Приключен Toshiba Qosmio бъгва всеки път при стартиране на браузъра!

[kaligola_1]

Здравейте, ето го моят проблем, притежавам Toshiba Qosmio X 305-Q701,закупен от САЩ. Проблемът, е че лаптопът забива всеки път когато стартирам който и да е Browser, екранът става черен и звукът забива ако е имало пуснат звук разбира се. Няма клавишна комбинация, която да ми помогне след това, само задържане на Power бутона и включване на системата отново. В режим на Safe mode няма никакви проблеми. Лека вечер от мен, благодаря предварително 

[pataran]

Явен признак за некоректен драйвър...

[icotonev]

Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..!

[kaligola_1]

Здравейте, ще следвам стъпките но бих искал да попитам дали ще е проблем ако правя всички стъпки в Safe Mode, понеже не мога да ползвам Интернет в нормален режим? Благодаря

[kaligola_1]

Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..!

Здравейте, ето и съдържанието на First.txt ( не е в Safe Mode,както бях питал в предния пост в нормален режим е сканирането)

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56

Running from C:\Users\kaligola\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Alarm Me\AlarmMe.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\Program Files\csmk\nvsvc16.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)

HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)

HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)

Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.23.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default

FF Homepage: hxxp://mail.bg/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]

FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]

FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]

FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.bg/"

CHR DefaultSearchKeyword: Default -> isearch.avg.com

CHR DefaultSearchProvider: Default -> AVG Secure Search

CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}

CHR DefaultSuggestURL: Default -> http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]

CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]

CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]

CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]

CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]

CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]

CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]

CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]

CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]

S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent

2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log

2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}

2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox

2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox

2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat

2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log

2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job

2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype

2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job

2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log

2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job

2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla

2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer

2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam

2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help

2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job

2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump

2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache

2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype

2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk

2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

Some content of TEMP:

====================

C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll

C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 09:57

 

==================== End Of Log ============================Addition.txt

Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56

Running from C:\Users\kaligola\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Alarm Me\AlarmMe.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\Program Files\csmk\nvsvc16.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)

HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)

HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)

Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.23.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default

FF Homepage: hxxp://mail.bg/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]

FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]

FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]

FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.bg/"

CHR DefaultSearchKeyword: Default -> isearch.avg.com

CHR DefaultSearchProvider: Default -> AVG Secure Search

CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}

CHR DefaultSuggestURL: Default -> http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]

CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]

CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]

CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]

CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]

CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]

CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]

CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]

CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]

S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent

2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log

2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}

2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox

2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox

2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat

2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log

2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job

2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype

2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job

2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log

2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job

2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla

2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer

2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam

2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help

2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job

2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump

2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache

2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype

2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk

2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

Some content of TEMP:

====================

C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll

C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 09:57

 

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56

Running from C:\Users\kaligola\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Alarm Me\AlarmMe.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\Program Files\csmk\nvsvc16.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)

HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)

HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)

HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)

Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.23.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default

FF Homepage: hxxp://mail.bg/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]

FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]

FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]

FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]

FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.bg/"

CHR DefaultSearchKeyword: Default -> isearch.avg.com

CHR DefaultSearchProvider: Default -> AVG Secure Search

CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}

CHR DefaultSuggestURL: Default -> http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]

CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]

CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]

CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]

CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]

CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]

CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]

CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]

CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]

S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt

2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST

2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent

2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db

2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe

2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log

2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}

2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox

2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox

2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat

2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log

2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job

2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log

2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype

2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job

2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log

2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job

2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner

2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job

2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job

2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET

2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump

2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla

2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer

2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam

2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help

2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job

2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump

2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache

2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype

2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG

2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk

2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

Some content of TEMP:

====================

C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll

C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 09:57

 

==================== End Of Log ============================

Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..!

Понеже не съм сигурен, че съм копирал правилно съдържанието на FIRST.txt, ще го прикача към този отговор, дано не е проблем

FRST.txt

[icotonev]

Здравейте..!
 
Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система
 
 
  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

 

 

• В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

• 

 

• В главния прозорец на програмата , щракнете върху 'Update Now'
• След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
• Ако има налична актуализация , щракнете върху бутона Update Now button .
• Ще стартира Threat Scan.
• Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

 

•   След рестарта ,стартирайте Mbam още веднъж.
•   Кликнете на History tab > Application Logs .
•   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
•   Кликнете върху " Copy да Clipboard "

• 

 

•   Поставете  съдържанието на клипборда в следващия си  отговор.

[kaligola_1]

Здравейте , прикачам файлът според инструкциите. Благодаря

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11.9.2014 г.

Scan Time: 01:08:36 ч.

Logfile: Mbamexportlog.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.10.10

Rootkit Database: v2014.09.10.02

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: kaligola

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 355661

Time Elapsed: 19 min, 23 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 1

PUP.Keylogger, C:\Program Files\csmk\nvsvc16.exe, 3512, Delete-on-Reboot, [31cfa844e39845f1e53e3f19ed13f010]

 

Modules: 9

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

 

Registry Keys: 1

PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDPlus-V1.9, Quarantined, [2ed24e9edc9fbd79aa32a4c0b54fa858], 

 

Registry Values: 1

PUP.Keylogger, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvsvc16, C:\Program Files\csmk\nvsvc16.exe, Quarantined, [31cfa844e39845f1e53e3f19ed13f010]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

 

Files: 21

PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 

PUP.Keylogger, C:\Program Files\csmk\nvsvc16.exe, Delete-on-Reboot, [31cfa844e39845f1e53e3f19ed13f010], 

PUP.Keylogger, C:\Program Files\csmk\Myss.exe, Quarantined, [4fb147a51b60cf67091be771ea16b947], 

Trojan.Agent.CK, C:\Program Files\ESET\TNod-1.4.1-Final-r2-Portable.rar, Quarantined, [7b85fbf117649f9719162adf3fc6b34d], 

Riskware.Keygen, C:\Windows\AutoKMS.exe, Quarantined, [5aa68864fd7eb680fc0f6455c33d23dd], 

Worm.Sohanad, C:\Windows\SysWOW64\ijl11pro.DLL, Quarantined, [0bf5bd2fe794df571ea0c1bafc07cb35], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job, Quarantined, [f20e6785b6c564d295b2dc88b94b827e], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job, Quarantined, [0ff166866d0e65d11136f37111f3649c], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job, Quarantined, [ec14be2e4e2d87af49fe2e36c44030d0], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job, Quarantined, [ee12ac404833de58ae99283c4bb92ed2], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job, Quarantined, [38c8af3de398e84e7dca1153ec18fb05], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job, Quarantined, [1ae66d7ffb8085b1c384baaae222b64a], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job, Quarantined, [7f81b7355c1f3501b493b9ab14f031cf], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job, Quarantined, [43bd57952c4f7abc83c4550fd92b22de], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job, Quarantined, [ad5383697dfef4423d0a80e44cb825db], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\faq.url, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\help.chm, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\license.txt, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\unins000.dat, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\unins000.exe, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\website.url, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Fixlog.txt

[icotonev]

Здравейте..!Има ли промяна след процедурите до тук..?
 
Моля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

• • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

• Спрете временно работата на защитните програми.
• Стартирайте инструмента JRT.exe
• Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
• Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
• Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
• Моля копирайте съдържанието на лог файла в следващия си пост.
  
  

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

 

 

• Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
• Стартирайте файла FRST.exe.
• Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
• Сложете всички отметки.
• Натиснете бутона SCAN.
• Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
• Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

[kaligola_1]

 

Здравейте..!Има ли промяна след процедурите до тук..?

 

Моля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

• • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

• Спрете временно работата на защитните програми.
• Стартирайте инструмента JRT.exe
• Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
• Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
• Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
• Моля копирайте съдържанието на лог файла в следващия си пост.

  

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

 

 

• Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
• Стартирайте файла FRST.exe.
• Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
• Сложете всички отметки.
• Натиснете бутона SCAN.
• Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
• Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

Здравейте, първо искам да благодаря за всичко, което правите, за да решим проблема. Понеже попитахте дали има резултат, засега пак е така, пак бъгва всеки път щом стартирам браузър, но е задължително да е веднага. Сега в момента пиша този отговор и все още не е бъгнало, но  преди малко дори не можах да видя новите инструкции - бъгна докато напиша www.kaldata.com

 

Здравейте..!Има ли промяна след процедурите до тук..?

 

Моля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

• • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

• Спрете временно работата на защитните програми.
• Стартирайте инструмента JRT.exe
• Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
• Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
• Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
• Моля копирайте съдържанието на лог файла в следващия си пост.

  

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

 

 

• Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
• Стартирайте файла FRST.exe.
• Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
• Сложете всички отметки.
• Натиснете бутона SCAN.
• Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
• Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

# AdwCleaner v3.309 - Report created 12/09/2014 at 00:50:32

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : kaligola - KALIGOLA-PC

# Running from : C:\Users\kaligola\Downloads\adwcleaner_3.309.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

 

-\\ Mozilla Firefox v32.0 (x86 bg)

 

[ File : C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}

Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [13320 octets] - [07/09/2014 23:28:40]

AdwCleaner[R1].txt - [1909 octets] - [10/09/2014 02:05:11]

AdwCleaner[R2].txt - [1183 octets] - [12/09/2014 00:49:10]

AdwCleaner[s0].txt - [13601 octets] - [07/09/2014 23:29:52]

AdwCleaner[s1].txt - [1989 octets] - [10/09/2014 02:10:57]

AdwCleaner[s2].txt - [1697 octets] - [12/09/2014 00:50:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1757 octets] ##########

Току що бъгна пак и сега пиша и прикачвам другите файлове в Safe Mode

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by kaligola on ЇҐв 12.09.2014 Ј. at  0:54:59,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1373BA72-5012-496E-9F72-7A426DCF78BB}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\kaligola\AppData\Roaming\getrighttogo"

Successfully deleted: [Folder] "C:\Users\kaligola\AppData\Roaming\thinstall"

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{066A61F2-BFEB-4ED6-96D5-DFEFE5988C2B}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{0983CDFE-E8C2-4A2C-9DCA-737274277CF2}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{168FE49B-95FD-447A-808C-68B70E7F25E2}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{16E87C93-A95B-4928-A8A7-37E5722D7190}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{19030838-865D-4E17-8483-13EA84797843}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{32DABE37-6F08-4F7F-9977-810B3FF512A3}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{53E8B2B0-CB46-4E9E-BEC0-2BB98C88C992}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{5D1A88B2-BA7C-4E8D-9716-DFF85B5357FA}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{64B30A5B-714B-4E0A-A204-5BAB266CFAFF}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{6896D310-B9FB-4DF7-9030-2FBB6964E38B}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{739038F1-28D9-4B6E-9521-08692F1321AB}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{85971F7B-A43E-42F8-8EC6-F76F8DF1F715}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{88AD9743-F127-4719-B20B-4DEE323A27D4}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{A6CC1440-6537-4B99-BF92-DE0D6B3AF53A}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{BD57EEB3-9295-48C3-9CEE-57ED0CD0590F}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{E4A16C98-F6A1-47FB-8B66-4AF3EECDA114}

Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{F9D944C8-2108-4683-B1C2-65846BD1C112}

 

 

 

~~~ FireFox

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}

Emptied folder: C:\Users\kaligola\AppData\Roaming\mozilla\firefox\profiles\kk65alrp.default\minidumps [176 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\kaligola\appdata\local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on ЇҐв 12.09.2014 Ј. at  1:07:16,63

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

FIRST.txt

 

LastRegBack: 2014-09-06 09:57

 

==================== End Of Log ============================

Благодаря Ви отново, дано съм изпълнил правилно инструкциите. Лека вечер от мен, ще чакам следващите инструкции

Addition.txt

[icotonev]

Моля, изтеглете Farbar Service Scanner и я стартирайте.
 
 

• Сложете всички отметки и натиснете бутона "Scan".
• Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
• Прикачете лог файла в следващия си пост.

 
 
Изтеглете SystemLook (32-bit) или SystemLook (64-bit) и запазете програмата на десктопа.

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
• Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
  
  

  :filefind
  *RivaTuner64*
  
  :folderfind
  *RivaTuner64*
  
  :regfind
  *RivaTuner64*

• Кликнете на бутона Look, за да започне сканирането.
• Когато сканирането завърши ще се отвори Notepad с резултата от
• сканирането. После публикувайте лог файла в следващия си коментар.

 
 

Освен това изтеглете Autoruns и

• Стартирайте програмата;
• Изберете Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries;
• От менюто File -> Refresh;
• От менюто File -> Save...;
• Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание в zip формат и го прикачете към темата.
   

[kaligola_1]

 

Моля, изтеглете Farbar Service Scanner и я стартирайте.

 

 

• Сложете всички отметки и натиснете бутона "Scan".
• Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
• Прикачете лог файла в следващия си пост.

 

 

Изтеглете SystemLook (32-bit) или SystemLook (64-bit) и запазете програмата на десктопа.

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
• Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

  :filefind
  *RivaTuner64*
  
  :folderfind
  *RivaTuner64*
  
  :regfind
  *RivaTuner64*

• Кликнете на бутона Look, за да започне сканирането.
• Когато сканирането завърши ще се отвори Notepad с резултата от
• сканирането. После публикувайте лог файла в следващия си коментар.

 

 

Освен това изтеглете Autoruns и

• Стартирайте програмата;
• Изберете Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries;
• От менюто File -> Refresh;
• От менюто File -> Save...;
• Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание в zip формат и го прикачете към темата.

   

 

Здравейте и благодаря за усилията отново

 

SystemLook 30.07.11 by jpshortstuff

Log created at 01:20 on 13/09/2014 by kaligola

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*RivaTuner64*"

No files found.

 

========== folderfind ==========

 

Searching for "*RivaTuner64*"

No folders found.

 

========== regfind ==========

 

Searching for "*RivaTuner64*"

No data found.

 

-= EOF =-

FSS.txt

AutoRuns.zip

[icotonev]

Да, проблемът ви определено не се дължи на зловреден характер..!Ще ви по-късно сега имам лични ангажименти...Поздрави..!

[icotonev]

Здравейте..!Прочетете този пост и следвайте начина по който е обяснил колегата, за да си проверите всички драйвери и  е респективно да ги обновите.

[icotonev]

+

 

Изтеглете ComboFix от тук и го запазете на десктопа си.
How to use ComboFix
Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
Стартирайте Combo-Fix.com и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

[icotonev]

Здравейте..!Поради липса на комуникация с автора на темата ,тя се приключва...Ако имате все още нужда от помоща ни....пишете..!