436856498734\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-6-6 6144]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2015-4-20 128528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2006-6-6 5888]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2006-6-6 114688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-2 23256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-8 1133880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-6-3 327296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-1-5 1691480]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-6-6 35968]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-8 1871160]
.
=============== File Associations ===============
.
FileExt: .txt: emeditor.txt="c:\program files\emeditor\EMEDITOR.EXE" "%1"
FileExt: .js: Applications\firefox.exe="c:\program files\mozilla firefox\firefox.exe" -osint -url "%1" [UserChoice]
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-07-23 16:07:53 -------- d-----w- c:\windows\system32\idx
2015-07-18 16:58:26 -------- d-----w- c:\program files\FileHippo.com
2015-07-15 16:55:32 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 16:55:32 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 16:35:35 -------- d-----w- c:\documents and settings\suad\local settings\application data\Subtitle_Monster
2015-07-15 16:31:03 -------- d-----w- c:\documents and settings\suad\application data\SubtitleMonster
2015-07-15 16:30:29 -------- d-----w- c:\program files\Subtitle Monster
2015-07-14 00:42:47 -------- d-----w- c:\documents and settings\suad\local settings\application data\Chromium
2015-07-14 00:42:46 -------- d-----w- c:\documents and settings\suad\local settings\application data\Google
2015-07-14 00:42:45 -------- d-----w- c:\documents and settings\suad\application data\Yandex
.
==================== Find3M ====================
.
2015-07-23 17:42:09 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-18 23:02:20 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-18 23:02:17 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-07-13 18:00:00 112128 ----a-w- c:\windows\system32\ff_vfw.dll
2015-06-22 13:25:30 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-06-22 13:24:16 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-06-18 06:41:46 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 02:00:58 128528 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
============= FINISH: 11:38:30,51 ===============
Attached Files
File Type: txt attach.txt (16.4 KB, 31 views)
Suadnovic is offline  
Sponsored Links
Advertisement
 
Old 07-26-2015, 04:35 AM   #2
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



I think I got this junk after instaling KLM player update.
Suadnovic is offline  
Old 07-26-2015, 03:10 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing any sign of infection so far.

It sounds like NOD32 is doing its job. Do you trust that URL listed in your image?

Is that the only URL blocked by NOD32?

KMPlayer is ad supported, but doesn't appear to be malicious. Did it offer to install any 3rd party software/toolbars?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Add or Remove Programs.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 07-27-2015, 01:49 AM   #4
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



The point is, I have this ESET warning right after opening Firefox, with home page.
BTW, I findet many recomendations for removal,
but don't dare to delete registry items without guide.
And find
ADVANCED SYSTEM PROTECTOR
https://www.removevirustoday.com/en/t...-20150129.html
instaled and make scan. Strange, seems like he fixed things,
my FF was without ESET warning, but all bookmarks are freezed.
After uninstal ASP, everything back in old state, with ESET warning on opening.

ESET probably have list of suspicious sites, and ocassionaly block such sites, not every I open.
And yes KMPlayer installed some things, which I uninstall with Your Uninstaller! 7, I don'r remember what things.

I don't know what is https://utils.htmlclassatribute.com
I have just warning on it.
And I run ComboFix on my own, in attash is log file if this will help.
==============================================
Here is AdwCleaner file

# AdwCleaner v4.203 - Logfile created 27/07/2015 at 10:34:46
# Updated 30/04/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Suad - PITAGORA
# Running from : C:\Documents and Settings\Suad\My Documents\Downloads\Programs\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\dlsecuretb
Folder Deleted : C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] -

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.1 (x86 en-US)


-\\ Google Chrome v


-\\ Chromium v


-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [3976 bytes] - [05/04/2014 23:45:20]
AdwCleaner[R10].txt - [2437 bytes] - [27/07/2015 10:21:45]
AdwCleaner[R1].txt - [1135 bytes] - [08/04/2014 17:01:52]
AdwCleaner[R2].txt - [1492 bytes] - [23/05/2014 22:09:03]
AdwCleaner[R3].txt - [4499 bytes] - [25/05/2014 13:32:07]
AdwCleaner[R4].txt - [3942 bytes] - [16/09/2014 09:58:11]
AdwCleaner[R5].txt - [4002 bytes] - [16/09/2014 09:59:50]
AdwCleaner[R6].txt - [3694 bytes] - [10/05/2015 22:11:57]
AdwCleaner[R7].txt - [2586 bytes] - [19/05/2015 15:47:59]
AdwCleaner[R8].txt - [3353 bytes] - [14/07/2015 08:38:30]
AdwCleaner[R9].txt - [3224 bytes] - [18/07/2015 22:18:01]
AdwCleaner[S0].txt - [4129 bytes] - [05/04/2014 23:46:57]
AdwCleaner[S1].txt - [1207 bytes] - [08/04/2014 17:02:51]
AdwCleaner[S2].txt - [1565 bytes] - [23/05/2014 22:11:09]
AdwCleaner[S3].txt - [4189 bytes] - [25/05/2014 13:33:16]
AdwCleaner[S4].txt - [4113 bytes] - [16/09/2014 10:00:56]
AdwCleaner[S5].txt - [3818 bytes] - [10/05/2015 22:16:06]
AdwCleaner[S6].txt - [2452 bytes] - [19/05/2015 15:51:17]
AdwCleaner[S7].txt - [3458 bytes] - [14/07/2015 08:42:16]
AdwCleaner[S8].txt - [3322 bytes] - [18/07/2015 22:20:58]
AdwCleaner[S9].txt - [2371 bytes] - [27/07/2015 10:34:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2430 bytes] ##########

ComboFix 15-07-23.01 - Suad 23.07.2015 18:34:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1527.974 [GMT 2:00]
Running from: c:\documents and settings\Suad\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\15135362947764973570
c:\documents and settings\All Users\Application Data\15135362947764973570\047314c7f220c94a3afdb93f67c3cc8b.ini
c:\documents and settings\All Users\Application Data\15135362947764973570\2512925779072d413afdb93f67c3cc8b.ini
c:\documents and settings\All Users\Application Data\15135362947764973570\b8133bfbcfb1ec913afdb93f67c3cc8b.ini
c:\documents and settings\All Users\Application Data\15135362947764973570\d40dbe55dea40c5b3afdb93f67c3cc8b.ini
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2015-06-23 to 2015-07-23 )))))))))))))))))))))))))))))))
.
.
2015-07-23 16:07 . 2015-07-23 16:07 -------- d-----w- c:\windows\system32\idx
2015-07-18 16:58 . 2015-07-18 16:58 -------- d-----w- c:\program files\FileHippo.com
2015-07-15 16:55 . 2015-07-15 20:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 16:55 . 2015-07-15 20:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 16:35 . 2015-07-15 16:35 -------- d-----w- c:\documents and settings\Suad\Local Settings\Application Data\Subtitle_Monster
2015-07-15 16:31 . 2015-07-15 16:31 -------- d-----w- c:\documents and settings\Suad\Application Data\SubtitleMonster
2015-07-15 16:30 . 2015-07-15 16:30 -------- d-----w- c:\program files\Subtitle Monster
2015-07-14 00:42 . 2015-07-14 00:42 -------- d-----w- c:\documents and settings\Suad\Local Settings\Application Data\Chromium
2015-07-14 00:42 . 2015-07-14 00:42 -------- d-----w- c:\documents and settings\Suad\Local Settings\Application Data\Google
2015-07-14 00:42 . 2015-07-14 05:53 -------- d-----w- c:\documents and settings\Suad\Application Data\Yandex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-18 23:02 . 2014-10-21 23:41 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-18 23:02 . 2014-10-21 23:41 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-07-13 18:00 . 2015-05-22 07:15 112128 ----a-w- c:\windows\system32\ff_vfw.dll
2015-07-04 20:46 . 2014-04-08 16:33 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-22 13:25 . 2015-05-22 07:16 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-06-22 13:24 . 2015-05-22 07:16 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-06-18 06:41 . 2014-04-08 16:33 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2013-10-02 06:44 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 02:00 . 2015-04-20 12:53 128528 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-05-18 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-04 88204]
"TPSODDCtl"="TPSODDCtl.exe" [2006-05-19 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 102400]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-03-06 114688]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Suad\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-4-28 453808]
WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-4-28 126176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Suad^Start Menu^Programs^Startup^EmEditor.lnk]
path=c:\documents and settings\Suad\Start Menu\Programs\Startup\EmEditor.lnk
backup=c:\windows\pss\EmEditor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-29 14:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-05-07 14:03 1694560 ----a-w- c:\documents and settings\Suad\Application Data\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Suad\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FileHippo.com\\FileHippo.AppManager.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [28.12.2004 0:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [6.6.2006 15:27 6144]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.3.2010 17:12 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.3.2010 17:13 95872]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [20.4.2015 14:53 128528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [6.6.2006 15:31 5888]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.3.2010 17:12 810120]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [6.6.2006 15:31 114688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2.10.2013 8:44 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [8.4.2014 18:33 1133880]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 11:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2015 16:42 327296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.1.2014 19:29 1691480]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6.6.2006 15:49 35968]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\pfc027.sys [8.4.2005 10:46 162176]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [8.4.2014 18:33 1871160]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ISAFEKRNLMON
*NewlyCreated* - ISAFENETFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 20:39]
.
2015-07-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
2015-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
2015-07-23 c:\windows\Tasks\Opera scheduled Autoupdate 1387489762.job
- c:\program files\Opera\launcher.exe [2013-12-19 14:10]
.
2015-07-23 c:\windows\Tasks\User_Feed_Synchronization-{8F85813E-A342-4D93-B64D-825456CA8717}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2015-07-18 c:\windows\Tasks\WinZip Updater.job
- c:\windows\system32\wscript.exe [2006-06-06 11:24]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: Interfaces\{3D613E94-4D96-4B66-A027-6D91900CFB7C}: NameServer = 217.75.192.10 8.8.8.8
FF - ProfilePath - c:\documents and settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\
.
.
------- File Associations -------
.
.txt=emeditor.txt
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\Suad\Start Menu\Programs\Startup\ex-machina-english-subtitle.lnk - c:\documents and settings\All Users\Application Data\{54bcca8d-7775-2255-54bc-cca8d7772a35}\ex-machina-english-subtitle.exe --startup=1
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-07-23 18:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2b,5d,10,78,fe,0f,ac,a6,7a,1c,3c,20,33,24,d6,45,91,c2,86,8a,53,
25,f3,ba,a0,21,1d,87,31,57,c9,e2,10,c9,19,89,47,9f,b9,6b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d190aa2e-105d-400d-bbf3-46c366528057}]
@Denied: (Full) (Everyone)
"Model"=dword:00000091
"Therad"=dword:0000001f
"SpecVersion"=dword:00000058
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.0"
"UniqueId"="0022212E5244B788"
"ScannerBuild"=dword:00001ab4
"ScannerVersionId"=dword:00001377
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(b):dc,e7,c9,9c,04,35,b8,dd
"ei1"=hex(b):00,18,de,13,9d,df,00,00
"ei3"=hex(b):02,b8,44,52,00,00,00,00
"ei4"=dword:00000000
.
Completion time: 2015-07-23 18:43:04
ComboFix-quarantined-files.txt 2015-07-23 16:42
ComboFix2.txt 2015-05-09 19:06
ComboFix3.txt 2015-03-25 01:22
.
Pre-Run: 3.485.179.904 bytes free
Post-Run: 4.376.207.360 bytes free
.
- - End Of File - - 3617B3398184276CD1964596EC05F1B1
8F558EB6672622401DA993E1E865C861
Attached Files
File Type: txt ComboFix.txt (13.9 KB, 19 views)
Suadnovic is offline  
Old 07-27-2015, 11:04 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Suadnovic.

Who instructed you to run ComboFix? As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our First Steps thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

Advanced System Protector

Again, we do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-27-2015, 01:10 PM   #6
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\suad\my documents\downloads\malwarebytes_enterprise_edition_v1.3_cracked_version_downloa.txt
c:\documents and settings\suad\my documents\downloads\compressed\bs2661075\keygen.rar
c:\documents and settings\suad\my documents\downloads\compressed\em1444\crack-crd\crude.nfo
c:\documents and settings\suad\my documents\downloads\compressed\em1444\crack-crd\serial.txt
c:\documents and settings\suad\my documents\downloads\compressed\em1444\crack-crd\thumbs.db
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\ccleaner pro & business v4.06.4324\fix pro & business\crack pro + business(fix)\business\branding.dll
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\ccleaner pro & business v4.06.4324\fix pro & business\crack pro + business(fix)\professional\branding.dll
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\easy duplicate\cracked\easyduplicatefinder.exe
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\leapic video cutter v6.0\lz0\keygen.exe
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64\dxr8a.examdiff.pro.master.edition.7.0.1.20.x86x64\keygen-zwt.rar
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64\dxr8a.examdiff.pro.master.edition.7.0.1.20.x86x64\keygen-zwt\keygen.exe
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64\dxr8a.examdiff.pro.master.edition.7.0.1.20.x86x64\keygen-zwt\zwt.nfo
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack\utorrent pro 3.4.2 build 38429 stable + crack\instruçoes.txt
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack\utorrent pro 3.4.2 build 38429 stable + crack\utorrent stable(3.4.2 build 38429).exe
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack\utorrent pro 3.4.2 build 38429 stable + crack\crack\crack.exe
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack\utorrent pro 3.4.2 build 38429 stable + crack\crack\thumbs.db
c:\documents and settings\suad\my documents\downloads\programs\winzip.pro.19.5.build.11475.x86\keygen.exe
c:\documents and settings\suad\my documents\downloads\video\amcap.921-dkr\crack\amcap.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack.zip
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\bsplayer_pro269.1079.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\note.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\thanku.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\www.appzdam.blogspot.com.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\keygen\keygen.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\ccsetup505pro.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\info.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\www.4realtorrentz.wordpress.com.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\www.facebook.com4realtorrentz.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\dll files\business\branding.dll
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\dll files\professional\branding.dll
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\dll files\technician edition\branding.dll
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack\dll files\technician edition\ccleaner.dat
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\instructions.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\mhktricks.net.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\crack\ccleaner 5 all editions universal crack.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\crack\mhktricks.net.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\setup\mhktricks.net.url
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack\setup\setup.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger]\readme!.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger]\crack\easyduplicatefinder.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0\crack.rar
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0\crack\regcurepro.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack\readme.txt
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack\st-wizard-setup.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack\crack\license
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack\crack\st-wizard.exe
c:\program files\ccleaner\crack.exe
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
scanner sequence 3.ZZ.11.BENABZ
----- EOF -----
Suadnovic is offline  
Old 07-27-2015, 06:37 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
c:\documents and settings\suad\my documents\downloads\malwarebytes_enterprise_edition_v1.3_cracked_version_downloa.txt
c:\documents and settings\suad\my documents\downloads\compressed\bs2661075\keygen.rar
c:\program files\ccleaner\crack.exe
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\easy duplicate\cracked\easyduplicatefinder.exe
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\leapic video cutter v6.0\lz0\keygen.exe
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64\dxr8a.examdiff.pro.master.edition.7.0.1.20.x86x64\keygen-zwt\keygen.exe
c:\documents and settings\suad\my documents\downloads\programs\winzip.pro.19.5.build.11475.x86\keygen.exe
c:\documents and settings\suad\my documents\downloads\video\amcap.921-dkr\crack\amcap.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdam\bsplayer_pro269.1079.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger]\crack\easyduplicatefinder.exe
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0\crack.rar
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

AMCap
µTorrent
AMCap
BS.Player PRO
CCleaner
Leapic Media Cutter 6.0
Subtitle Translation Wizard 4.2
WinZip 19.5


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-27-2015, 11:41 PM   #8
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



Ok, removed all, warning is still here.
Suadnovic is offline  
Old 07-28-2015, 04:14 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Run FRST64 again, and post/attach the logs as before. Make sure you tick the Addition.txt box before scanning.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-28-2015, 04:29 AM   #10
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



You meen FRST 32, my lap has 32 bit processor
Suadnovic is offline  
Old 07-28-2015, 04:35 AM   #11
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



And what to use for torrent files? I like to watch movies.
And forget to say, warning appear also when I open Opera.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2015
Ran by Suad (administrator) on PITAGORA (28-07-2015 13:30:22)
Running from C:\Documents and Settings\Suad\Desktop
Loaded Profiles: Suad (Available Profiles: Suad & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SkyTel.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\00THotkey.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA Corp.) C:\WINDOWS\system32\TFNF5.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\WINDOWS\system32\osk.exe
(Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\WINDOWS\system32\PAStiSvc.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA) C:\Program Files\Toshiba\TME3\TMESRV31.EXE
(TOSHIBA) C:\Program Files\Toshiba\TME3\TMEEJME.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ESTsoft Corp.) C:\Program Files\ESTsoft\ALSong\ALSong.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1448960 2006-04-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [00THotkey] => C:\WINDOWS\system32\00THotkey.exe [253952 2006-05-18] (TOSHIBA Corporation)
HKLM\...\Run: [000StTHK] => C:\WINDOWS\system32\000StTHK.exe [24576 2001-06-23] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88204 2006-03-04] (Agere Systems)
HKLM\...\Run: [TPSODDCtl] => C:\WINDOWS\system32\TPSODDCtl.exe [102400 2006-05-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => thpsrv /logon
HKLM\...\Run: [TFNF5] => C:\WINDOWS\system32\TFNF5.exe [622592 2006-04-11] (TOSHIBA Corp.)
HKLM\...\Run: [TouchED] => C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [102400 2005-08-31] (TOSHIBA Corporation)
HKLM\...\Run: [TOSDCR] => C:\WINDOWS\system32\TOSDCR.EXE [57344 2005-12-12] (TOSHIBA Corporation)
HKLM\...\Run: [TMESRV.EXE] => C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [114688 2006-03-06] (TOSHIBA)
HKLM\...\Run: [TosHKCW.exe] => C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [49152 2005-05-17] (TOSHIBA CORPORATION)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-10-06] (Sonic Solutions)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2145000 2010-03-29] (ESET)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-07-24] (Tonec Inc.)
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\...\RunOnce: [Adobe Speed Launcher] => 1438065990
Startup: C:\Documents and Settings\Suad\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk [2015-07-07]
ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-07-24] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Policy restriction on ProxySettings)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> {8975E3BF-2D41-4078-B3B4-9F13715CE2C9} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> {94CE5872-6948-40D7-BC07-138FC502F062} URL = https://addons.alltheinternet.com/texis/open/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06] (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} https://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{3D613E94-4D96-4B66-A027-6D91900CFB7C}: [NameServer] 217.75.192.10 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\searchplugins\urban-dictionary.xml [2015-07-26]
FF SearchPlugin: C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\searchplugins\youtube-video-search.xml [2015-07-14]
FF Extension: Magnify It - C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\[email protected] [2015-07-18]
FF Extension: IE Tab - C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-07-14]
FF Extension: Video AdBlock for Firefox - C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-07-28]
FF Extension: Restart Button - C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\[email protected] [2015-07-14]
FF Extension: Secure Login - C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\Extensions\[email protected] [2015-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-26]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-27]
FF HKU\S-1-5-21-391094972-1096999475-3888860593-1005\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Suad\Application Data\IDM\idmmzcc7
FF Extension: IDM integration - C:\Documents and Settings\Suad\Application Data\IDM\idmmzcc7 [2015-07-25]
FF HKU\S-1-5-21-391094972-1096999475-3888860593-1005\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Suad\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Suad\Application Data\IDM\idmmzcc5 [2015-07-10]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Suad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-18] (TOSHIBA CORPORATION) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33560 2010-03-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810120 2010-03-29] (ESET)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-11-28] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-11-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] () [File not signed]
R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [167936 2006-05-18] (TOSHIBA Corporation) [File not signed]
R2 Tmesrv; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [114688 2006-03-06] (TOSHIBA) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2013-09-26] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-10-06] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-10-06] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-10-06] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [140216 2010-03-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [114984 2010-03-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [95872 2010-03-29] (ESET)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [128528 2015-06-12] (Tonec Inc.)
S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [35968 2005-06-10] (Infineon Technologies AG)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) [File not signed]
R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-28] (TOSHIBA Corporation) [File not signed]
R1 TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [5888 2004-06-16] (Toshiba Corporation) [File not signed]
R3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
R0 TVALZ; C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [16768 2005-12-26] (TOSHIBA Corporation) [File not signed]
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\Suad\LOCALS~1\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
S3 PAC207; system32\DRIVERS\pfc027.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:30 - 2015-07-28 13:30 - 00019708 _____ C:\Documents and Settings\Suad\Desktop\FRST.txt
2015-07-28 13:27 - 2015-07-28 13:27 - 01650688 _____ (Farbar) C:\Documents and Settings\Suad\Desktop\FRST.exe
2015-07-28 11:03 - 2015-07-28 11:03 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-28 10:19 - 2015-07-28 10:19 - 00000656 _____ C:\WINDOWS\Tasks\klcp_update.job
2015-07-28 10:19 - 2015-07-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-07-28 10:19 - 2015-06-22 15:25 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-07-28 10:19 - 2015-06-22 15:24 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-07-28 10:19 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-07-28 10:19 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-07-28 10:19 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-07-28 10:18 - 2015-07-28 10:19 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-07-28 10:18 - 2015-07-21 20:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-07-28 10:18 - 2011-06-22 16:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-07-28 09:34 - 2015-07-28 09:34 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Get Hard (2015)
2015-07-28 09:29 - 2015-07-28 09:29 - 00000790 _____ C:\Documents and Settings\All Users\Start Menu\ALZip.lnk
2015-07-28 09:22 - 2015-07-28 09:22 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\ECRSC
2015-07-27 10:32 - 2015-07-28 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-07-26 11:47 - 2015-07-26 14:04 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Frank the ******* (2013)
2015-07-25 23:02 - 2015-07-25 23:02 - 00001063 _____ C:\WINDOWS\setupapi.log
2015-07-23 18:43 - 2015-07-23 18:43 - 00014230 _____ C:\ComboFix.txt
2015-07-23 18:43 - 2015-07-23 18:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-07-23 18:43 - 2015-07-23 18:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-07-23 18:07 - 2015-07-23 18:07 - 00000000 ____D C:\WINDOWS\system32\idx
2015-07-20 15:55 - 2015-07-20 15:57 - 00046467 _____ C:\Documents and Settings\Suad\Desktop\New Text Document.txt
2015-07-18 18:58 - 2015-07-18 18:58 - 00000000 ____D C:\Program Files\FileHippo.com
2015-07-18 18:21 - 2015-07-18 18:22 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Copenhagen (2014)
2015-07-16 07:45 - 2015-07-16 21:21 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Good Kill (2014)
2015-07-15 22:39 - 2015-07-28 13:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-15 18:55 - 2015-07-28 11:05 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 18:55 - 2015-07-28 11:05 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-15 18:35 - 2015-07-15 18:35 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\Subtitle_Monster
2015-07-15 18:31 - 2015-07-15 18:31 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\SubtitleMonster
2015-07-15 18:30 - 2015-07-15 18:30 - 00000000 ____D C:\Program Files\Subtitle Monster
2015-07-15 18:30 - 2015-07-15 18:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Subtitle Monster
2015-07-14 12:01 - 2015-07-14 12:06 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\The Glass Virgin (1995)
2015-07-14 11:45 - 2015-07-14 11:46 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\The Lost Continent (1968)
2015-07-14 02:42 - 2015-07-14 07:53 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\Yandex
2015-07-14 02:42 - 2015-07-14 02:42 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\Google
2015-07-14 02:42 - 2015-07-14 02:42 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\Chromium
2015-07-13 20:03 - 2015-07-13 20:04 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Terminator Genisys (2015)
2015-07-12 10:09 - 2015-07-17 23:26 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Danny Collins (2015)
2015-07-12 08:10 - 2015-07-14 03:29 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Love Eternal (2013)
2015-07-09 09:08 - 2015-07-26 11:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Subtitle Edit
2015-07-08 23:15 - 2015-07-08 23:19 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Shakespeare The Animated Tales- A Midsummer Night
2015-07-08 09:45 - 2015-07-08 09:45 - 00001464 _____ C:\Documents and Settings\Suad\Desktop\Clear Memory.rundll32.exe.lnk
2015-07-07 13:09 - 2015-07-07 13:09 - 00000000 ____D C:\Documents and Settings\Suad\My Documents\My Notebook
2015-07-07 08:12 - 2015-07-07 09:22 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Strange Blood (2015)
2015-07-03 22:05 - 2015-07-04 09:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-30 01:00 - 2015-06-30 06:26 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Hungry Hearts (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 13:30 - 2014-07-31 08:19 - 00000000 ____D C:\FRST
2015-07-28 13:30 - 2013-09-26 20:35 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Temp
2015-07-28 12:00 - 2014-11-10 20:15 - 00000452 _____ C:\WINDOWS\Tasks\WinZip Updater.job
2015-07-28 11:05 - 2013-09-26 20:35 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\Adobe
2015-07-28 10:21 - 2013-10-19 17:07 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\Skype
2015-07-28 10:18 - 2013-09-26 23:33 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\VIDEOSOFT
2015-07-28 10:12 - 2013-10-03 04:13 - 00000000 ____D C:\Program Files\Notepad++
2015-07-28 10:10 - 2013-10-19 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-07-28 09:37 - 2013-10-08 17:26 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\gtk-2.0
2015-07-28 09:34 - 2014-05-16 14:52 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\APLIKACIJE
2015-07-28 09:29 - 2013-12-08 16:03 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\ESTsoft
2015-07-28 09:29 - 2013-12-08 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Estsoft
2015-07-28 09:29 - 2013-12-08 16:02 - 00000000 ____D C:\Program Files\ESTsoft
2015-07-28 09:29 - 2013-12-08 16:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESTsoft
2015-07-28 09:23 - 2013-09-27 16:08 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\MULTIMEDIA
2015-07-28 09:22 - 2013-12-08 16:02 - 00000830 _____ C:\Documents and Settings\All Users\Start Menu\ALSong.lnk
2015-07-28 09:21 - 2006-06-06 13:56 - 00000000 ____D C:\WINDOWS\Resources
2015-07-28 09:02 - 2006-06-06 13:09 - 01304510 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-28 08:47 - 2013-09-26 20:44 - 00000000 ___RD C:\Documents and Settings\Suad\Desktop\Web
2015-07-28 08:47 - 2006-06-06 11:55 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-28 08:46 - 2014-06-04 05:52 - 00000394 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1387489762.job
2015-07-28 08:46 - 2014-03-19 18:07 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-28 08:46 - 2013-12-19 23:49 - 00000000 ____D C:\Program Files\Opera
2015-07-28 08:46 - 2013-10-19 18:03 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-28 08:46 - 2013-10-19 18:03 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-28 08:46 - 2006-06-06 13:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-28 08:45 - 2013-09-26 20:35 - 00000178 ___SH C:\Documents and Settings\Suad\ntuser.ini
2015-07-28 08:45 - 2006-06-06 13:14 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-28 08:44 - 2006-06-06 13:56 - 00000000 ____D C:\WINDOWS\twain_32
2015-07-28 08:44 - 2006-06-06 11:55 - 00000858 _____ C:\WINDOWS\win.ini
2015-07-28 08:39 - 2013-09-26 22:05 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\uTorrent
2015-07-28 08:35 - 2013-09-27 06:24 - 00013057 _____ C:\missing.ini
2015-07-28 08:34 - 2015-05-13 10:40 - 00000000 ____D C:\Program Files\WinZip
2015-07-28 08:34 - 2013-09-26 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-07-28 08:26 - 2014-09-07 12:20 - 00000000 ____D C:\Program Files\Subtitle Translation Wizard
2015-07-28 08:21 - 2013-10-19 19:21 - 00000000 ____D C:\Program Files\Noël Danjou
2015-07-28 08:18 - 2013-10-09 19:21 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\BSplayer PRO
2015-07-28 08:17 - 2014-07-08 22:39 - 00000000 ____D C:\Program Files\Leapic Media Cutter
2015-07-28 08:17 - 2013-09-27 01:06 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 08:16 - 2013-11-27 23:23 - 00000000 ____D C:\Program Files\CCleaner Repack
2015-07-28 08:15 - 2013-09-26 21:21 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\DMCache
2015-07-28 00:20 - 2013-09-27 04:40 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F85813E-A342-4D93-B64D-825456CA8717}.job
2015-07-28 00:00 - 2014-11-11 10:49 - 00000400 _____ C:\Documents and Settings\Suad\Desktop\Google Tips.txt
2015-07-27 10:35 - 2014-04-05 23:45 - 00000000 ____D C:\AdwCleaner
2015-07-26 11:55 - 2013-09-28 18:19 - 00000000 ____D C:\Program Files\Subtitle Edit
2015-07-26 09:15 - 2015-05-13 01:18 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\IDM
2015-07-25 23:05 - 2015-05-13 01:18 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-07-24 19:55 - 2013-09-26 20:35 - 00000000 ____D C:\Documents and Settings\Suad
2015-07-24 06:41 - 2006-06-06 13:14 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-07-23 19:42 - 2014-04-08 18:33 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 18:45 - 2006-06-06 13:14 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-23 18:43 - 2015-03-25 03:01 - 00000000 ____D C:\Qoobox
2015-07-23 18:40 - 2006-06-06 11:55 - 00000227 _____ C:\WINDOWS\system.ini
2015-07-22 22:15 - 2014-11-29 14:11 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\JDownloader 2.0
2015-07-22 12:44 - 2014-05-16 09:17 - 00001671 _____ C:\Documents and Settings\Suad\Desktop\Pasoši.txt
2015-07-22 11:23 - 2014-02-19 10:50 - 00003846 _____ C:\Documents and Settings\Suad\Desktop\Nema.txt
2015-07-22 08:13 - 2013-09-27 18:49 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\TechSmith
2015-07-19 01:04 - 2014-10-22 01:40 - 00000000 ____D C:\Program Files\Java
2015-07-19 01:03 - 2006-06-06 13:34 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-19 01:02 - 2014-10-22 01:41 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-07-19 01:02 - 2014-10-22 01:41 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-07-18 18:58 - 2014-10-02 09:20 - 00001687 _____ C:\Documents and Settings\Suad\Start Menu\Programs\FileHippo App Manager.lnk
2015-07-18 16:59 - 2014-01-05 19:33 - 00344736 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-391094972-1096999475-3888860593-1005-0.dat
2015-07-18 16:59 - 2014-01-05 19:33 - 00130458 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-07-16 00:11 - 2013-10-08 22:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 18:59 - 2015-02-19 18:06 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Fehér tenyér (2006)
2015-07-14 15:14 - 2013-09-26 21:45 - 00000000 ____D C:\Documents and Settings\Suad\My Documents\Sokoban 3
2015-07-14 03:27 - 2014-04-08 10:02 - 00000000 ____D C:\The KMPlayer
2015-07-14 02:42 - 2013-09-27 07:05 - 00000000 ____D C:\Documents and Settings\Suad\Local Settings\Application Data\Temp
2015-07-10 14:26 - 2015-06-12 12:25 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Tomorrowland (2015)
2015-07-10 09:56 - 2006-06-06 14:02 - 00603162 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-09 18:59 - 2013-12-12 15:29 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\vlc
2015-07-09 11:16 - 2015-06-04 16:16 - 00000000 ____D C:\Documents and Settings\Suad\Desktop\Hitler
2015-07-09 09:16 - 2013-09-28 18:19 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\Subtitle Edit
2015-07-08 23:50 - 2014-05-21 14:55 - 00000000 ____D C:\Portable aplications
2015-07-08 15:00 - 2014-03-19 18:07 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-08 07:45 - 2014-04-08 18:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-04 22:44 - 2014-04-08 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-04 22:39 - 2013-09-26 22:11 - 00000942 _____ C:\Documents and Settings\Suad\Start Menu\Programs\MediaInfo.lnk
2015-07-04 20:33 - 2013-09-26 22:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 08:49 - 2013-09-27 03:42 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-12-29 01:49 - 2014-10-22 01:33 - 0001137 _____ () C:\Documents and Settings\Suad\Application Data\DVDSubEdit.ini

Some files in TEMP:
====================
C:\Documents and Settings\Suad\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Suad\Local Settings\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
Attached Files
File Type: txt FRST.txt (33.7 KB, 20 views)
File Type: txt Addition.txt (29.5 KB, 22 views)
Suadnovic is offline  
Old 07-28-2015, 12:55 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Suadnovic. I actually meant to re-run dds, but FRST will work fine.

Quote:
And what to use for torrent files?
We don't recommend p2p programs, but can't forbid you from using them.

We do forbid users with cracked programs from getting help here, though.

------------------------------------------------------

Our tools don't look at Opera. If you still have trouble with Opera, you will need to reset it to default settings, or uninstall it, delete its folders, reboot, then re-install it.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

UpdateAdmin<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files\UpdateAdmin

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "%userprofile%\Local Settings\Application Data\updateadmin"

A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    c:\documents and settings\suad\my documents\downloads\malwarebytes_enterprise_edition_v1.3_cracked_version_downloa.txt
    c:\documents and settings\suad\my documents\downloads\compressed\bs2661075
    c:\documents and settings\suad\my documents\downloads\jdownloader transfers\ccleaner pro & business v4.06.4324
    c:\documents and settings\suad\my documents\downloads\jdownloader transfers\easy duplicate
    c:\documents and settings\suad\my documents\downloads\jdownloader transfers\leapic video cutter v6.0
    c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64
    c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack
    c:\documents and settings\suad\my documents\downloads\programs\winzip.pro.19.5.build.11475.x86s
    c:\documents and settings\suad\my documents\downloads\video\amcap.921-dkrs
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack.zip
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdams
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger]
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0
    c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack
    c:\program files\ccleaner
    Task: C:\WINDOWS\Tasks\WinZip Updater.job => Wscript.exe ;/nologo /B C:\Program Files\WinZip Updater\updater.ini
    C:\Program Files\WinZip Updater
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Policy restriction on ProxySettings)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> {94CE5872-6948-40D7-BC07-138FC502F062} URL = https://addons.alltheinternet.com/texis/open/search?q={searchTerms}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    Toolbar: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 IntelIde; No ImagePath
    S3 PAC207; system32\DRIVERS\pfc027.sys [X]
    C:\Program Files\Enigma Software Group
    C:\Documents and Settings\Suad\Application Data\uTorrent
    2015-07-28 08:18 - 2013-10-09 19:21 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\BSplayer PRO
    2015-07-28 08:17 - 2014-07-08 22:39 - 00000000 ____D C:\Program Files\Leapic Media Cutter
    2015-07-28 08:17 - 2013-09-27 01:06 - 00000000 ____D C:\Program Files\CCleaner
    2015-07-28 08:16 - 2013-11-27 23:23 - 00000000 ____D C:\Program Files\CCleaner Repack
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-28-2015, 01:57 PM   #13
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Suad at 2015-07-28 22:46:34 Run:1
Running from C:\Documents and Settings\Suad\Desktop\fixi
Loaded Profiles: Suad (Available Profiles: Suad & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
c:\documents and settings\suad\my documents\downloads\malwarebytes_enterprise_edition_v1.3_cracked_version_downloa.txt
c:\documents and settings\suad\my documents\downloads\compressed\bs2661075
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\ccleaner pro & business v4.06.4324
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\easy duplicate
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\leapic video cutter v6.0
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack
c:\documents and settings\suad\my documents\downloads\programs\winzip.pro.19.5.build.11475.x86s
c:\documents and settings\suad\my documents\downloads\video\amcap.921-dkrs
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack.zip
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdams
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger]
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack
c:\program files\ccleaner
Task: C:\WINDOWS\Tasks\WinZip Updater.job => Wscript.exe ;/nologo /B C:\Program Files\WinZip Updater\updater.ini
C:\Program Files\WinZip Updater
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Policy restriction on ProxySettings)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> {94CE5872-6948-40D7-BC07-138FC502F062} URL = https://addons.alltheinternet.com/texis/open/search?q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-391094972-1096999475-3888860593-1005 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - https://clients2.google.com/service/update2/crx
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
S3 PAC207; system32\DRIVERS\pfc027.sys [X]
C:\Program Files\Enigma Software Group
C:\Documents and Settings\Suad\Application Data\uTorrent
2015-07-28 08:18 - 2013-10-09 19:21 - 00000000 ____D C:\Documents and Settings\Suad\Application Data\BSplayer PRO
2015-07-28 08:17 - 2014-07-08 22:39 - 00000000 ____D C:\Program Files\Leapic Media Cutter
2015-07-28 08:17 - 2013-09-27 01:06 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 08:16 - 2013-11-27 23:23 - 00000000 ____D C:\Program Files\CCleaner Repack
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
c:\documents and settings\suad\my documents\downloads\malwarebytes_enterprise_edition_v1.3_cracked_version_downloa.txt => moved successfully.
c:\documents and settings\suad\my documents\downloads\compressed\bs2661075 => moved successfully.
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\ccleaner pro & business v4.06.4324 => moved successfully.
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\easy duplicate => moved successfully.
c:\documents and settings\suad\my documents\downloads\jdownloader transfers\leapic video cutter v6.0 => moved successfully.
c:\documents and settings\suad\my documents\downloads\programs\examdiff.pro.master.edition.7.0.1.20.x86x64 => moved successfully.
c:\documents and settings\suad\my documents\downloads\programs\utorrent pro 3.4.2 build 38429 stable + crack => moved successfully.
"c:\documents and settings\suad\my documents\downloads\programs\winzip.pro.19.5.build.11475.x86s" => File/Folder not found.
"c:\documents and settings\suad\my documents\downloads\video\amcap.921-dkrs" => File/Folder not found.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack.zip => moved successfully.
"c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\bs.player 2.69 build 1079 + keygen - appzdams" => File/Folder not found.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.05.5176 incl. business, technician and professional edition + crack => moved successfully.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\ccleaner 5.07.5261 setup + all editions crack => moved successfully.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\easy duplicate finder v4.4.0.221 incl crack [tordigger] => moved successfully.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\regcure pro 3.1.6.0 => moved successfully.
c:\documents and settings\suad\my documents\downloads\µtorrent\završeni transferi\subtitle.translation.wizard.4.2.1.build.03.07.2014+crack => moved successfully.
c:\program files\ccleaner => moved successfully.
C:\WINDOWS\Tasks\WinZip Updater.job => moved successfully.
C:\Program Files\WinZip Updater => moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1CE11B51" ADS removed successfully..
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94CE5872-6948-40D7-BC07-138FC502F062}" => key removed successfully.
HKCR\CLSID\{94CE5872-6948-40D7-BC07-138FC502F062} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-391094972-1096999475-3888860593-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => value removed successfully.
HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully.
"HKU\S-1-5-21-391094972-1096999475-3888860593-1005\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully.
esgiguard => service removed successfully.
IntelIde => service removed successfully.
PAC207 => service removed successfully.
C:\Program Files\Enigma Software Group => moved successfully.
C:\Documents and Settings\Suad\Application Data\uTorrent => moved successfully.
C:\Documents and Settings\Suad\Application Data\BSplayer PRO => moved successfully.
C:\Program Files\Leapic Media Cutter => moved successfully.
"C:\Program Files\CCleaner" => File/Folder not found.
C:\Program Files\CCleaner Repack => moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f =========


The operation completed successfully


========= End of Reg: =========

EmptyTemp: => 480.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:49:40 ====
Suadnovic is offline  
Old 07-28-2015, 02:03 PM   #14
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



Warning is still here at Firefox start.
Suadnovic is offline  
Old 07-28-2015, 07:04 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Suadnovic. Do you know exactly what date you started getting the notifications?

When you go FF > Tools > Add-ons > Extensions and Plugins, do you see anything you did not install?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-28-2015, 11:20 PM   #16
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



I recall it was after KMlayer intallation I haved Яндекс instaled in Firefox and some other junk which I uninstall with Your Uninstaller 7. Have he something like Events viewer?
Suadnovic is offline  
Old 07-29-2015, 12:02 AM   #17
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



Malwarebytes Anti-Malware finished job, and after reboot warning wanished!
============
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29.7.2015
Scan Time: 8:05:51
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.29.01
Rootkit Database: v2015.07.29.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Suad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353769
Time Elapsed: 31 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected], Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\modules, Quarantined, [a3e2c423395178be2fe3987305fe9868],

Files: 21
PUP.Optional.Amonetize.A, C:\Documents and Settings\Suad\Application Data\IDM\DwnlData\Suad\srt-20subtitle-20editor_10924__452\srt-20subtitle-20editor_10924_.exe, Quarantined, [f78e2abd4c3ea591b63e0f6228dd6b95],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome.manifest, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\install.rdf, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\html5slider.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\jquery-1.8.3.min.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\magnify.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\main.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\main.xul, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\options.html, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\options.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\tr.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\content\vgValidatorLoc.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\button.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\icon32x32-disabled.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\icon32x32.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\options.css, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\options_bg.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\otaznik.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\chrome\skin\slider.png, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\modules\AddonInfo.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],
PUP.Optional.MagnifyIt.A, C:\Documents and Settings\Suad\Application Data\Mozilla\Firefox\Profiles\zs188pgc.default-1436856498734\extensions\[email protected]\modules\PrefMan.js, Quarantined, [a3e2c423395178be2fe3987305fe9868],

Physical Sectors: 0
(No malicious items detected)


(end)
========================
Seems to be, cause was MagnifyIt?
Suadnovic is offline  
Old 07-29-2015, 09:19 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Suadnovic. Yes, that appears to have been the problem. Can't find much about it on the net though.

https://malwr.com/analysis/NzQ4ZDc0N...Q3MDc4ZTkxYWY/

Glad to hear it is gone. If there are no other problems...

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable NOD32 before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows XP support has ended - Microsoft Windows

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-29-2015, 11:15 AM   #19
Registered Member
 
Join Date: Dec 2007
Posts: 153
OS: XP Pro



chemist, thank you so much for help, and (patiens). I do all you recommended. I don't find any critical updates for XP, (automatic updates is always turn on), And I doubt it will be some in future (support is terminated).
Because of all this problems with Firefox, I haved probably corrupted profile, so I uninstall it and make new installation (and forget to backup data, so lose all bookmarks and passwords). Everything other is Ok, as far.
Unfortunetly, can't disable java, I'm almost always on Facebook playing chess.
And what do you think about AdblockPlus and NoScript?
WOT is Ok, but ugly.
Suadnovic is offline  
Old 07-29-2015, 01:02 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Suadnovic! Glad to have helped.

I have used both AdblockPlus and/or NoScript on some of my machines. I like them.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware/trojan help
Hello, My computer is running considerably slower than normal. Additionally, the computer appears to be infected by the trojan Cryptowall. Thanks in advance for your help. FYI I do not have a boot CD (or CD drive) easily accessible. Here is my DDS log: DDS (Ver_2012-11-20.01) -...
challett Resolved HJT Threads 25 12-15-2014 08:43 AM
can't install or uninstall programs
I've tried to install my printer software but when it gets to the last phase of the installation process it says 'unable to install software' I tried to download and install AVG 2012 and the same thing it got to the last step and said set up error: general internal error: additional message:MSI...
reedkwize1 Virus/Trojan/Spyware Help 59 11-10-2011 04:40 PM
Malware/popup/redirects
Hi Recently my machines been running very slow (Win XP, SP 4), then recently on Mozilla 4.0 new tabs started appearing. I found a folder in Documents and Settings/Network Service/Local Settings which was 'temp' which had lots of jpgs/html/javascript, like these were the dodgy HTML pages...
psj3809 Resolved HJT Threads 48 04-14-2011 01:45 PM
url redirects plus some other spurious behavior
Was unable to complete an Amazon transaction yesterday -- checkout pages wouldn't load without repeated attempts. Then found that search engine results were being redirected. Tried System Restore to several different known-clean restore points -- all failed. Have also noticed these intermittent...
tooleyweeds Resolved HJT Threads 14 04-13-2011 11:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:13 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts