Inactive Slippery trackers

[reuch]

So , about 9 months ago , I started to encounter a slow down in my pc performance , so many lags in my online gaming , then unlikely , the pop ads windows rain my desktop , regardless of the add blocker extensions in my browser ( Mozilla ) or the internet security I have ( BDF TS ) , then some sites start to be blocked , and I can only browse them from VPN stuff ( hide my as.s - Anonymo X browser extension - Tor browser , etc ) , then One Day I opened my mozilla to get a connection disconnection page !!! little did I know at this time , encountering this for the time in my life , so a safe mode was my first alternative choice , and the next thing I knew I really could connect to my internet in the safe mode !!


later after googling I know it was malware , I headed for a bunch of real-time & On-demand antivirus softwares , but the trend seems the same in most of them , when the software is freshly installed it is like Mr.Muscle catching some crap after the scan , but after 1 or 2 formats , it is a full time wasted drunk safety inspector , confirming that ur system is as clean as junky slu* -_-


when this all started , I just had the BDF TS , so the first scan showed a bunch of PUP , a small cocktail of trojan generic ( about 4 types ) , then on second time scan it showed nothing , at the same time my internet was out of service in the normal mode !!! so for the first time I tried the mbam and after first scan in the safe mode , my internet was reachable again in normal mode , but still though the blocked sites and the spam of pop up ads didnt stop !


so as usual the dumb easy solution I always run to , is formatting my system drive , installing fresh copy of windows , which really worked in the first time , but after a couple of days , the sites block , pop ads spam , the high ping and gaming lag are back again , and 2 days later the internet was off again ! a mbam scan in the safe mode showed nothing this time !!
a couple of tardy formats later , I went back to a cave age win xp version ( my current state ) , which also showed no change , but the new crap was that the KIS and mbam both went crazy , notifying me that they both database are out of date , regardless of how many times I update them , nothing gives -_- , just also for informing you , my dvd is broken , so in order to format each time , I format my system drive using a CD win xp , then I install win 7 from a copy on my hard disk , which means the source of my win 7 is jammed among the all that crap


later I installed a party of on-demand scan software on my pc , and where rouge killer caught about 4 tracker cookies , the hitman pro caught a lot of tracker cookies , eset on demand caught 33 infection ( pup included )where a variant of packed trojan AAA , ABD were identified Whilst the other softwares caught nothing ! but all logs are included


Well , after a 10 month struggle , the thing that is killing me mostly is the sites blockage , which I believe the damn ****** tracker cookies are the cause for that ! I dont know if u can help after all that , but I am desperate to the max , I dont care for watever happens next , if u can stop the site block , then u will be my guardian angles !using proxies , VPN is a straight way suicidal , I cant open a lot sites , especially the streaming ones , on some sites I got streaming error message like " this video is not available now " , or " streaming server error " , on other sites the videos work normally , but the related videos thumbnails are broken ! all the videos thumbnails on these sites are broken ! ONCE I HIDE MY IP ALL THIS IS GONE !


if u can nominate a non-provocative blind real-time internet security software , even before all this started , the BDF TS went crazy blocking most of my apps , regardless of the exception I make in its firewall , and I finally I had to remove it , and when I substituted it with the KIS , things went worse -_-



All I want is help to surf the internet without hidden identity , without being blocked !

 

[reuch]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16674
Run by X at 18:34:23 on 2014-09-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2217 [GMT 4.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxapps.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender 2015\bdwtxag.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender 2015\bdagent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /I:U shell32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CF609D1E-97DD-4B77-AF6C-24905EF17D10} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 141.0.174.38 xvideos.com
Hosts: 141.0.174.39 www.xvideos.com
Hosts: 141.0.173.209 static.xvideos.com
Hosts: 199.16.156.198 twitter.com
Hosts: 69.55.53.7 forum.xnxx.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\x\application data\mozilla\firefox\profiles\l83mi5s4.default\
FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\documents and settings\x\application data\mozilla\firefox\profiles\l83mi5s4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-9-5 1060312]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-9-5 165744]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\bin\a2ddax86.sys [2014-9-6 22056]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2014-9-5 72704]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-8-31 109768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-23 142648]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-9-5 106248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-5 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-5 860472]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2015\updatesrv.exe [2014-9-5 54424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2014-9-5 99856]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-9-5 528248]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2014-9-5 116688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-5 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-5 110296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-9-5 1691480]
S3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-9-5 242504]
S3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2015\bdparentalservice.exe [2014-9-5 69880]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-9-5 66832]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2014-9-6 50200]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
=============== Created Last 30 ================
.
2014-09-08 00:35:09 -------- d-----w- c:\documents and settings\x\local settings\application data\Identities
2014-09-07 23:08:30 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2014-09-07 23:03:25 -------- d-----w- c:\program files\NEC Electronics
2014-09-07 13:08:08 -------- d-----w- c:\documents and settings\all users\application data\Nexon
2014-09-07 12:50:46 -------- d-----w- c:\documents and settings\all users\application data\NexonEU
2014-09-07 11:48:06 -------- d-----w- c:\documents and settings\x\application data\SUPERAntiSpyware.com
2014-09-07 11:47:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-09-07 11:47:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-09-07 10:54:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-09-07 10:41:51 -------- d-----w- c:\documents and settings\x\local settings\application data\Google
2014-09-06 19:04:00 -------- d-----w- C:\FRST
2014-09-05 23:30:10 -------- d-----w- c:\documents and settings\x\local settings\application data\ATI
2014-09-05 21:02:14 -------- d-----w- C:\EEK
2014-09-05 13:41:08 -------- d-----w- c:\program files\ESET
2014-09-05 13:34:43 -------- d-----w- c:\windows\ERUNT
2014-09-05 13:27:28 -------- d-----w- C:\AdwCleaner
2014-09-05 13:21:12 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-05 13:21:10 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-09-05 13:19:01 -------- d-----w- c:\program files\HitmanPro
2014-09-05 13:18:33 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2014-09-05 13:12:04 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-05 13:11:51 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-05 13:11:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-05 13:11:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-05 12:44:34 -------- d-----w- c:\windows\system32\ReinstallBackups
2014-09-05 12:44:27 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2014-09-05 12:44:18 0 ----a-w- c:\windows\ativpsrm.bin
2014-09-05 12:39:35 -------- d-----w- c:\program files\ATI Technologies
2014-09-05 12:39:34 -------- d-----w- c:\program files\ATI
2014-09-05 12:38:33 -------- d-----w- C:\AMD
2014-09-05 12:27:38 -------- d-----w- c:\windows\system32\Lang
2014-09-05 12:23:58 -------- d-----w- c:\windows\system32\RTCOM
2014-09-05 12:20:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-05 12:20:11 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-05 12:19:50 -------- d-----w- c:\program files\GIGABYTE
2014-09-05 12:19:48 327168 ----a-w- c:\windows\IsUninst.exe
2014-09-05 12:19:10 1531268 ----a-w- c:\documents and settings\all users\application data\1409916657.bdinstall.bin
2014-09-05 12:17:37 -------- d-----w- c:\documents and settings\x\local settings\application data\Adobe
2014-09-05 12:08:56 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2014-09-05 12:08:09 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2014-09-05 12:07:21 511328 ----a-w- c:\windows\capicom.dll
2014-09-05 12:07:21 116688 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2014-09-05 12:07:20 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-09-05 12:07:20 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-09-05 12:07:20 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-09-05 12:07:20 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-09-05 12:06:46 528248 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-09-05 12:06:46 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-09-05 12:06:46 1060312 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-09-05 12:00:58 -------- d-----w- c:\documents and settings\x\application data\IDM
2014-09-05 12:00:57 -------- d-----w- c:\documents and settings\x\application data\DMCache
2014-09-05 12:00:49 -------- d-----w- c:\program files\Internet Download Manager
.
==================== Find3M ====================
.
2014-09-05 11:19:55 17488 ----a-w- c:\windows\gdrv.sys
2014-07-02 13:17:10 385096 ----a-w- c:\windows\system32\drivers\trufos.sys
.
============= FINISH: 18:36:24.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2014 3:43:56 PM
System Uptime: 9/8/2014 4:29:20 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P41T-D3P
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 2999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 42.505 GiB free.
D: is FIXED (NTFS) - 50 GiB total, 49.575 GiB free.
E: is FIXED (NTFS) - 147 GiB total, 14.375 GiB free.
F: is FIXED (NTFS) - 147 GiB total, 1.356 GiB free.
G: is FIXED (NTFS) - 147 GiB total, 6.856 GiB free.
H: is FIXED (NTFS) - 147 GiB total, 43.133 GiB free.
I: is FIXED (NTFS) - 243 GiB total, 33.674 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205D14F1&REV_01\4&BC67B8D&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205D14F1&REV_01\4&BC67B8D&0&08F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_50011458&REV_01\3&13C0B0C5&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_50011458&REV_01\3&13C0B0C5&0&FB
Service:
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: BitDefender AVC HV
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: BitDefender AVC HV
PNP Device ID: ROOT\SYSTEM\0003
Service: avchv
.
==== System Restore Points ===================
.
RP1: 9/5/2014 3:46:50 PM - System Checkpoint
RP2: 9/5/2014 3:54:39 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP3: 9/5/2014 4:53:33 PM - Installed Realtek High Definition Audio Driver
RP4: 9/7/2014 3:24:01 PM - Checkpoint by HitmanPro
RP5: 9/7/2014 3:24:34 PM - Checkpoint by HitmanPro
RP6: 9/7/2014 3:43:43 PM - Checkpoint by HitmanPro
RP7: 9/8/2014 3:33:20 AM - Installed NEC Electronics USB 3.0 Host Controller Driver
.
==== Hosts File Hijack ======================
.
Hosts: 141.0.174.38 xvideos.com
Hosts: 141.0.174.39 www.xvideos.com
Hosts: 141.0.173.209 static.xvideos.com
Hosts: 199.16.156.198 twitter.com
Hosts: 69.55.53.7 forum.xnxx.com
Hosts: 69.55.52.190 multi.xnxx.com
Hosts: 69.55.53.77 upload.xvideos.com
Hosts: 141.0.173.148 trafficfactory.biz
Hosts: 192.150.16.117 adobe.com
Hosts: 95.211.170.250 ant.com
Hosts: 69.50.139.162 rtalabel.org
Hosts: 141.0.173.27 info.xvideos.com
Hosts: 208.111.161.254 img100.xvideos.com
Hosts: 208.111.160.6 img.xnxx.com
Hosts: 69.55.53.238 jp.xvideos.com
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
AMD Catalyst Install Manager
Bitdefender Total Security 2015
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combat Arms EU
DriverCD
ESET Online Scanner v3
HitmanPro 3.7
Internet Download Manager
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 2.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0 (x86 en-US)
Mozilla Maintenance Service
NEC Electronics USB 3.0 Host Controller Driver
Nexon Game Manager
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
SUPERAntiSpyware
The KMPlayer (remove only)
Update for Windows XP (KB898461)
WebFldrs XP
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/7/2014 5:20:31 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/7/2014 5:19:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806373f1, parameter3 a9184b74, parameter4 00000000.
9/7/2014 4:10:21 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa266.
9/7/2014 3:51:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
9/7/2014 3:50:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 1C6F65C42783 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/6/2014 3:57:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/6/2014 2:31:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdselfpr BDVEDISK Fips intelppm trufos
9/5/2014 4:22:27 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
9/5/2014 3:55:36 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -122474 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->64.4.10.33:123) is working properly.
.
==== End Of File ===========================

 

[reuch]

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eaf43d80c417284d860e4b07e1638986
# engine=19990
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-05 08:34:21
# local_time=2014-09-06 01:04:21 (+0430, Afghanistan Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2065 16777214 100 100 26940 113801839 0 0
# scanned=188610
# found=33
# cleaned=33
# scan_time=24438
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\X\Local Settings\Temp\AskSLib.dll"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\GTA\IV\LaunchGTAIV.exe"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\GTA\IV\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=791B7D3A3CB9BE9FBDBBD2DFF2C195ACEADBCC8D ft=1 fh=6a00c32f0c396035 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Lord of The Ring\Conquest\Electronic Arts\The Lord of the Rings - Conquest™\Lord of the Rings Conquest Trainer.exe"
sh=D51F50F2D0BC1DFF5659277CA9697569A9B2EA04 ft=1 fh=85f95d26c1810988 vn="a variant of Win32/GameHack.G potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Lord of The Ring\Return of the King\EA GAMES\LOTR The Return of the King tm\trainer.exe"
sh=A6763AAAF5BFEE03CE1FC906FF77B8B21C00424D ft=1 fh=af5a7cf2fd2d8909 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Pro Street\Need for Speed ProStreet\Need for Speed ProStreet Trainer.EXE"
sh=5C089E6A49418E2106FF28AA864A9D989BD98456 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\copsrnomatchnfsmega-ch.zip"
sh=051912FB6B456B47772B18D775FAF5A64643464D ft=1 fh=4a4b5a3f4a7af138 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\Need For Speed Undercover Trainer.exe"
sh=29A96C84301585D477A2CE34D994CA40D46C4699 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\needmetospeedunderyou-ch.zip"
sh=C1871690CE8455F243209C24D17A30CA67FB6347 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NFS\Undercover\nfsunder79579437y-ch.zip"
sh=3103BFBBA3BA743146C48BA4567AE2701ED56996 ft=1 fh=45183225fb78f8b0 vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\loader.exe"
sh=7FDD99C503C97A10C1D2DD8CC1F690960492B24A ft=1 fh=45183225ae6066fb vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\Play_ASC2.exe"
sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="G:\Assassin's Creed\Assassin's Creed II\Assassin's Creed II\ubiorbitapi_r2.dll"
sh=16C5788BF201FBC553B7CABBA38F7AD45BD4133E ft=1 fh=26872aeadd1aea00 vn="a variant of Win32/Packed.VMProtect.ABD trojan (deleted - quarantined)" ac=C fn="G:\Watch Dogs PC full game ^^nosTEAM^^\Watch Dogs nosTEAM.part1.exe"
sh=EAA45EBC55CB3F08D296046B9EDECD9739E044A8 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\game saves\LOTR.rar"
sh=791B7D3A3CB9BE9FBDBBD2DFF2C195ACEADBCC8D ft=1 fh=6a00c32f0c396035 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\game saves\LOTR\Lord of the Rings Conquest Trainer.exe"
sh=E7B7BE3D3FA2A5F914D103871379E528D0F79252 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\GTA IV 1.0.3.0 Crack + Patch\Crack.rar"
sh=06586A975DD03695C96988C8E21CFB24CBCBC663 ft=1 fh=3674938796638cd0 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\data\Saves\GTA IV 1.0.3.0 Crack + Patch\Crack\LaunchGTAIV.exe"
sh=F858A8033D8DE84D3E5ED62C9A4E7342AB0E40B1 ft=1 fh=250cfaef9f4db583 vn="a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined)" ac=C fn="I:\Games\Assasin's Creed\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassins Creed II installer.part1.exe"
sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="I:\Games\Assasin's Creed\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\save\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
sh=A260CF3CE0BBFEE5BBD7395BBB24CA547BB8B5ED ft=1 fh=4f81ae8ecf6ef9c9 vn="a variant of Win32/HackTool.Crack.CA potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\Hitman Absolution\Hitman.Absolution.Professional.Edition-MULTI8.Steam-Rip - Origins\Crack\steam_api.dll"
sh=8170432A2CF3A88DFED381E5B1789CC3553C3637 ft=1 fh=e298e1623261b7a5 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\IV\IV source\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.exe"
sh=57AAAF30078C1043544524C6D47C9E9E62367BC3 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\IV\IV source\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="I:\Games\Saints Row\IV\Saints.Row.IV-RELOADED\rld-saints4.iso"
sh=C18557B90F466594FE3A04EDA93A3CEAD0E11DE6 ft=1 fh=62a3b04d7ef86a1b vn="Win32/DownWare.W potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\burn4free_setup.exe"
sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="a variant of Win32/Hao123.A potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\FFSetup3.0.1.exe"
sh=8170432A2CF3A88DFED381E5B1789CC3553C3637 ft=1 fh=e298e1623261b7a5 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\GTA-IV-PC-Cracker-by-Lycrizz-V1.2.exe"
sh=348797353CCFA7150BAC1A69BEBC2398383A9A8B ft=1 fh=9ff2e5caaf3b42d5 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\HSS-3.42-install-hss-561-conduit.exe"
sh=B350B8179B20CC52031DE65C9EB3853A3E15C96F ft=1 fh=0e5f14944e7f82b8 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\kmp.exe"
sh=E9A19A17B1B7921CCFFF92C740CE75D3AB7B60B7 ft=1 fh=3ec23fae3684cb1a vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\KMPlayer_3.3.0.33.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\Shockwave_Installer_Slim.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON potentially unwanted application (deleted - quarantined)" ac=C fn="I:\programmes\Unlocker1.9.1.exe"
sh=4E3F8292180A3C310DEDCF2ED54100267B9ABF43 ft=1 fh=4f944344161f9770 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="I:\programmes\ccleaner prof\ccsetup405pro.exe"

 

[reuch]

HitmanPro 3.7.9.225
www.hitmanpro.com

  Computer name . . . . : F
  Windows . . . . . . . : 5.1.3.2600.X86/2
  User name . . . . . . : F\X
  License . . . . . . . : Free

  Scan date . . . . . . : 2014-09-06 23:51:14
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 1m 55s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 32

  Objects scanned . . . : 271,900
  Files scanned . . . . : 7,582
  Remnants scanned  . . : 32,356 files / 231,962 keys

Suspicious files ____________________________________________________________

  C:\Documents and Settings\X\Desktop\FRST.exe
  Size . . . . . . . : 1,096,704 bytes
  Age  . . . . . . . : 0.0 days (2014-09-06 23:33:13)
  Entropy  . . . . . : 8.0
  SHA-256  . . . . . : 261D08658E82BE04E994129791C26C803FDDE0A6687499CCD5CAFE2B4887D384
  Needs elevation  . : Yes
  Fuzzy  . . . . . . : 24.0
  Program has no publisher information but prompts the user for permission elevation.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  Version control is missing. This file is probably created by an individual. This is not typical for most programs.
  Time indicates that the file appeared recently on this computer.
  References
  HKU\S-1-5-21-1801674531-1897051121-1177238915-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\X\Desktop\FRST.exe

  C:\RECYCLER\S-1-5-21-1801674531-1897051121-1177238915-1003\Dc1.exe
  Size . . . . . . . : 2,104,832 bytes
  Age  . . . . . . . : 0.0 days (2014-09-06 23:28:27)
  Entropy  . . . . . : 7.5
  SHA-256  . . . . . : 8EDFCF21D9F9DFA0C1ACAD177CE6369CC8E1E4C5B9E7DF6D8882C3D87D9D1D47
  Needs elevation  . : Yes
  Fuzzy  . . . . . . : 24.0
  Program has no publisher information but prompts the user for permission elevation.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  Version control is missing. This file is probably created by an individual. This is not typical for most programs.
  Time indicates that the file appeared recently on this computer.
  Forensic Cluster
  -74.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\6E96DE308CFD827BE3C242C28D72BFCC544F2365
  -74.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BBE876F35D131F9319A953935A69033A4B57F764
  -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BC283D6D82807288B404768AD959A720D3CB40D6
  -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\8B605D184DB6347BAD234E7B186CF4132A5D9060
  -74.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\FE6ABB0F7CD60D8238CB5252CD0FF0CB99661D94
  -73.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\6811236D033294175A08BB2D25944C1E8C97B76E
  -73.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\095EA5848B974AF29AF6EE85284BACFD981DCA69
  -71.1s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E21D1AB9D62CB62144115AE370FD9CEE81B8C57A
  -70.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E92DB0BAEE7F03035FCB2166B0CCA6FCD5469241
  -43.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\3B42061B6FB013996BDD44F7A9DB56002178BAA4
  -33.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\57C3956349779BC97516C9148ECAEA304151C15E
  -30.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\F5BB1C4CBC6934A8B8FF86D674E94ADE039B114E
  -28.3s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\D151D0A3889BF870ECF094C4E35265549F7B7340
  -27.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\450A29C2A3B9E973236D7DEB42F140FDB9B4FF0F
  -15.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\thumbnails\306b8e7d42492677385562444186e425.png
  -10.4s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\990B126E1B5D32A2FED44A039169540B4594BA12
  -8.5s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\BED4D087A45FE7917F2E3CB126DFB7174EAF2F63
  -8.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\8821E9331DB275C89901C579218FB9A05222858B
  -7.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\B704EF8A3B2D9CA708716C513B9D05C0BEF893A6
  -7.8s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
  -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\E22B47A9402E9A3FB6B66521538C1D0622C652A5
  -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\4A0DAC96183366316515348776038E87089A48BD
  -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\CAA7BAABBF6494014B692F579F8531A9FED700F0
  -7.2s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\77C2F2D2E2FBC1B2318D8BCA3D8EB434C9FF2DEC
  -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\56D70B367E660BA9FED9F6405D389DF1010075E4
  -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\C91684E77CC67D325AEC006AD14B1A77860175BB
  -7.0s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\074E40A5D34AFC7545B3028F2BB89B6B5673216F
  -6.7s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\EDC52B15D0068637735889DA0275CA12BC64F3DB
  -6.3s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\384BD5A15CE6D8FC7884DD4909FD383D799C265D
  -5.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\A29878B052AF020EF20284BC39F1831A36121C1B
  -5.6s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\091B46DE0CDD8688FBFE5F215DC6F65EEF9622DF
  -5.1s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\86E62FE2A3C307F608231ED93FD409B35226A1FA
  -3.9s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\thumbnails\908b4dd137a3bc2f2b3b066eb094c295.png
  -1.6s C:\System Volume Information\_restore{4C0DD3A7-270E-47D4-915D-7F50264F29B8}\RP3\A0006341.dt
  0.0s C:\RECYCLER\S-1-5-21-1801674531-1897051121-1177238915-1003\Dc1.exe
  0.7s C:\Documents and Settings\X\Local Settings\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cache2\entries\66A76F93159A4CCDD88A319925114269AF20371B

  C:\System Volume Information\_restore{4C0DD3A7-270E-47D4-915D-7F50264F29B8}\RP3\A0006342.exe
  Size . . . . . . . : 2,104,832 bytes
  Age  . . . . . . . : 0.0 days (2014-09-06 23:32:12)
  Entropy  . . . . . : 7.5
  SHA-256  . . . . . : 8EDFCF21D9F9DFA0C1ACAD177CE6369CC8E1E4C5B9E7DF6D8882C3D87D9D1D47
  Needs elevation  . : Yes
  Fuzzy  . . . . . . : 24.0
  Program has no publisher information but prompts the user for permission elevation.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  Version control is missing. This file is probably created by an individual. This is not typical for most programs.
  Time indicates that the file appeared recently on this computer.


Cookies _____________________________________________________________________

  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ad.360yield.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.creative-serving.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.ibtracking.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.pubmatic.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ads.yahoo.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:adtechus.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:advertising.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:at.atwola.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:burstnet.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:casalemedia.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:collective-media.net
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:doubleclick.net
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:engine.phn.doublepimp.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:exoclick.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:fastclick.net
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:kontera.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:mediaplex.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornhub.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornotube.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:pornotubecams.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:revsci.net
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:ru4.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:serving-sys.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:smartadserver.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:statcounter.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:survey.g.doubleclick.net
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:userporn.com
  C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\l83mi5s4.default\cookies.sqlite:www.pornotube.com

 

[Broni]

Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.