Jump to content

Trojan.Malpack.Gen detected


Recommended Posts

Hello ArmandFlorin and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

This is the FRST log. When you found the C:\fjlmbo, that's the theart.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015
Ran by Administrator (administrator) on E0290DC24C4340B (30-07-2015 09:42:36)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator &  (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2528192 2015-06-30] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [104744 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [237568 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1202660629-1659004503-1801674531-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3770640 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3770640 2014-03-04] (Disc Soft Ltd)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\RocketDock.lnk [2014-04-24]
ShortcutTarget: RocketDock.lnk -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1202660629-1659004503-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> DefaultScope {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO: Asistenţă legături Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://89.122.7.83/DvrOcx.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.1\ViProtocol.dll [2015-05-18] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{468D6B1D-59C3-497E-9D28-BDC04E0679E4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 

More coming in next replys (too much text)

Link to post
Share on other sites

Sorry, but some squares in the text weren't letting me to paste the text, so I fixed it. Here is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015
Ran by Administrator (administrator) on E0290DC24C4340B (30-07-2015 09:42:36)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator &  (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2528192 2015-06-30] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [104744 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [237568 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1202660629-1659004503-1801674531-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3770640 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3770640 2014-03-04] (Disc Soft Ltd)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\RocketDock.lnk [2014-04-24]
ShortcutTarget: RocketDock.lnk -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1202660629-1659004503-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> DefaultScope {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO: Asistenţă legături Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1202660629-1659004503-1801674531-500 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://89.122.7.83/DvrOcx.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.1\ViProtocol.dll [2015-05-18] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{468D6B1D-59C3-497E-9D28-BDC04E0679E4}: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: MyPlayCity
FF Homepage: about:home
FF Keyword.URL: hxxp://start.myplaycity.com/results.php?category=web&s=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-04] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.1\\npsitesafety.dll No File
FF Plugin HKU\S-1-5-21-1202660629-1659004503-1801674531-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1202660629-1659004503-1801674531-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\user.js [2015-06-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2001-09-10] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\cutare-video-youtube.xml [2014-11-14]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\dex---dictionar-online-al-limbii-romane.xml [2014-10-30]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\google-traducere.xml [2014-10-28]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\gta-wiki-en.xml [2014-12-23]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\kickassto.xml [2014-10-24]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\max-payne-wiki-en.xml [2014-12-05]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\myplaycity.xml [2015-04-05]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\plants-vs-zombies-wiki-en.xml [2015-03-08]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\softonic-en.xml [2014-11-12]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\team-fortress-wiki-en.xml [2015-05-04]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\searchplugins\wolframalpha.xml [2015-04-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipediaro.xml [2015-04-10]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-30]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-06-18]
FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-11]
FF Extension: Ghostery - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\Extensions\firefox@ghostery.com.xpi [2014-11-07]
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3d2ma0ib.default-1413563717299\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Angry Birds) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-04-01]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-01]
CHR Extension: (Please enter your password) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-04-01]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (Tab Manager) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2015-04-01]
CHR Extension: (Calculator) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\copciehbkikbfnppdndaegnlgkelahfe [2015-04-01]
CHR Extension: (Glow Hockey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehigjpmjemaaeimjohcnfcfofahooiip [2015-04-01]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2015-06-16]
CHR Extension: (Clock for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2015-04-01]
CHR Extension: (PanicButton) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-04-01]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Digital Clock) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2015-04-01]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej [2015-04-01]
CHR Extension: (Stopwatch) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2015-04-01]
CHR Extension: (Google Keep - notes and lists) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-04-01]
CHR Extension: (Cut the Rope) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2015-04-01]
CHR Extension: (Speedtest.net) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kabkiphacephdnjaeciclbmkkmacoebe [2015-04-01]
CHR Extension: (Grass) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-04-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-01]
CHR Extension: (Camera) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ofmpffnppnlgkgmbgidhhjcglloeejpg [2015-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

Opera:
=======
OPR Extension: (WOT) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-01-16]
OPR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1526936 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater3.2.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\ToolbarUpdater.exe [1828800 2015-05-18] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [379726 2013-01-04] (C-Media Inc)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-10] (Disc Soft Ltd)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-03] (Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29600 2014-03-04] (IObit)
R2 MarxDev1; C:\WINDOWS\system32\Drivers\MarxDev1.sys [8864 2001-05-28] () [File not signed]
R2 MarxDev2; C:\WINDOWS\system32\Drivers\MarxDev2.sys [8864 2001-05-28] () [File not signed]
R2 MarxDev3; C:\WINDOWS\system32\Drivers\MarxDev3.sys [8864 2001-05-28] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-30] (Malwarebytes Corporation)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2014-07-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 amsint32; \??\C:\WINDOWS\system32\drivers\gigmn.sys [X]
S3 MMRTKRNL; system32\drivers\mmrtkrnl.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys A10C7534F7223F4A73A948967D00E69B
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 841F385C6CFAF66B58FBD898722BB4F0
C:\WINDOWS\System32\drivers\afd.sys 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\System32\DRIVERS\agp440.sys 2C428FA0C3E3A01ED93C9B2A27D8D4BB
C:\WINDOWS\system32\Drivers\Aspi32.sys 20D04091EBA710F6988F710507D85868
C:\WINDOWS\System32\DRIVERS\asyncmac.sys 02000ABF34AF4C218C35D257024807D6
C:\WINDOWS\System32\DRIVERS\atapi.sys CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\System32\DRIVERS\atmarpc.sys EC88DA854AB7D7752EC8BE11A741BB7F
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\avgdiskx.sys 6FF619B5DD6C05DB3D8BA4888EE06B03
C:\WINDOWS\System32\DRIVERS\avgfwdx.sys 8BE661C16FBF84A73BCEC84B6B4A9DB5
C:\WINDOWS\System32\DRIVERS\avgfwdx.sys 8BE661C16FBF84A73BCEC84B6B4A9DB5
C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys 95ED70CAFE37A4403E3C5F7997BC12CC
C:\WINDOWS\System32\DRIVERS\avgidshx.sys 5F122F67CA4A675DC1D0D0A92E3A2649
C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys 73071EDF26739B6A364A4FA2C1744500
C:\WINDOWS\System32\DRIVERS\avgldx86.sys 5897D0F8F83A9FD81F48F64324221EC9
C:\WINDOWS\System32\DRIVERS\avglogx.sys B14F65F3ADBABCA40EABDFF7E7BFCD78
C:\WINDOWS\System32\DRIVERS\avgmfx86.sys F17B8021ABE1A0735F23D58089CF9A4F
C:\WINDOWS\System32\DRIVERS\avgrkx86.sys 33744E25E83260527272125F5624FFC6
C:\WINDOWS\System32\DRIVERS\avgtdix.sys 447EBE39752B0AEC7D646F4CF4D8AA19
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys CD7D5152DF32B47F4E36F710B35AAE02
C:\WINDOWS\System32\DRIVERS\cdrom.ssys AF9C19B3100FE010496B1A27181FBF72
C:\WINDOWS\System32\drivers\cmaudio.sys FD40439BB258B9AA9AD314BF5948EF46
C:\WINDOWS\system32\drivers\cpuz135_x32.sys 6BADA94085B6709694F8327C211D12E1
C:\WINDOWS\System32\DRIVERS\disk.sys 00CA44E4534865F8A3B64F7C0984BFF0
C:\WINDOWS\System32\drivers\dmboot.sys C0FBB516E06E243F0CF31F597E7EBF7D
C:\WINDOWS\System32\drivers\dmio.sys F5E7B358A732D09F4BCF2824B88B9E28
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys A6F881284AC1150E37D9AE47FF601267
C:\WINDOWS\System32\drivers\drmkaud.sys 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys 00C161B3D20AE0F9C7C3C0EB53AB7155
C:\WINDOWS\System32\DRIVERS\e100b325.sys 83403675CAB29E7A4B885B11E7C855D8
C:\WINDOWS\system32\Drivers\Fastfat.sys 3117F595E9615E04F05A54FC15A03B20
C:\WINDOWS\System32\DRIVERS\fdc.sys CED2E8396A8838E59D8FD529C680E02C
C:\WINDOWS\system32\Drivers\Fips.sys E153AB8A11DE5452BCF5AC7652DBF3ED
C:\WINDOWS\system32\Drivers\Flpydisk.sys 0DD1DE43115B93F4D85E889D7A86F548
C:\WINDOWS\System32\DRIVERS\fltMgr.sys 157754F0DF355A9E0A6F54721914F9C6
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 5F92FD09E5610A5995DA7D775EADCD12
C:\WINDOWS\System32\DRIVERS\msgpc.sys C0F1D4A21DE5A415DF8170616703DEBF
C:\WINDOWS\System32\DRIVERS\hidusb.sys 1DE6783B918F540149AA69943BDFEBA8
C:\WINDOWS\System32\Drivers\HTTP.sys C19B522A9AE0BBC3293397F3055E80A1
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\System32\DRIVERS\imapi.sys F8AA320C6A0409C0380E5D8A99D76EC6
C:\WINDOWS\System32\DRIVERS\intelide.sys 2D722B2B54AB55B2FA475EB58D7B2AAD
C:\WINDOWS\System32\DRIVERS\intelppm.sys 279FB78702454DFF2BB445F238C048D2
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys 848690CA707B4850C967E3217F285FCC
C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 4448006B6BC60E6C027932CFC38D6855
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys E1EC7F5DA720B640CD8FB8424F1B14BB
C:\WINDOWS\System32\DRIVERS\ipnat.sys B5A8E215AC29D24D60B4D1250EF05ACE
C:\WINDOWS\System32\DRIVERS\ipsec.sys 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\System32\DRIVERS\irenum.sys 50708DAA1B1CBB7D6AC1CF8F56A24410
C:\WINDOWS\System32\DRIVERS\isapnp.sys E504F706CCB699C2596E9A3DA1596E87
C:\WINDOWS\System32\DRIVERS\kbdclass.sys EBDEE8A2EE5393890A1ACEE971C4C246
C:\WINDOWS\System32\DRIVERS\kbdhid.sys E182FA8E49E8EE41B4ADC53093F3C7E6
C:\WINDOWS\System32\drivers\kmixer.sys D93CAD07C5683DB066B0B2D2D3790EAD
C:\WINDOWS\system32\Drivers\KSecDD.sys EB7FFE87FD367EA8FCA0506F74A87FBB
C:\WINDOWS\system32\Drivers\MarxDev1.sys 26A37B0908D51FBA155F7F4F8F083831
C:\WINDOWS\system32\Drivers\MarxDev2.sys 5FF6FA2A45BF06FFC2274EEE798A97AE
C:\WINDOWS\system32\Drivers\MarxDev3.sys A3961D03BFF1A0690466E4C70C6092AD
C:\WINDOWS\system32\drivers\mbam.sys B4CD87E78A01562E3DA67FE1C2779204
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 739164A8B8FB2F1B50A498F20AF7B21E
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys 6FC6F9D7ACC36DCA9B914565A3AEDA05
C:\WINDOWS\System32\DRIVERS\mouclass.sys 34E1F0031153E491910E12551400192C
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys 65653F3B4477F3C63E68A9659F85EE2E
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 46EDCC8F2DB2F322C24F48785CB46366
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 1FD607FC67F7F7C633C3DA65BFC53D18
C:\WINDOWS\system32\Drivers\Msfs.sys 561B3A4333CA2DBDBA28B5B956822519
C:\WINDOWS\System32\drivers\MSKSSRV.sys AE431A8DD3C1D0D0610CDBAC16057AD0
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 13E75FEF9DFEB08EEDED9D0246E1F448
C:\WINDOWS\System32\drivers\MSPQM.sys 1988A33FF19242576C3D0EF9CE785DA7
C:\WINDOWS\System32\DRIVERS\mssmbios.sys 469541F8BFD2B32659D5D463A6714BCE
C:\WINDOWS\system32\Drivers\Mup.sys 82035E0F41C2DD05AE41D27FE6CF7DE1
C:\WINDOWS\system32\Drivers\NDIS.sys 558635D3AF1C7546D26067D5D9B6959E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 08D43BBDACDF23F34D79E44ED35C1B4C
C:\WINDOWS\System32\DRIVERS\ndisuio.sys 34D6CD56409DA9A7ED573E1C90A308BF
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 0B90E255A9490166AB368CD55A529893
C:\WINDOWS\system32\Drivers\NDProxy.sys 59FC3FB44D2669BC144FD87826BB571F
C:\WINDOWS\System32\DRIVERS\netbios.sys 3A2ACA8FC1D7786902CA434998D7CEB4
C:\WINDOWS\System32\DRIVERS\netbt.sys 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\system32\Drivers\Npfs.sys 4F601BCB8F64EA3AC0994F98FED03F8E
C:\WINDOWS\system32\Drivers\Ntfs.sys B78BE402C3F63DD55521F73876951CDD
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 29744EB4CE659DFE3B4122DEB45BC478
C:\WINDOWS\system32\Drivers\PartMgr.sys 3334430C29DC338092F79C38EF7B4CD0
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 82A087207DECEC8456FBE8537947D579
C:\WINDOWS\System32\DRIVERS\raspptp.sys 1C5CC65AAC0783C344F16353E60B72AC
C:\WINDOWS\System32\DRIVERS\psched.sys 48671F327553DCF1D27F6197F622A668
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 98FAEB4A4DCF812BA1C6FCA4AA3E115C
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 7306EEED8895454CBED4669BE9F79FAA
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 29D66245ADBA878FFF574CD66ABD2884
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys A2CAE2C60BC37E0751EF9DDA7CEAF4AD
C:\WINDOWS\system32\Drivers\RDPWD.sys D4F5643D7714EF499AE9527FDCD50894
C:\WINDOWS\System32\DRIVERS\redbook.sys B31B4588E4086D8D84ADBF9845C2402B
C:\WINDOWS\System32\DRIVERS\secdrv.sys 72DFFA33F8ED1C847075EEE2C1E790EE
C:\WINDOWS\System32\DRIVERS\serenum.sys A2D868AEEFF612E70E213C451A70CAFB
C:\WINDOWS\System32\DRIVERS\serial.sys CD9404D115A00D249F70A371B46D5A26
C:\WINDOWS\system32\Drivers\Sfloppy.sys 0D13B6DF6E9E101013A7AFB0CE629FE0
C:\WINDOWS\System32\drivers\splitter.sys 8E186B8F23295D1E42C573B82B80D548
C:\WINDOWS\System32\DRIVERS\sr.sys E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\System32\DRIVERS\srv.sys 20B7E396720353E4117D64D9DCB926CA
C:\WINDOWS\System32\DRIVERS\swenum.sys 03C1BAE4766E2450219D20B993D6E046
C:\WINDOWS\System32\drivers\swmidi.sys 94ABC808FC4B6D7D2BBF42B85E25BB4D
C:\WINDOWS\System32\drivers\sysaudio.sys 650AD082D46BAC0E64C9C0E0928492FD
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\system32\Drivers\TDPIPE.sys 38D437CF2D98965F239B0ABCD66DCB0F
C:\WINDOWS\system32\Drivers\TDTCP.sys ED0580AF02502D00AD8C4C066B156BE9
C:\WINDOWS\System32\DRIVERS\termdd.sys A540A99C281D933F3D69D55E48727F47
C:\WINDOWS\system32\Drivers\Udfs.sys 12F70256F140CD7D52C58C7048FDE657
C:\WINDOWS\System32\DRIVERS\update.sys AFF2E5045961BBC0A602BB6F95EB1345
C:\WINDOWS\System32\DRIVERS\usbccgp.sys BFFD9F120CC63BCBAA3D840F3EEF9F79
C:\WINDOWS\System32\DRIVERS\usbehci.sys 15E993BA2F6946B2BFBBFCD30398621E
C:\WINDOWS\System32\DRIVERS\usbhub.sys C72F40947F92CEA56A8FB532EDF025F1
C:\WINDOWS\System32\DRIVERS\usbprint.sys A42369B7CD8886CD7C70F33DA6FCBCF5
C:\WINDOWS\System32\DRIVERS\usbscan.sys A6BC71402F4F7DD5B77FD7F4A8DDBA85
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 6CD7B22193718F1D17A47A1CD6D37E75
C:\WINDOWS\System32\DRIVERS\usbuhci.sys F8FD1400092E23C8F2F31406EF06167B
C:\WINDOWS\System32\drivers\vga.sys 8A60EDD72B4EA5AEA8202DAF0E427925
C:\WINDOWS\system32\Drivers\VolSnap.sys EE4660083DEBA849FF6C485D944B379B
C:\WINDOWS\System32\DRIVERS\wanarp.sys 984EF0B9788ABF89974CFED4BFBAACBC
C:\WINDOWS\System32\drivers\wdmaud.sys 2797F33EBF50466020C430EE4F037933
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 09:42 - 2015-07-30 09:44 - 00033174 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-07-30 09:41 - 2015-07-30 09:41 - 01673728 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-07-30 09:24 - 2015-07-30 09:43 - 00000000 ____D C:\FRST
2015-07-22 18:25 - 2015-07-22 18:27 - 00000000 ___SD C:\ComboFix
2015-07-22 18:25 - 2011-06-26 09:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-07-22 18:25 - 2010-11-07 20:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-07-22 18:25 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-07-22 18:25 - 2000-08-31 03:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-07-22 18:20 - 2015-07-22 18:25 - 00000000 ____D C:\Qoobox
2015-07-22 18:19 - 2015-07-22 18:19 - 00000000 ____D C:\WINDOWS\erdnt
2015-07-22 18:18 - 2015-07-22 18:18 - 00103140 _____ C:\fjlmbo.pif
2015-07-19 18:13 - 2015-07-19 18:14 - 00000814 _____ C:\Documents and Settings\Administrator\Desktop\Nou Document text.txt
2015-07-06 21:34 - 2015-07-30 09:25 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 21:34 - 2015-07-06 21:34 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-06 21:34 - 2015-07-06 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-06 21:33 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-06 21:33 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-06 21:23 - 2015-07-06 21:23 - 00065536 _____ C:\WINDOWS\Minidump\Mini070615-01.dmp
2015-07-06 13:25 - 2015-07-06 21:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-06 13:25 - 2015-07-06 13:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-07-06 10:10 - 2015-07-30 09:13 - 00000374 _____ C:\WINDOWS\Tasks\CisPostUninstall.job
2015-07-03 13:24 - 2015-07-03 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-25 18:43 - 2015-06-25 18:44 - 00065536 _____ C:\WINDOWS\Minidump\Mini062515-01.dmp
2015-06-22 19:48 - 2015-06-22 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Hyper Hippo Productions Ltd_
2015-06-22 19:41 - 2015-06-22 19:41 - 00000079 _____ C:\Documents and Settings\Administrator\Desktop\AdVenture Capitalist.url
2015-06-22 10:53 - 2015-06-22 10:53 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-22 10:53 - 2015-06-22 10:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-20 12:12 - 2015-06-20 12:12 - 00065536 _____ C:\WINDOWS\Minidump\Mini062015-01.dmp
2015-06-20 12:10 - 2015-06-20 12:10 - 00000747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Zulu DJ Software.lnk
2015-06-20 12:10 - 2015-06-20 12:10 - 00000741 _____ C:\Documents and Settings\All Users\Desktop\Zulu DJ Software.lnk
2015-06-20 12:10 - 2015-06-20 12:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2015-06-18 20:10 - 2015-06-18 20:10 - 00001291 _____ C:\Documents and Settings\Administrator\Desktop\start.lnk
2015-06-18 16:54 - 2015-06-18 16:55 - 00001025 _____ C:\Documents and Settings\Administrator\Desktop\Portal.lnk
2015-06-18 12:04 - 2015-06-18 12:04 - 00000580 _____ C:\Documents and Settings\Administrator\Desktop\GTA SA cheats.lnk
2015-06-18 12:03 - 2015-06-18 12:03 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\GTA San Andreas în limba românã
2015-06-18 08:45 - 2015-06-18 08:45 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2015
2015-06-18 08:42 - 2015-07-06 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-06-18 08:38 - 2015-06-18 08:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-06-18 08:27 - 2015-07-08 09:51 - 00070288 _____ C:\WINDOWS\setupapi.log
2015-06-16 18:11 - 2015-06-18 08:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2015-06-16 17:17 - 2015-06-28 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2015-06-16 16:36 - 2015-06-16 16:36 - 00001146 _____ C:\WINDOWS\wmsetup.log
2015-06-16 16:33 - 2015-06-16 16:33 - 00000504 _____ C:\Documents and Settings\Administrator\Desktop\Jocuri.lnk
2015-06-15 22:39 - 2015-06-15 22:39 - 00001663 _____ C:\Documents and Settings\Administrator\Desktop\Professor Fizzwizzle.lnk
2015-06-15 22:39 - 2015-06-15 22:39 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Professor Fizzwizzle
2015-06-15 20:40 - 2015-06-15 20:51 - 00000240 _____ C:\WINDOWS\setupact.log
2015-06-15 20:40 - 2015-06-15 20:40 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-15 20:38 - 2015-07-30 09:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-15 20:38 - 2015-06-15 20:38 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-06-15 19:52 - 2015-06-15 19:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2015-06-15 19:48 - 2015-06-15 19:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2015-06-13 16:51 - 2015-06-13 16:51 - 00000810 _____ C:\Documents and Settings\Administrator\Desktop\hl2 -steam -game ep2.lnk
2015-06-13 16:41 - 2008-02-02 00:59 - 00000000 ____D C:\Half-Life 2 Episode Two
2015-06-13 14:59 - 2015-06-13 14:59 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SKIDROW
2015-06-13 14:05 - 2015-06-13 14:05 - 00000512 _____ C:\Documents and Settings\Administrator\Desktop\hl2 -steam -console.lnk
2015-06-13 13:41 - 2015-06-13 13:55 - 00000000 ____D C:\Program Files\R.G. Mechanics
2015-06-13 12:39 - 2015-06-13 14:12 - 00000000 ____D C:\Half-Life 2
2015-06-12 20:08 - 2015-06-12 20:08 - 00001712 _____ C:\Documents and Settings\All Users\Desktop\Counter Strike 1.6.lnk
2015-06-12 20:08 - 2015-06-12 20:08 - 00000820 _____ C:\Documents and Settings\All Users\Desktop\CS Dedicated Server CLI.lnk
2015-06-12 20:08 - 2015-06-12 20:08 - 00000792 _____ C:\Documents and Settings\All Users\Desktop\Half-Life.lnk
2015-06-12 20:08 - 2015-06-12 20:08 - 00000744 _____ C:\Documents and Settings\All Users\Desktop\CS Dedicated Server GUI.lnk
2015-06-12 20:08 - 2015-06-12 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike
2015-06-12 20:06 - 2015-07-04 16:36 - 00000000 ____D C:\Program Files\Counter-Strike
2015-06-10 22:14 - 2015-06-12 16:31 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2015-05-19 09:57 - 2015-05-19 09:57 - 00213472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-05-16 23:10 - 2015-05-16 23:10 - 00444952 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-05-16 23:10 - 2015-05-16 23:10 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-05-16 23:10 - 2015-05-16 23:10 - 00000000 ____D C:\Program Files\OpenAL
2015-05-14 13:49 - 2015-05-14 13:49 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2015-05-12 14:46 - 2015-05-12 14:46 - 00213984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2015-05-12 14:45 - 2015-05-12 14:45 - 00190944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2015-05-12 14:45 - 2015-05-12 14:45 - 00169440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2015-05-05 07:59 - 2015-07-08 09:50 - 00000000 _RSHD C:\Win
2015-05-01 15:45 - 2015-05-01 15:45 - 00065536 _____ C:\WINDOWS\Minidump\Mini050115-01.dmp

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 09:44 - 2014-04-24 13:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-07-30 09:41 - 2014-04-24 14:09 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Descărcări
2015-07-30 09:28 - 2014-11-12 22:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-30 09:21 - 2014-04-24 13:34 - 00426397 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-30 09:13 - 2014-04-24 16:29 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-30 09:13 - 2014-04-24 13:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-30 09:12 - 2004-08-04 04:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-22 19:05 - 2014-04-24 13:40 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-07-22 19:05 - 2014-04-24 13:40 - 00000000 ____D C:\Documents and Settings\Administrator
2015-07-22 18:32 - 2014-04-24 14:00 - 00045568 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 18:26 - 2014-04-24 13:39 - 00032604 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-22 18:22 - 2014-04-24 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-22 18:16 - 2014-12-22 16:03 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-07-22 18:16 - 2014-04-24 16:21 - 00000000 ____D C:\WINDOWS\repair
2015-07-22 17:17 - 2014-10-11 23:13 - 00000000 ____D C:\WINDOWS\SHELLNEW
2015-07-08 11:17 - 2004-08-04 04:07 - 00000469 _____ C:\WINDOWS\system.ini
2015-07-08 11:08 - 2014-04-24 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-07-08 11:04 - 2014-04-24 16:21 - 00000000 ____D C:\WINDOWS\mui
2015-07-08 11:04 - 2014-04-24 13:34 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-07-08 09:50 - 2015-01-23 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2015-07-08 09:50 - 2014-11-12 22:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\FirefoxToolbar
2015-07-06 21:28 - 2014-04-24 13:32 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-07-06 21:23 - 2014-07-15 16:09 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-06 21:23 - 2014-04-24 16:21 - 82935808 _____ C:\WINDOWS\MEMORY.DMP
2015-07-06 13:04 - 2015-01-09 22:41 - 00000025 _____ C:\WINDOWS\popcinfot.dat
2015-07-06 09:55 - 2014-05-01 21:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2015-07-05 17:55 - 2014-05-03 17:26 - 00000000 ____D C:\Program Files\Steam
2015-07-04 15:51 - 2015-02-02 13:44 - 00002483 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office PowerPoint 2007.lnk
2015-07-04 15:45 - 2015-01-17 22:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-02 17:13 - 2014-10-17 20:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AIMP3
2015-06-30 19:24 - 2014-08-30 21:33 - 00000000 ____D C:\Program Files\AVG Web TuneUp

==================== Files in the root of some directories =======

2014-11-26 21:01 - 2014-11-26 21:01 - 0080201 _____ () C:\Documents and Settings\Administrator\Application Data\Zulu.dmp
2014-04-24 14:00 - 2015-07-22 18:32 - 0045568 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-22 22:51 - 2014-09-23 22:51 - 0000032 ____R () C:\Documents and Settings\All Users\hash.dat

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SWFXXLRT.DLL


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2004-08-04 04:07] - [2004-08-04 04:07] - 0974336 ____A (Microsoft Corporation) 0x61356331663263663763333138373465363634373839313062343364363531332000200000

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

 

And here is the additional.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015
Ran by Administrator (2015-07-30 09:45:43)
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1202660629-1659004503-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1202660629-1659004503-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1202660629-1659004503-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1202660629-1659004503-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2015 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\{23170F69-40C1-2701-0457-000001000000}) (Version: 4.57.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 - Romanian (HKLM\...\{AC76BA86-7AD7-1048-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-GB) (Version: 15.0.1001.518 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.52 - AVG Technologies)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.51.1021 - Webteh, d.o.o.)
Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chicken Invaders 4 (HKLM\...\Chicken Invaders 4 v.4.13) (Version: 4.13 - InterAction Studios)
Chicken Invaders 5 - Cluck of the Dark Side (HKLM\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
Colin McRae Rally 04 (HKLM\...\{F8718F95-21A1-44B9-97EC-679C93020BAE}) (Version: 1.00.000 - )
CPUID ROG CPU-Z 1.57.1 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.57.1 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
East-Tec Eraser 2010 Version 9.7 (HKLM\...\East-Tec Eraser 2010_is1) (Version: 9.7.0.100 - EAST Technologies)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FIFA 07 (HKLM\...\{5A438E06-0BB3-4C5F-0085-B14F1F4077E6}) (Version:  - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
GTA San Andreas în limba românã (HKU\S-1-5-21-1202660629-1659004503-1801674531-500\...\GTA San Andreas în limba românã) (Version:  - )
GTA San Andreas în limba românã (HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GTA San Andreas în limba românã) (Version:  - )
GTA Vice City în limba românã (HKLM\...\GTA Vice City în limba românã) (Version:  - )
Intel® PRO Network Connections (HKLM\...\{111A3D14-7596-43B0-92BA-418435C90672}) (Version:  - Intel)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
K-Lite Codec Pack 5.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
LS-USBMX 1/2/3 Steering Wheel W/Vibration (HKLM\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: v4.40 - My Company Name)
Mad Cars Free Trial (HKLM\...\Mad Cars Free Trial_is1) (Version:  - Realore)
Malwarebytes Anti-Malware versiunea 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 ro) (HKLM\...\Mozilla Firefox 39.0 (x86 ro)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Need for Speed Underground 2 (HKLM\...\Need for Speed Underground 2) (Version:  - )
Need for Speed™ Most Wanted (HKLM\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Pack Vista Inspirat 2 1.0 (HKLM\...\Pack Vista Inspirat 2) (Version: 1.0 - Bricomix)
PCI Audio Driver (HKLM\...\PCI Audio Driver) (Version:  - )
Professor Fizzwizzle (HKLM\...\Professor Fizzwizzle) (Version:  - )
Program de completare Microsoft Save as PDF sau XPS pentru programele Microsoft Office 2007 (HKLM\...\{90120000-00B2-0418-0000-0000000FF1CE}) (Version: 12.0.4518.1039 - Microsoft Corporation)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terrorist Takedown - Conflict in Mogadishu (HKLM\...\Terrorist Takedown - Conflict in Mogadishu) (Version:  - )
TuneUp Utilities 2007 (HKLM\...\{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}) (Version: 6.0.1255 - TuneUp Software)
Unity Web Player (HKU\S-1-5-21-1202660629-1659004503-1801674531-500\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Romanian Interface Pack (HKLM\...\{27D2DAD1-45F0-4304-A44A-F176506DC6AA}) (Version: 1.0.0.2600 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zulu DJ Software (HKLM\...\Zulu) (Version: 3.34 - NCH Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1659004503-1801674531-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================

06-07-2015 21:29:44 Operaţie de restabilire
22-07-2015 18:26:43 ComboFix created restore point
25-07-2015 13:30:56 Punct de control sistem

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:07 - 2004-08-04 04:07 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\1-Click Maintenance.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CisPostUninstall.job => C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cisF7.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2007-03-19 01:04 - 2007-03-19 01:04 - 00069632 _____ () C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
2014-04-24 13:42 - 2004-11-02 16:57 - 00121344 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-30 21:33 - 2015-06-30 19:24 - 02528192 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2015-05-18 19:31 - 2015-05-18 19:30 - 00526784 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\log4cplusU.dll
2014-08-30 21:33 - 2015-05-18 19:30 - 01654720 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2007-03-19 01:05 - 2007-03-19 01:05 - 00782336 _____ () C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
2007-03-04 10:48 - 2007-03-04 10:48 - 00106496 _____ () C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Docklets\RocketClock\RocketClock.dll
2015-05-18 19:31 - 2015-05-18 19:30 - 00166848 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.1\loggingserver.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C97C8631

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1202660629-1659004503-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1202660629-1659004503-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1 - 0.0.0.0
sharedaccess Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: C-Media Mixer => Mixer.exe /startup
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Eraser RiskMonitor => "C:\Program Files\East-Tec Eraser 2010\Launch.exe" "C:\Program Files\East-Tec Eraser 2010\etRiskMon.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\SopCast\SopCast.exe] => Enabled:SopCast Main Application
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [E:\App Steam\steamapps\common\Team Fortress 2\hl2.exe] => Enabled:Team Fortress 2
StandardProfile\AuthorizedApplications: [C:\Program Files\Counter-Strike\hl.exe] => Enabled:Half-Life Launcher
StandardProfile\AuthorizedApplications: [C:\Program Files\Counter-Strike\hlds.exe] => Enabled:HLDS Launcher
StandardProfile\AuthorizedApplications: [C:\Half-Life 2\hl2.exe] => Enabled:hl2
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [E:\App Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe] => Enabled:AdVenture Capitalist
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Explorer.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\NeroCheck.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ctfmon.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dumprep.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\userinit.exe] => Enabled:ipsec
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ALCATech Realtime Audio Kernel
Description: ALCATech Realtime Audio Kernel
Class Guid: {3E36E96C-E325-12CE-BFC1-07002BE10326}
Manufacturer: ALCATech GmbH
Service: MMRTKRNL
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 12:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module mbamservice.exe, version 3.2.13.0, fault address 0x00006008.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (07/22/2015 06:23:40 PM) (Source: MsiInstaller) (EventID: 11921) (User: E0290DC24C4340B)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG Firewall' (avgfws) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (07/11/2015 08:35:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/08/2015 11:28:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/30/2015 09:18:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1460

Error: (07/30/2015 09:16:08 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (07/30/2015 09:15:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (07/30/2015 09:15:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.

Error: (07/30/2015 09:15:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/30/2015 09:15:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/30/2015 09:15:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
sptd

Error: (07/25/2015 01:32:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/25/2015 01:28:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register with DCOM within the required timeout.

Error: (07/25/2015 12:51:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1460


Microsoft Office:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.53GHz
Percentage of memory in use: 55%
Total physical RAM: 1535.48 MB
Available physical RAM: 689.96 MB
Total Virtual: 2924.5 MB
Available Virtual: 2250.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:7.04 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Date) (Fixed) (Total:96.17 GB) (Free:1.11 GB) NTFS
Drive e: (Multimedia) (Fixed) (Total:97.65 GB) (Free:36.16 GB) NTFS
Drive g: (FIFA07) (CDROM) (Total:2.79 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: FC24FC24)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=193.8 GB) - (Type=OF Extended)

==================== End of log ============================

 

Also, sorry for my late post.

Link to post
Share on other sites

Your system is seriously infected.

Step 1

Please uninstall the following programs:

AVG Web TuneUp

IObit Unlocker

TuneUp Utilities 2007

Yahoo! Toolbar

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 3

Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file.

In your next reply, post the following log files:

  • FRST fix log
  • Malwarebytes' Anti-Malware log

fixlist.txt

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.