Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CTB-Locker


  • Please log in to reply

#1
georgvasilev

georgvasilev

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 20.1.2015 г. 21:15:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows 2000 Professional Edition  (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'
 
1,87 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 23,62% Memory free
3,72 Gb Paging File | 2,37 Gb Available in Paging File | 63,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 27,08 Gb Free Space | 34,66% Space Free | Partition Type: NTFS
 
Computer Name: 6715S | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015.01.20 21:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2015.01.09 02:35:57 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.12.21 04:07:34 | 000,208,415 | ---- | M] () -- C:\WINDOWS\system32\C2MP\TrayMenu.exe
PRC - [2014.11.15 19:29:19 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe
PRC - [2014.09.12 20:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014.09.12 20:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.09.12 20:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014.04.14 19:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014.04.14 19:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2014.04.14 19:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\system32\java.exe
PRC - [2014.02.10 10:44:10 | 000,048,712 | ---- | M] () -- C:\WINDOWS\system32\C2MP\UpdateChecker.exe
PRC - [2013.10.24 17:50:00 | 000,685,928 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.11.27 18:42:12 | 000,384,280 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
PRC - [2010.01.27 10:08:12 | 000,098,304 | ---- | M] () -- C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe
PRC - [2009.11.17 09:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009.07.22 17:54:16 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 17:53:46 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe
PRC - [2008.04.14 04:42:32 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.08.23 14:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015.01.09 02:35:56 | 014,913,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
MOD - [2015.01.09 02:35:54 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015.01.09 02:35:48 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2014.12.21 04:07:34 | 000,208,415 | ---- | M] () -- C:\WINDOWS\system32\C2MP\TrayMenu.exe
MOD - [2014.02.10 10:44:10 | 000,048,712 | ---- | M] () -- C:\WINDOWS\system32\C2MP\UpdateChecker.exe
MOD - [2013.01.02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010.01.27 10:08:12 | 000,098,304 | ---- | M] () -- C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe
MOD - [2009.11.17 09:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
MOD - [2008.04.14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2015.01.14 18:15:45 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.21 15:45:07 | 000,114,288 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.09.12 20:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.14 19:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.11 19:28:42 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe -- (avp)
SRV - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.11.27 18:42:12 | 000,384,280 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2009.11.17 09:44:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2009.07.22 17:54:16 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 17:53:46 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.11.13 21:04:42 | 000,575,072 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013.11.13 21:04:41 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2013.10.11 19:28:40 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013.10.11 19:28:40 | 000,024,160 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013.06.06 17:38:20 | 000,145,120 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013.05.14 17:34:44 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.19 11:44:54 | 000,036,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2013.04.12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klpd.sys -- (klpd)
DRV - [2011.09.06 11:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2011.08.17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.08 22:33:06 | 000,131,000 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.11.17 09:44:54 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2009.06.23 18:29:46 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\amdide1.sys -- (amdide1)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.09.10 20:39:08 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.08.19 12:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.04.13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.08.13 14:46:30 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006.09.28 02:00:10 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.09.19 10:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 10:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 10:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2001.08.23 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchshock.com/?cid=4197
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg
IE - HKCU\..\SearchScopes,DefaultScope = {55F35958-741E-4ECC-94BB-9A3B601778F4}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosear...128493&tsp=5314
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.filebu...q={searchTerms}
IE - HKCU\..\SearchScopes\{3fb8cc69-60ef-45d9-b479-36a6489267e4}: "URL" = http://www.searchsho...Terms}&cid=4197
IE - HKCU\..\SearchScopes\{55F35958-741E-4ECC-94BB-9A3B601778F4}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{5bf0d361-002e-411e-81d2-ef40281496a3}: "URL" = http://www.searchsho...Terms}&cid=4197
IE - HKCU\..\SearchScopes\{721B4DBD-1F15-4482-B436-57EF370D2D22}: "URL" = http://www.buenosear...rchTerms}&r=885
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{e3068e09-1194-4bab-95ae-d923c8b6fec3}: "URL" = http://www.searchsho...Terms}&cid=4197
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js - File not found
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013.12.15 16:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013.12.15 16:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013.12.15 16:32:08 | 000,000,000 | ---D | M]
 
[2013.01.10 18:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2014.12.21 15:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\extensions
[2014.12.21 12:06:36 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}
[2014.12.21 12:06:37 | 000,000,000 | ---D | M] (Start Page) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}
[2014.12.21 12:06:37 | 000,000,000 | ---D | M] (Ebay Shopping Assistant by Spigot) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}
[2014.02.02 10:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles70t4f7sz.default\extensions
[2014.02.02 10:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles70t4f7sz.default\extensions\staged
[2013.01.12 23:33:30 | 000,002,432 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\babylon1.xml
[2013.08.04 16:21:34 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\bingp.xml
[2014.02.02 10:33:50 | 000,006,226 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\buenosearch.xml
[2013.01.12 23:03:11 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\MyStart Search.xml
[2014.09.04 12:55:37 | 000,008,119 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\SearchShock.xml
[2014.09.04 12:55:37 | 000,008,063 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\70t4f7sz.default\searchplugins\yahoo_ff.xml
[2014.12.21 15:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.12.21 15:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.12.21 15:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.12.21 15:44:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.12.21 15:45:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_2\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph\2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kaiaomcjnpnglpdjmkedmmckhmgljoge\2.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_2\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\miopbbpknmgfeghpplhlegcnknenpmmc\0.0.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ofddcjfikfghkmoapnjnmmflbcjohbic\0.0.0.3_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_3\
 
O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ModemListener] C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\user\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid cf3a8e5e4d4247d097d8d153353bb6da-b602d594afd2b0b327e07a06f36ca6a7e42546d0 --CMPID 0913b File not found
O4 - HKCU..\Run: [Codec Pack Update Checker] C:\WINDOWS\System32\C2MP\UpdateChecker.exe ()
O4 - HKCU..\Run: [iLivid] "C:\Documents and Settings\user\Local Settings\Application Data\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [Search Protection] C:\Documents and Settings\user\Application Data\Search Protection\SP.EXE ()
O4 - HKCU..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [uTorrent] C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk = C:\WINDOWS\system32\C2MP\TrayMenu.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Universal Media Server.lnk = C:\Program Files\Universal Media Server\UMS.exe (Universal Media Server)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Виртуальная клавиатура - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Проверка ссылок - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Zuma's%20Revenge!/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...ab?316013492093 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Zuma's%20Revenge!/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B76C202-7E82-4AC2-965F-2C2004690402}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 () - https://fbcdn-sphoto...221112390_n.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1980.01.06 15:01:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.01.20 21:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\www.shadowexplorer.com
[2015.01.20 19:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2015.01.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Firebird-2.1.5.18496-0_Win32
[2015.01.20 12:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015.01.19 21:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2015
[2015.01.17 18:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\CrashRpt
[2015.01.17 18:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GetNowUpdater
[2015.01.16 18:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\GetNowUpdater
[2015.01.16 18:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\GetnowUninstall
[2015.01.16 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TELEFUNKEN DPF 9322 user guide
[2014.12.25 11:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.01.20 21:30:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82A89A37-8860-4C72-A479-118CADFC0A5D}.job
[2015.01.20 21:27:50 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CEBEC28F-D516-4CBE-A468-4BAE377AC034}.job
[2015.01.20 21:04:06 | 000,137,737 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ShadowExplorer-0.9-portable.zip
[2015.01.20 19:52:46 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015.01.20 19:22:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.01.20 19:22:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015.01.20 19:21:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.01.20 19:21:32 | 2012,532,736 | -HS- | M] () -- C:\hiberfil.sys
[2015.01.19 20:31:55 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
[2015.01.19 20:31:51 | 001,164,299 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mxdofye.html
[2015.01.19 20:02:16 | 000,019,056 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lionesses.ZIP.imfatcn
[2015.01.18 18:10:01 | 000,100,624 | ---- | M] () -- C:\Documents and Settings\user\Desktop\GDD_ЗКПО.RAR.imfatcn
[2015.01.18 09:48:23 | 000,497,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.01.18 09:48:23 | 000,085,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.01.13 22:51:53 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2015.01.04 01:20:13 | 000,001,322 | ---- | M] () -- C:\WINDOWS\hms.ini
[2015.01.02 14:46:46 | 000,001,799 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.01.20 21:04:01 | 000,137,737 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ShadowExplorer-0.9-portable.zip
[2015.01.20 19:52:46 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015.01.19 20:31:53 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
[2015.01.19 20:12:26 | 001,164,299 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mxdofye.html
[2014.12.05 13:42:00 | 004,015,616 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2014.12.05 13:40:50 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014.12.05 13:39:22 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2014.12.05 13:39:20 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2014.12.05 13:39:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2014.12.05 13:39:08 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2014.12.05 13:39:08 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2014.12.05 13:39:06 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2014.12.05 13:39:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2014.12.05 13:38:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2014.10.03 11:18:14 | 000,241,296 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2014.09.25 23:53:04 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2014.08.13 22:13:29 | 000,000,136 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014.06.16 23:14:00 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hmsmpeg.ini
[2014.06.10 08:27:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\{E669D7AD-7744-4861-A63C-1CDF81B6335C}
[2014.05.22 18:49:20 | 000,000,070 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2014.05.22 18:49:20 | 000,000,022 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2014.05.21 18:36:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2014.04.08 22:50:26 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014.04.08 22:50:16 | 000,632,320 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014.03.31 18:04:53 | 000,001,322 | ---- | C] () -- C:\WINDOWS\hms.ini
[2014.03.31 18:04:50 | 000,000,134 | ---- | C] () -- C:\WINDOWS\hmssetup.ini
[2014.03.11 23:08:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\TempWmicBatchFile.bat
[2014.02.12 22:18:31 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\user\.swfinfo
[2014.02.04 23:18:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\MezzmoMediaServer.INI
[2014.02.02 10:36:34 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\user\ntuser.pol
[2014.01.17 00:11:51 | 000,606,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013.12.17 04:19:30 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2013.12.17 04:15:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2013.12.17 04:15:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\bass_tak.dll
[2013.12.17 03:28:34 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013.12.17 03:28:26 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013.12.17 03:28:18 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2013.12.17 03:28:18 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2013.12.17 03:28:18 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2013.12.17 03:27:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2013.12.17 03:27:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2013.12.17 03:27:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2013.12.17 03:27:16 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2013.12.17 03:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2013.12.17 03:27:14 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2013.12.17 03:27:14 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2013.12.17 03:27:10 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2013.12.17 03:26:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2013.12.17 03:26:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013.12.17 03:26:40 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2013.12.15 13:05:19 | 000,218,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.11.14 00:19:52 | 001,553,053 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1214440339-839522115-1801674531-1003-0.dat
[2013.11.14 00:19:50 | 000,213,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013.08.08 17:39:11 | 001,816,064 | ---- | C] () -- C:\WINDOWS\System32\libmysql_e.dll
[2013.03.28 19:03:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.03.18 16:18:49 | 000,723,539 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013.03.18 16:18:49 | 000,074,835 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.07.21 17:09:36 | 007,880,669 | ---- | C] () -- C:\Program Files\TDLNASetup.exe
 
========== ZeroAccess Check ==========
 
[2013.01.10 18:34:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.07.14 11:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013.01.23 21:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2015.01.19 20:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2013.10.15 08:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013.10.31 07:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013.01.12 23:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2015.01.19 20:08:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014.02.11 22:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conceiva
[2015.01.02 22:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Media Server
[2015.01.19 22:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014.01.22 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2014.12.25 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014.01.16 08:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2014.05.21 17:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2015.01.20 19:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2013.02.05 22:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2014.01.22 21:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
[2014.06.06 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014.02.11 22:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013.07.14 11:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2015.01.19 20:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.ACEStream
[2013.08.10 23:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\7go
[2014.04.18 07:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACEStream
[2015.01.19 20:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Babylon
[2015.01.20 16:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BrowserExtensions
[2014.07.20 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\buenosearch
[2013.03.14 10:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.fleetmon.fmx
[2014.02.02 10:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DefaultTab
[2014.03.16 13:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\eCyber
[2015.01.19 20:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\eType
[2015.01.20 18:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Firebird-2.1.5.18496-0_Win32
[2014.02.08 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FUPPES
[2015.01.17 18:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetNowUpdater
[2013.01.11 17:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
[2014.03.17 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iSafe
[2014.02.12 23:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MPC-HC
[2015.01.20 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\newnext.me
[2013.08.11 09:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PerformerSoft
[2013.08.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PriceGong
[2014.03.09 19:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung
[2014.12.21 12:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Protection
[2013.08.10 23:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SeeSimilar02
[2014.02.02 10:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SimilarSites
[2015.01.19 20:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SimpleTV V03
[2013.08.10 23:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpeedAnalysis2
[2014.05.21 19:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpinTop
[2014.04.14 19:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\systweak
[2015.01.19 20:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer
[2015.01.19 20:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TELEFUNKEN DPF 9322 user guide
[2013.01.10 18:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2013.02.05 22:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue
[2015.01.20 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2013.12.15 16:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Wise Disk Cleaner
[2015.01.20 21:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\www.shadowexplorer.com
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rtcshare.exe:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE09DDA8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 
< End of report >
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Didn't know anyone still ran Win 2000.  

 

Looks like you have already used ESET to remove the actual infection.  All I see are a couple of encrypted files on your desktop and the wallpaper left over from the infection.  As you probably know there is nothing anyone can do for your encrypted files.

http://www.bleepingc...are-information

 

Any file with a .imfatcn extension has been encrypted.

 

 We can clean up what is left:

 

Copy the text in the code box by highlighting and Ctrl + c
 
 
:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
[2014.12.21 15:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.12.21 15:44:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [iLivid] "C:\Documents and Settings\user\Local Settings\Application Data\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [Search Protection] C:\Documents and Settings\user\Application Data\Search Protection\SP.EXE ()
O4 - HKCU..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
[2015.01.19 20:31:55 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
[2015.01.19 20:31:51 | 001,164,299 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mxdofye.html
[2015.01.19 20:02:16 | 000,019,056 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lionesses.ZIP.imfatcn
[2015.01.18 18:10:01 | 000,100,624 | ---- | M] () -- C:\Documents and Settings\user\Desktop\GDD_ЗКПО.RAR.imfatcn
[2015.01.19 20:31:53 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Decrypt All Files imfatcn.bmp
[2015.01.19 20:12:26 | 001,164,299 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mxdofye.html
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 
I'm not sure how many of the following will run on your win 2000 but try them:
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
    Ron

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP