TechSpot

Slippery trackers

By reuch
Sep 7, 2014
  1. So , about 9 months ago , I started to encounter a slow down in my pc performance , so many lags in my online gaming , then unlikely , the pop ads windows rain my desktop , regardless of the add blocker extensions in my browser ( Mozilla ) or the internet security I have ( BDF TS ) , then some sites start to be blocked , and I can only browse them from VPN stuff ( hide my as.s - Anonymo X browser extension - Tor browser , etc ) , then One Day I opened my mozilla to get a connection disconnection page !!! little did I know at this time , encountering this for the time in my life , so a safe mode was my first alternative choice , and the next thing I knew I really could connect to my internet in the safe mode !!


    later after googling I know it was malware , I headed for a bunch of real-time & On-demand antivirus softwares , but the trend seems the same in most of them , when the software is freshly installed it is like Mr.Muscle catching some crap after the scan , but after 1 or 2 formats , it is a full time wasted drunk safety inspector , confirming that ur system is as clean as junky slu* -_-


    when this all started , I just had the BDF TS , so the first scan showed a bunch of PUP , a small cocktail of trojan generic ( about 4 types ) , then on second time scan it showed nothing , at the same time my internet was out of service in the normal mode !!! so for the first time I tried the mbam and after first scan in the safe mode , my internet was reachable again in normal mode , but still though the blocked sites and the spam of pop up ads didnt stop !


    so as usual the dumb easy solution I always run to , is formatting my system drive , installing fresh copy of windows , which really worked in the first time , but after a couple of days , the sites block , pop ads spam , the high ping and gaming lag are back again , and 2 days later the internet was off again ! a mbam scan in the safe mode showed nothing this time !!
    a couple of tardy formats later , I went back to a cave age win xp version ( my current state ) , which also showed no change , but the new crap was that the KIS and mbam both went crazy , notifying me that they both database are out of date , regardless of how many times I update them , nothing gives -_- , just also for informing you , my dvd is broken , so in order to format each time , I format my system drive using a CD win xp , then I install win 7 from a copy on my hard disk , which means the source of my win 7 is jammed among the all that crap


    later I installed a party of on-demand scan software on my pc , and where rouge killer caught about 4 tracker cookies , the hitman pro caught a lot of tracker cookies , eset on demand caught 33 infection ( pup included )where a variant of packed trojan AAA , ABD were identified Whilst the other softwares caught nothing ! but all logs are included


    Well , after a 10 month struggle , the thing that is killing me mostly is the sites blockage , which I believe the damn ****** tracker cookies are the cause for that ! I dont know if u can help after all that , but I am desperate to the max , I dont care for watever happens next , if u can stop the site block , then u will be my guardian angles !using proxies , VPN is a straight way suicidal , I cant open a lot sites , especially the streaming ones , on some sites I got streaming error message like " this video is not available now " , or " streaming server error " , on other sites the videos work normally , but the related videos thumbnails are broken ! all the videos thumbnails on these sites are broken ! ONCE I HIDE MY IP ALL THIS IS GONE !


    if u can nominate a non-provocative blind real-time internet security software , even before all this started , the BDF TS went crazy blocking most of my apps , regardless of the exception I make in its firewall , and I finally I had to remove it , and when I substituted it with the KIS , things went worse -_-



    All I want is help to surf the internet without hidden identity , without being blocked !
     
  2. reuch

    reuch TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.16674
    Run by X at 18:34:23 on 2014-09-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2217 [GMT 4.5:30]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxapps.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\THEKMP~1\KMPlayer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\osk.exe
    C:\WINDOWS\system32\MSSWCHX.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender 2015\bdwtxag.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [Bdagent] "c:\program files\bitdefender\bitdefender 2015\bdagent.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
    dRunOnce: [nltide_2] regsvr32 /s /n /I:U shell32
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{CF609D1E-97DD-4B77-AF6C-24905EF17D10} : DHCPNameServer = 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 141.0.174.38 xvideos.com
    Hosts: 141.0.174.39 www.xvideos.com
    Hosts: 141.0.173.209 static.xvideos.com
    Hosts: 199.16.156.198 twitter.com
    Hosts: 69.55.53.7 forum.xnxx.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\x\application data\mozilla\firefox\profiles\l83mi5s4.default\
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\documents and settings\x\application data\mozilla\firefox\profiles\l83mi5s4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-9-5 1060312]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-9-5 165744]
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\bin\a2ddax86.sys [2014-9-6 22056]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2014-9-5 72704]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-8-31 109768]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-23 142648]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-9-5 106248]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-5 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-5 860472]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2015\updatesrv.exe [2014-9-5 54424]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2014-9-5 99856]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-9-5 528248]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2014-9-5 116688]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-5 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-5 110296]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-9-5 1691480]
    S3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-9-5 242504]
    S3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2015\bdparentalservice.exe [2014-9-5 69880]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-9-5 66832]
    S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2014-9-6 50200]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    .
    =============== Created Last 30 ================
    .
    2014-09-08 00:35:09 -------- d-----w- c:\documents and settings\x\local settings\application data\Identities
    2014-09-07 23:08:30 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2014-09-07 23:03:25 -------- d-----w- c:\program files\NEC Electronics
    2014-09-07 13:08:08 -------- d-----w- c:\documents and settings\all users\application data\Nexon
    2014-09-07 12:50:46 -------- d-----w- c:\documents and settings\all users\application data\NexonEU
    2014-09-07 11:48:06 -------- d-----w- c:\documents and settings\x\application data\SUPERAntiSpyware.com
    2014-09-07 11:47:28 -------- d-----w- c:\program files\SUPERAntiSpyware
    2014-09-07 11:47:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2014-09-07 10:54:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2014-09-07 10:41:51 -------- d-----w- c:\documents and settings\x\local settings\application data\Google
    2014-09-06 19:04:00 -------- d-----w- C:\FRST
    2014-09-05 23:30:10 -------- d-----w- c:\documents and settings\x\local settings\application data\ATI
    2014-09-05 21:02:14 -------- d-----w- C:\EEK
    2014-09-05 13:41:08 -------- d-----w- c:\program files\ESET
    2014-09-05 13:34:43 -------- d-----w- c:\windows\ERUNT
    2014-09-05 13:27:28 -------- d-----w- C:\AdwCleaner
    2014-09-05 13:21:12 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-05 13:21:10 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
    2014-09-05 13:19:01 -------- d-----w- c:\program files\HitmanPro
    2014-09-05 13:18:33 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
    2014-09-05 13:12:04 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-05 13:11:51 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-05 13:11:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-05 13:11:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-09-05 12:44:34 -------- d-----w- c:\windows\system32\ReinstallBackups
    2014-09-05 12:44:27 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
    2014-09-05 12:44:18 0 ----a-w- c:\windows\ativpsrm.bin
    2014-09-05 12:39:35 -------- d-----w- c:\program files\ATI Technologies
    2014-09-05 12:39:34 -------- d-----w- c:\program files\ATI
    2014-09-05 12:38:33 -------- d-----w- C:\AMD
    2014-09-05 12:27:38 -------- d-----w- c:\windows\system32\Lang
    2014-09-05 12:23:58 -------- d-----w- c:\windows\system32\RTCOM
    2014-09-05 12:20:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-09-05 12:20:11 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-09-05 12:19:50 -------- d-----w- c:\program files\GIGABYTE
    2014-09-05 12:19:48 327168 ----a-w- c:\windows\IsUninst.exe
    2014-09-05 12:19:10 1531268 ----a-w- c:\documents and settings\all users\application data\1409916657.bdinstall.bin
    2014-09-05 12:17:37 -------- d-----w- c:\documents and settings\x\local settings\application data\Adobe
    2014-09-05 12:08:56 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2014-09-05 12:08:09 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2014-09-05 12:07:21 511328 ----a-w- c:\windows\capicom.dll
    2014-09-05 12:07:21 116688 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2014-09-05 12:07:20 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
    2014-09-05 12:07:20 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2014-09-05 12:07:20 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
    2014-09-05 12:07:20 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2014-09-05 12:06:46 528248 ----a-w- c:\windows\system32\drivers\avckf.sys
    2014-09-05 12:06:46 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
    2014-09-05 12:06:46 1060312 ----a-w- c:\windows\system32\drivers\avc3.sys
    2014-09-05 12:00:58 -------- d-----w- c:\documents and settings\x\application data\IDM
    2014-09-05 12:00:57 -------- d-----w- c:\documents and settings\x\application data\DMCache
    2014-09-05 12:00:49 -------- d-----w- c:\program files\Internet Download Manager
    .
    ==================== Find3M ====================
    .
    2014-09-05 11:19:55 17488 ----a-w- c:\windows\gdrv.sys
    2014-07-02 13:17:10 385096 ----a-w- c:\windows\system32\drivers\trufos.sys
    .
    ============= FINISH: 18:36:24.75 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2014 3:43:56 PM
    System Uptime: 9/8/2014 4:29:20 PM (2 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P41T-D3P
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 2999/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 50 GiB total, 42.505 GiB free.
    D: is FIXED (NTFS) - 50 GiB total, 49.575 GiB free.
    E: is FIXED (NTFS) - 147 GiB total, 14.375 GiB free.
    F: is FIXED (NTFS) - 147 GiB total, 1.356 GiB free.
    G: is FIXED (NTFS) - 147 GiB total, 6.856 GiB free.
    H: is FIXED (NTFS) - 147 GiB total, 43.133 GiB free.
    I: is FIXED (NTFS) - 243 GiB total, 33.674 GiB free.
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205D14F1&REV_01\4&BC67B8D&0&08F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205D14F1&REV_01\4&BC67B8D&0&08F0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_50011458&REV_01\3&13C0B0C5&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_50011458&REV_01\3&13C0B0C5&0&FB
    Service:
    .
    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: BitDefender AVC HV
    Device ID: ROOT\SYSTEM\0003
    Manufacturer: (Standard system devices)
    Name: BitDefender AVC HV
    PNP Device ID: ROOT\SYSTEM\0003
    Service: avchv
    .
    ==== System Restore Points ===================
    .
    RP1: 9/5/2014 3:46:50 PM - System Checkpoint
    RP2: 9/5/2014 3:54:39 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
    RP3: 9/5/2014 4:53:33 PM - Installed Realtek High Definition Audio Driver
    RP4: 9/7/2014 3:24:01 PM - Checkpoint by HitmanPro
    RP5: 9/7/2014 3:24:34 PM - Checkpoint by HitmanPro
    RP6: 9/7/2014 3:43:43 PM - Checkpoint by HitmanPro
    RP7: 9/8/2014 3:33:20 AM - Installed NEC Electronics USB 3.0 Host Controller Driver
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 141.0.174.38 xvideos.com
    Hosts: 141.0.174.39 www.xvideos.com
    Hosts: 141.0.173.209 static.xvideos.com
    Hosts: 199.16.156.198 twitter.com
    Hosts: 69.55.53.7 forum.xnxx.com
    Hosts: 69.55.52.190 multi.xnxx.com
    Hosts: 69.55.53.77 upload.xvideos.com
    Hosts: 141.0.173.148 trafficfactory.biz
    Hosts: 192.150.16.117 adobe.com
    Hosts: 95.211.170.250 ant.com
    Hosts: 69.50.139.162 rtalabel.org
    Hosts: 141.0.173.27 info.xvideos.com
    Hosts: 208.111.161.254 img100.xvideos.com
    Hosts: 208.111.160.6 img.xnxx.com
    Hosts: 69.55.53.238 jp.xvideos.com
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 14 Plugin
    AMD Catalyst Install Manager
    Bitdefender Total Security 2015
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Combat Arms EU
    DriverCD
    ESET Online Scanner v3
    HitmanPro 3.7
    Internet Download Manager
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 2.0
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 32.0 (x86 en-US)
    Mozilla Maintenance Service
    NEC Electronics USB 3.0 Host Controller Driver
    Nexon Game Manager
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB950760)
    SUPERAntiSpyware
    The KMPlayer (remove only)
    Update for Windows XP (KB898461)
    WebFldrs XP
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/7/2014 5:20:31 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    9/7/2014 5:19:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806373f1, parameter3 a9184b74, parameter4 00000000.
    9/7/2014 4:10:21 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa266.
    9/7/2014 3:51:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    9/7/2014 3:50:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 1C6F65C42783 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    9/6/2014 3:57:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/6/2014 2:31:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdselfpr BDVEDISK Fips intelppm trufos
    9/5/2014 4:22:27 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    9/5/2014 3:55:36 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -122474 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->64.4.10.33:123) is working properly.
    .
    ==== End Of File ===========================
     
  3. reuch

    reuch TS Rookie Topic Starter

    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=eaf43d80c417284d860e4b07e1638986
    # engine=19990
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-09-05 08:34:21
    # local_time=2014-09-06 01:04:21 (+0430, Afghanistan Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode_1='Bitdefender Antivirus'
    # compatibility_mode=2065 16777214 100 100 26940 113801839 0 0
    # scanned=188610
    # found=33
    # cleaned=33
    # scan_time=24438
    sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\X\Local Settings\Temp\AskSLib.dll"
    sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\GTA\IV\LaunchGTAIV.exe"
    sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\GTA\IV\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"
    sh=791B7D3A3CB9BE9FBDBBD2DFF2C195ACEADBCC8D ft=1 fh=6a00c32f0c396035 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Lord of The Ring\Conquest\Electronic Arts\The Lord of the Rings - Conquestâ„¢\Lord of the Rings Conquest Trainer.exe"
    sh=D51F50F2D0BC1DFF5659277CA9697569A9B2EA04 ft=1 fh=85f95d26c1810988 vn="a variant of Win32/GameHack.G potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Lord of The Ring\Return of the King\EA GAMES\LOTR The Return of the King tm\trainer.exe"
    sh=A6763AAAF5BFEE03CE1FC906FF77B8B21C00424D ft=1 fh=af5a7cf2fd2d8909 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Pro Street\Need for Speed ProStreet\Need for Speed ProStreet Trainer.EXE"
    sh=5C089E6A49418E2106FF28AA864A9D989BD98456 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\copsrnomatchnfsmega-ch.zip"
    sh=051912FB6B456B47772B18D775FAF5A64643464D ft=1 fh=4a4b5a3f4a7af138 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\Need For Speed Undercover Trainer.exe"
    sh=29A96C84301585D477A2CE34D994CA40D46C4699 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\needmetospeedunderyou-ch.zip"
    sh=C1871690CE8455F243209C24D17A30CA67FB6347 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\nfsunder79579437y-ch.zip"
    sh=3103BFBBA3BA743146C48BA4567AE2701ED56996 ft=1 fh=45183225fb78f8b0 vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\loader.exe"
    sh=7FDD99C503C97A10C1D2DD8CC1F690960492B24A ft=1 fh=45183225ae6066fb vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\Play_ASC2.exe"
    sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\ubiorbitapi_r2.dll"
    sh=16C5788BF201FBC553B7CABBA38F7AD45BD4133E ft=1 fh=26872aeadd1aea00 vn="a variant of Win32/Packed.VMProtect.ABD trojan (deleted - quarantined)" ac=C fn="G:\Watch Dogs PC full game ^^nosTEAM^^\Watch Dogs nosTEAM.part1.exe"
    sh=EAA45EBC55CB3F08D296046B9EDECD9739E044A8 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\game saves\LOTR.rar"
    sh=791B7D3A3CB9BE9FBDBBD2DFF2C195ACEADBCC8D ft=1 fh=6a00c32f0c396035 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\game saves\LOTR\Lord of the Rings Conquest Trainer.exe"
    sh=E7B7BE3D3FA2A5F914D103871379E528D0F79252 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\GTA IV 1.0.3.0 Crack + Patch\Crack.rar"
    sh=06586A975DD03695C96988C8E21CFB24CBCBC663 ft=1 fh=3674938796638cd0 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\GTA IV 1.0.3.0 Crack + Patch\Crack\LaunchGTAIV.exe"
    sh=F858A8033D8DE84D3E5ED62C9A4E7342AB0E40B1 ft=1 fh=250cfaef9f4db583 vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="I:\Games\Assasin's Creed\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassins Creed II installer.part1.exe"
    sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="I:\Games\Assasin's Creed\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\save\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
    sh=A260CF3CE0BBFEE5BBD7395BBB24CA547BB8B5ED ft=1 fh=4f81ae8ecf6ef9c9 vn="a variant of Win32/HackTool.Crack.CA potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\Hitman Absolution\Hitman.Absolution.Professional.Edition-MULTI8.Steam-Rip - Origins\Crack\steam_api.dll"
    sh=8170432A2CF3A88DFED381E5B1789CC3553C3637 ft=1 fh=e298e1623261b7a5 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\IV\IV source\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.exe"
    sh=57AAAF30078C1043544524C6D47C9E9E62367BC3 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\IV\IV source\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.rar"
    sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\Saints Row\IV\Saints.Row.IV-RELOADED\rld-saints4.iso"
    sh=C18557B90F466594FE3A04EDA93A3CEAD0E11DE6 ft=1 fh=62a3b04d7ef86a1b vn="Win32/DownWare.W potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\burn4free_setup.exe"
    sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="a variant of Win32/Hao123.A potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\FFSetup3.0.1.exe"
    sh=8170432A2CF3A88DFED381E5B1789CC3553C3637 ft=1 fh=e298e1623261b7a5 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.exe"
    sh=348797353CCFA7150BAC1A69BEBC2398383A9A8B ft=1 fh=9ff2e5caaf3b42d5 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\HSS-3.42-install-hss-561-conduit.exe"
    sh=B350B8179B20CC52031DE65C9EB3853A3E15C96F ft=1 fh=0e5f14944e7f82b8 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\kmp.exe"
    sh=E9A19A17B1B7921CCFFF92C740CE75D3AB7B60B7 ft=1 fh=3ec23fae3684cb1a vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\KMPlayer_3.3.0.33.exe"
    sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\Shockwave_Installer_Slim.exe"
    sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\Unlocker1.9.1.exe"
    sh=4E3F8292180A3C310DEDCF2ED54100267B9ABF43 ft=1 fh=4f944344161f9770 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\ccleaner prof\ccsetup405pro.exe"
     
  4. reuch

    reuch TS Rookie Topic Starter

    Code:
    HitmanPro 3.7.9.225
    www.hitmanpro.com
    
      Computer name . . . . : F
      Windows . . . . . . . : 5.1.3.2600.X86/2
      User name . . . . . . : F\X
      License . . . . . . . : Free
    
      Scan date . . . . . . : 2014-09-06 23:51:14
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 1m 55s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
    
      Threats . . . . . . . : 0
      Traces  . . . . . . . : 32
    
      Objects scanned . . . : 271,900
      Files scanned . . . . : 7,582
      Remnants scanned  . . : 32,356 files / 231,962 keys
    
    Suspicious files ____________________________________________________________
    
      C:\Documents and Settings\X\Desktop\FRST.exe
      Size . . . . . . . : 1,096,704 bytes
      Age  . . . . . . . : 0.0 days (2014-09-06 23:33:13)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 261D08658E82BE04E994129791C26C803FDDE0A6687499CCD5CAFE2B4887D384
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
      References
      HKU\S-1-5-21-1801674531-1897051121-1177238915-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\X\Desktop\FRST.exe
    
      C:\RECYCLER\S-1-5-21-1801674531-1897051121-1177238915-1003\Dc1.exe
      Size . . . . . . . : 2,104,832 bytes
      Age  . . . . . . . : 0.0 days (2014-09-06 23:28:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8EDFCF21D9F9DFA0C1ACAD177CE6369CC8E1E4C5B9E7DF6D8882C3D87D9D1D47
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
      Forensic Cluster
      -74.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\6E96DE308CFD827BE3C242C28D72BFCC544F2365
      -74.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BBE876F35D131F9319A953935A69033A4B57F764
      -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BC283D6D82807288B404768AD959A720D3CB40D6
      -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\8B605D184DB6347BAD234E7B186CF4132A5D9060
      -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\FE6ABB0F7CD60D8238CB5252CD0FF0CB99661D94
      -73.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\6811236D033294175A08BB2D25944C1E8C97B76E
      -73.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\095EA5848B974AF29AF6EE85284BACFD981DCA69
      -71.1s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E21D1AB9D62CB62144115AE370FD9CEE81B8C57A
      -70.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E92DB0BAEE7F03035FCB2166B0CCA6FCD5469241
      -43.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\3B42061B6FB013996BDD44F7A9DB56002178BAA4
      -33.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\57C3956349779BC97516C9148ECAEA304151C15E
      -30.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\F5BB1C4CBC6934A8B8FF86D674E94ADE039B114E
      -28.3s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\D151D0A3889BF870ECF094C4E35265549F7B7340
      -27.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\450A29C2A3B9E973236D7DEB42F140FDB9B4FF0F
      -15.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\thumbnails\306b8e7d42492677385562444186e425.png
      -10.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\990B126E1B5D32A2FED44A039169540B4594BA12
      -8.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BED4D087A45FE7917F2E3CB126DFB7174EAF2F63
      -8.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\8821E9331DB275C89901C579218FB9A05222858B
      -7.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\B704EF8A3B2D9CA708716C513B9D05C0BEF893A6
      -7.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
      -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E22B47A9402E9A3FB6B66521538C1D0622C652A5
      -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\4A0DAC96183366316515348776038E87089A48BD
      -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\CAA7BAABBF6494014B692F579F8531A9FED700F0
      -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\77C2F2D2E2FBC1B2318D8BCA3D8EB434C9FF2DEC
      -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\56D70B367E660BA9FED9F6405D389DF1010075E4
      -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\C91684E77CC67D325AEC006AD14B1A77860175BB
      -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\074E40A5D34AFC7545B3028F2BB89B6B5673216F
      -6.7s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\EDC52B15D0068637735889DA0275CA12BC64F3DB
      -6.3s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\384BD5A15CE6D8FC7884DD4909FD383D799C265D
      -5.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\A29878B052AF020EF20284BC39F1831A36121C1B
      -5.6s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\091B46DE0CDD8688FBFE5F215DC6F65EEF9622DF
      -5.1s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\86E62FE2A3C307F608231ED93FD409B35226A1FA
      -3.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\thumbnails\908b4dd137a3bc2f2b3b066eb094c295.png
      -1.6s C:\System Volume Information\_restore{4C0DD3A7-270E-47D4-915D-7F50264F29B8}\RP3\A0006341.dt
      0.0s C:\RECYCLER\S-1-5-21-1801674531-1897051121-1177238915-1003\Dc1.exe
      0.7s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\66A76F93159A4CCDD88A319925114269AF20371B
    
      C:\System Volume Information\_restore{4C0DD3A7-270E-47D4-915D-7F50264F29B8}\RP3\A0006342.exe
      Size . . . . . . . : 2,104,832 bytes
      Age  . . . . . . . : 0.0 days (2014-09-06 23:32:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8EDFCF21D9F9DFA0C1ACAD177CE6369CC8E1E4C5B9E7DF6D8882C3D87D9D1D47
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
    
    
    Cookies _____________________________________________________________________
    
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ad.360yield.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.creative-serving.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.ibtracking.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.pubmatic.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.yahoo.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:adtechus.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:advertising.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:at.atwola.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:burstnet.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:casalemedia.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:collective-media.net
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:doubleclick.net
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:engine.phn.doublepimp.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:exoclick.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:fastclick.net
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:kontera.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:mediaplex.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornhub.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornotube.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornotubecams.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:revsci.net
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ru4.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:serving-sys.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:smartadserver.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:statcounter.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:survey.g.doubleclick.net
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:userporn.com
      C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:www.pornotube.com
    
    
    
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...