Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Administrator (administrator) on REBORN on 29-07-2014 20:29:26
Running from C:\Documents and Settings\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.co...rbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.co...rbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum...use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Common Group) C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\avast.setup
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dwwin.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\cryptnet32: cryptnet32.dll [X]
HKU\S-1-5-21-839522115-602609370-725345543-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-06] (Google Inc.)
HKU\S-1-5-21-839522115-602609370-725345543-500\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1032192 2002-12-31] (Microsoft Corporation) <==== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
ShortcutTarget: Watch.lnk -> C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe (Common Group)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-17] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk /r \??\I:autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.default-search.net?...r=13437&tm=417&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL =
http://search.fantastigames.co...5&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL =
http://www.default-search.net/...amp;src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {AFEBF3B3-EA16-4D43-A16C-629A990B6BEC} URL =
http://search.softonic.com/INF...00000000001d7d5161ca&r=593
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
http://mysearch.avg.com/search...id=&pr=sa&d=2014-03-24 17:35:39&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL =
http://search.fantastigames.co...5&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL =
http://www.default-search.net/...amp;src=ds&p={searchTerms}
SearchScopes: HKCU - {AFEBF3B3-EA16-4D43-A16C-629A990B6BEC} URL =
http://search.softonic.com/INF...00000000001d7d5161ca&r=593
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\Administrator\Application Data\Nowe Gadu-Gadu\_userdata\ggbho.1.dll No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.c...urrent/polarbear/ultrashim.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @real.com/RhapsodyPlayerEngine - C:\Documents and Settings\Administrator\Application Data\nprhapengine.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\dictionary.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\dictionary.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\google.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\google.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo.src
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-11]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07]
Chrome:
=======
CHR HomePage: hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=e844c02f000000000000001d7d5161ca
CHR RestoreOnStartup: "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=e844c02f000000000000001d7d5161ca"
CHR DefaultSearchURL:
http://search.softonic.com/INF...44c02f000000000000001d7d5161ca
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-07]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-07]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-02-28] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-21] (Oracle Corporation)
S2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-06-10] (NVIDIA Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3572240 2014-07-17] (Aztec Media Inc)
S4 FAH@E:+FAH.exe; E:\FAH.exe -svcstart [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1594944 2009-06-12] (Atheros Communications, Inc.) [File not signed]
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29880 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66408 2013-02-28] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49832 2013-02-28] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49320 2013-02-28] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [765808 2013-02-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [368248 2013-02-28] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [62448 2013-02-28] (AVAST Software)
S3 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [163784 2013-02-28] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-17] (Aztec Media Inc)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2009-03-10] (Windows (R) 2000 DDK provider)
R3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [17504 2003-02-18] ( )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2009-11-17] (Padus, Inc.) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2010-05-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2009-04-12] () [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2002-12-31] (Microsoft Corporation) [File not signed]
S3 usb2vcom; C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [30272 2006-04-03] () [File not signed]
S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
U3 a9rbirm8; C:\WINDOWS\system32\Drivers\a9rbirm8.sys [0 ] (Microsoft Corporation)
S3 247F0456; \??\c:\documents and settings\administrator\local settings\temp\247F0456.sys [X]
S1 ASPI32; No ImagePath
S0 DwProt; system32\drivers\dwprot.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; No ImagePath
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 RT61; system32\DRIVERS\RT61.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: SSHNAS -> No Registry Path.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 20:29 - 2014-07-29 20:29 - 00016990 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-07-29 20:29 - 2014-07-29 20:29 - 00000000 ____D () C:\FRST
2014-07-29 20:28 - 2014-07-29 12:21 - 01084416 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-07-27 15:38 - 2014-07-27 15:40 - 00000240 _____ () C:\WINDOWS\setupact.log
2014-07-27 15:38 - 2014-07-27 15:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-27 15:16 - 2014-07-27 15:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\PROFESOR I
2014-07-27 15:16 - 2014-07-27 15:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\PROFESOR
2014-07-27 15:15 - 2014-07-27 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2014-07-24 10:55 - 2014-07-24 10:55 - 00000696 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2014-07-24 10:55 - 2014-07-24 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-24 10:55 - 2009-02-11 10:19 - 00038496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-07-24 10:55 - 2009-02-11 10:19 - 00015504 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-23 21:06 - 2014-07-23 21:06 - 00100475 _____ () C:\WINDOWS\UninstallFirefox.exe
2014-07-23 21:06 - 2014-07-23 21:06 - 00002650 _____ () C:\WINDOWS\mozver.dat
2014-07-23 21:06 - 2014-07-23 21:06 - 00001602 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-07-23 21:06 - 2014-07-23 21:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-23 21:06 - 2014-07-23 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
2014-07-23 17:09 - 2014-07-23 17:10 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-23 17:07 - 2014-07-29 20:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\systemk
2014-07-23 17:07 - 2014-07-23 17:07 - 00000000 ____D () C:\Program Files\Settings Manager
2014-07-23 17:07 - 2014-07-23 17:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FirefoxToolbar
2014-07-23 17:06 - 2014-07-23 17:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\OpenCandy
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 20:29 - 2014-07-29 20:29 - 00016990 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-07-29 20:29 - 2014-07-29 20:29 - 00000000 ____D () C:\FRST
2014-07-29 20:29 - 2014-07-23 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\systemk
2014-07-29 20:29 - 2012-03-07 18:04 - 00000250 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-07-29 20:29 - 2009-03-10 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-07-29 20:28 - 2012-12-10 16:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-29 20:28 - 2012-10-07 16:06 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-29 20:28 - 2010-08-06 14:29 - 01697261 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 20:27 - 2014-04-20 14:36 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-29 20:27 - 2014-04-20 14:36 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-29 20:27 - 2013-12-18 19:28 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-602609370-725345543-500.job
2014-07-29 20:27 - 2013-12-05 20:16 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-07-29 20:27 - 2012-06-05 13:59 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-602609370-725345543-500.job
2014-07-29 20:27 - 2010-02-12 21:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 20:27 - 2009-03-10 21:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-29 20:27 - 2009-03-10 21:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-29 20:27 - 2009-03-10 21:29 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2014-07-29 19:06 - 2009-03-10 21:39 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-29 19:06 - 2009-03-10 21:39 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-07-29 18:52 - 2002-12-31 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-29 12:21 - 2014-07-29 20:28 - 01084416 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-07-28 18:45 - 2010-02-12 21:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 20:41 - 2013-11-07 16:27 - 00002497 _____ () C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
2014-07-27 15:40 - 2014-07-27 15:38 - 00000240 _____ () C:\WINDOWS\setupact.log
2014-07-27 15:38 - 2014-07-27 15:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-27 15:38 - 2009-03-10 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-07-27 15:16 - 2014-07-27 15:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\PROFESOR I
2014-07-27 15:16 - 2014-07-27 15:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\PROFESOR
2014-07-27 15:16 - 2009-03-10 21:39 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-07-27 15:16 - 2009-03-10 21:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-07-27 15:16 - 2009-03-10 21:31 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-27 15:15 - 2014-07-27 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2014-07-27 14:33 - 2009-03-11 00:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
2014-07-27 14:24 - 2009-04-12 15:01 - 00000000 __SHD () C:\WINDOWS\CSC
2014-07-24 11:52 - 2009-03-10 21:32 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-24 10:55 - 2014-07-24 10:55 - 00000696 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2014-07-24 10:55 - 2014-07-24 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-24 10:55 - 2010-01-19 19:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-24 10:55 - 2010-01-19 19:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-07-23 21:06 - 2014-07-23 21:06 - 00100475 _____ () C:\WINDOWS\UninstallFirefox.exe
2014-07-23 21:06 - 2014-07-23 21:06 - 00002650 _____ () C:\WINDOWS\mozver.dat
2014-07-23 21:06 - 2014-07-23 21:06 - 00001602 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-07-23 21:06 - 2014-07-23 21:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-23 21:06 - 2014-07-23 21:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
2014-07-23 21:00 - 2009-03-11 00:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-07-23 20:55 - 2009-03-10 21:26 - 00525758 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-23 20:46 - 2014-03-25 17:17 - 00000000 ____D () C:\Program Files\Real
2014-07-23 20:46 - 2011-05-01 22:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Real
2014-07-23 20:22 - 2011-05-01 22:44 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-602609370-725345543-500.job
2014-07-23 19:24 - 2009-03-10 21:24 - 00000223 ___SH () C:\boot.ini
2014-07-23 19:24 - 2002-12-31 13:00 - 00000965 _____ () C:\WINDOWS\win.ini
2014-07-23 19:24 - 2002-12-31 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-23 19:06 - 2010-01-19 19:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-23 17:10 - 2014-07-23 17:09 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-23 17:07 - 2014-07-23 17:07 - 00000000 ____D () C:\Program Files\Settings Manager
2014-07-23 17:07 - 2014-07-23 17:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FirefoxToolbar
2014-07-23 17:06 - 2014-07-23 17:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\OpenCandy
2014-07-21 21:46 - 2009-04-25 21:47 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-07-16 18:31 - 2013-12-18 19:28 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-602609370-725345543-500.job
2014-07-08 20:28 - 2012-12-10 16:23 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 20:28 - 2011-11-23 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================