Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer full of russian trojans/malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 mihnea

mihnea

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 18 January 2017 - 04:17 PM

Hello, after downloading and installing some loader program I got my computer full with russian ads/trojans.
 
First I had a bar on the right size of my desktop with link icons for some russian sites:kometa, mail.ru, @ (which was a network i think) and so on. The same icons appeared on my desktop as shortcuts and in the activity taskbar next to the minimized program. I kicked them out from where i could, than i used uninstaller from control panel and Revo Uninstaller to uninstall Kometa as it appeared in a program. I didn't allow cometa to acces my computer/hard drive during the uninstall because i was afraid, not sure i did good or not.
 
I downloaded Trojanremover and it found/removed two trojans, expecially a windows error that appeared on start-up and something in a HKEY entry.
 
Now I still have alot of problems:
-my antivirus (bitdefender free edition the latest) keeps showin me messages with web threat blocked as shown in screen 2Attached File  screen2.jpg   102.8KB   1 downloads and dudecorner.ru appears 10 times a minute.
 
- I have a screen appearing at start-up and at about 2 hours Attached File  screen1.jpg   103.23KB   1 downloads
 
- Firefox opened some dumb sites in a new tab suddenly (like betano.ro - online bets) or redirected me suddenly to some dumb hackersites that had 'spyware removing' tools with add-bars or some video-reality show or bets.
 
-I removed the tiles and everything in the firefox new tab and set it to blank since the search in that page ws taking place on mail.ru and something russian
 
-my homepage was mail.ru, but that i fixed.
 
Here are the logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2017
Ran by Mihnea (administrator) on MIHNEA-PC (18-01-2017 19:53:11)
Running from C:\Users\Mihnea\Downloads
Loaded Profiles: Mihnea (Available Profiles: Mihnea)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Mihnea\AppData\Local\Kometa\Application\kometa.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
(iolo technologies, LLC) C:\Program Files\System Mechanic\ioloGovernor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272 2010-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [952768 2010-03-24] (Adobe Systems Incorporated)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [3627576 2017-01-10] (Simply Super Software)
HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Mihnea\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-12-15] (Yahoo!, Inc.)
HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1843864 2016-12-21] (Lavasoft)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-16] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-18]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-12-19] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-12-19] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-12-19] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-12-19] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-12-19] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1A2A4BD3-D383-4CF0-8F1C-F87EA0BAD537}: [NameServer] 193.231.100.130,193.231.100.134
Tcpip\..\Interfaces\{1A2A4BD3-D383-4CF0-8F1C-F87EA0BAD537}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5FC2BD30-D55B-46BB-BA86-1D4128ADEBE4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies: 0hxxp://noblockweb.biz/wpad.dat?3ee2cf0d4dbfb115ba55cba61fdc23ff23920965

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1309403825-627622425-3339704752-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 -> DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ro.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1270_161219__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4794B0A-A14B-4595-9C8C-C57F66DADCAB%7D&gp=811014
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04] (Adobe Systems Incorporated)
BHO: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Mihnea\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-01-18] (Mail.Ru)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-03] (Sun Microsystems, Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll => No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24] ()
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
Toolbar: HKU\S-1-5-21-1309403825-627622425-3339704752-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24] ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Mihnea\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 [2017-01-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440 -> hxxp://go.mail.ru/distib/ep/?product_id=%7B6B680154-938A-4D55-9437-A9E0F3FEC680%7D&gp=811010
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Mihnea\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440\Extensions\homepage@mail.ru [2017-01-18]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Mihnea\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440\Extensions\search@mail.ru [2017-01-18]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Mihnea\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-18]
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF SearchPlugin: C:\Users\Mihnea\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg9fo1.default-1483471000440\searchplugins\mailru.xml [2017-01-18]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-01-16]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-01-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-11-14] (DivX, LLC)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2010-02-21] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-06-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-04] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-04-04] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\474180.js [2017-01-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\474180.cfg [2017-01-18] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-12-21] (Lavasoft Limited)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [141064 2016-07-11] (McAfee, Inc.)
S2 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996336 2016-11-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17304 2016-11-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73968 2016-11-30] (McAfee, Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [97200 2016-11-30] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [97200 2016-11-30] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [97200 2016-11-30] (Bitdefender)
S2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25232 2016-12-21] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -runtimeupdated -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1285360 2016-09-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [718488 2016-09-20] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [113768 2016-02-22] (BitDefender LLC)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [282240 2016-12-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [196008 2016-10-29] (BitDefender LLC)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [41600 2016-06-06] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-09] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30696 2016-12-15] (The OpenVPN Project)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [458648 2016-06-22] (BitDefender S.R.L.)
U3 aoxa5x0u; C:\Windows\system32\Drivers\aoxa5x0u.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 19:53 - 2017-01-18 19:55 - 00017133 _____ C:\Users\Mihnea\Downloads\FRST.txt
2017-01-18 19:52 - 2017-01-18 19:53 - 00000000 ____D C:\FRST
2017-01-18 19:52 - 2017-01-18 19:52 - 01761280 _____ (Farbar) C:\Users\Mihnea\Downloads\FRST.exe
2017-01-18 19:08 - 2017-01-18 19:08 - 01055936 _____ (Adobe) C:\Users\Mihnea\Downloads\install_flash_player_13_plugin.exe
2017-01-18 15:48 - 2017-01-18 16:06 - 00000000 ____D C:\ProgramData\TEMP
2017-01-18 15:46 - 2017-01-18 15:46 - 00001072 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2017-01-18 15:46 - 2017-01-18 15:46 - 00000000 ____D C:\Users\Mihnea\Documents\Simply Super Software
2017-01-18 15:46 - 2017-01-18 15:46 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\Simply Super Software
2017-01-18 15:46 - 2017-01-18 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2017-01-18 15:45 - 2017-01-18 15:46 - 00000000 ____D C:\Program Files\Trojan Remover
2017-01-18 15:45 - 2017-01-18 15:45 - 00000000 ____D C:\ProgramData\Simply Super Software
2017-01-18 15:44 - 2017-01-18 15:45 - 61167208 _____ (Simply Super Software ) C:\Users\Mihnea\Downloads\trjsetup.exe
2017-01-18 14:41 - 2017-01-18 14:41 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Chromium
2017-01-18 14:40 - 2017-01-18 14:40 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Вoйти в Интeрнет
2017-01-18 14:37 - 2017-01-18 18:56 - 00000000 ____D C:\Users\Mihnea\AppData\Local\FileSystemDriver
2017-01-18 14:36 - 2017-01-18 14:36 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Поиcк в Интeрнете
2017-01-18 14:35 - 2017-01-18 14:35 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Mail.Ru
2017-01-18 14:35 - 2017-01-18 14:35 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-18 14:02 - 2017-01-18 14:02 - 00053875 _____ C:\Users\Mihnea\Downloads\KmsNano_Automatic_Activator_Final_2017_Windows_7_8_8.1__1w1td5i.exe
2017-01-18 13:10 - 2017-01-18 13:10 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\WinRAR
2017-01-18 13:06 - 2017-01-18 13:06 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\WinZip
2017-01-18 12:30 - 2017-01-18 12:30 - 00000000 ____D C:\Users\Mihnea\Downloads\acti
2017-01-18 12:16 - 2017-01-18 14:40 - 00000000 ____D C:\Users\Mihnea\AppData\Local\WinZip
2017-01-18 12:16 - 2017-01-18 12:16 - 00002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2017-01-18 12:16 - 2017-01-18 12:16 - 00002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
2017-01-18 12:16 - 2017-01-18 12:16 - 00002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-01-18 12:16 - 2017-01-18 12:16 - 00002282 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-01-18 12:16 - 2017-01-18 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-01-18 12:15 - 2017-01-18 13:01 - 00000000 ____D C:\ProgramData\WinZip
2017-01-18 12:15 - 2017-01-18 12:15 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-01-18 12:14 - 2017-01-18 12:14 - 00000774 _____ C:\Users\Mihnea\Desktop\Continue WinZip Installation.lnk
2017-01-18 12:14 - 2017-01-18 12:14 - 00000000 ____D C:\ProgramData\UniqueId
2017-01-18 12:13 - 2017-01-18 12:13 - 01110564 _____ (Igor Pavlov) C:\Users\Mihnea\Downloads\7z1604.exe
2017-01-18 12:13 - 2017-01-18 12:13 - 00712896 _____ (WinZip Computing, S.L.) C:\Users\Mihnea\Downloads\winzip21-update.exe
2017-01-18 12:13 - 2017-01-18 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-18 12:13 - 2017-01-18 12:13 - 00000000 ____D C:\Program Files\7-Zip
2017-01-18 12:07 - 2017-01-18 12:07 - 09149067 _____ C:\Users\Mihnea\Downloads\acti.7z
2017-01-17 14:47 - 2017-01-17 14:47 - 03072054 _____ C:\Users\Mihnea\Desktop\New Bitmap Image.bmp
2017-01-17 10:28 - 2017-01-17 10:28 - 00028182 _____ C:\ProgramData\agent.1484641658.bdinstall.bin
2017-01-17 01:06 - 2017-01-17 01:06 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Bitdefender Antivirus Free
2017-01-17 01:00 - 2017-01-17 01:00 - 00001143 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2017-01-17 01:00 - 2017-01-17 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2017-01-17 01:00 - 2017-01-17 01:00 - 00000000 ____D C:\ProgramData\Bitdefender
2017-01-17 01:00 - 2016-12-13 18:16 - 00282240 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-01-17 01:00 - 2016-10-29 09:54 - 00196008 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2017-01-17 01:00 - 2016-09-20 04:17 - 00718488 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2017-01-17 01:00 - 2016-09-20 04:16 - 01285360 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-01-17 00:56 - 2016-06-22 15:40 - 00458648 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-01-17 00:55 - 2017-01-18 19:25 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-01-17 00:55 - 2017-01-17 00:55 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\QuickScan
2017-01-17 00:53 - 2017-01-18 18:57 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-01-17 00:53 - 2017-01-17 00:53 - 00045684 _____ C:\ProgramData\agent.1484607194.bdinstall.bin
2017-01-17 00:53 - 2017-01-17 00:53 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-01-17 00:53 - 2017-01-17 00:53 - 00000000 ____D C:\ProgramData\BDLogging
2017-01-16 23:06 - 2017-01-16 23:06 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-16 23:00 - 2017-01-16 23:02 - 08459976 _____ C:\Users\Mihnea\Downloads\bitdefender_online.exe
2017-01-12 19:12 - 2017-01-12 19:12 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\Agenda
2017-01-12 19:10 - 2017-01-12 19:10 - 00000900 _____ C:\Users\Public\Desktop\Agenda.lnk
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agenda
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\Program Files\MAKEMSI Package Documentation
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\Program Files\Agenda
2017-01-12 19:06 - 2017-01-12 19:06 - 06205952 _____ C:\Users\Mihnea\Downloads\Agenda-1.0.5-Windows.msi
2017-01-10 20:09 - 2017-01-10 20:09 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-01-09 13:17 - 2017-01-09 13:17 - 00000000 _____ C:\Users\Mihnea\Desktop\erata.txt
2017-01-09 00:09 - 2017-01-13 00:24 - 00001324 _____ C:\Users\Mihnea\Desktop\9 ianuarie.txt
2017-01-03 21:16 - 2017-01-03 21:16 - 00000000 ____D C:\Users\Mihnea\Desktop\Old Firefox Data
2016-12-27 00:40 - 2016-12-27 00:42 - 00000252 _____ C:\Users\Mihnea\Desktop\recap.txt
2016-12-25 20:11 - 2017-01-12 19:29 - 00000059 _____ C:\Users\Mihnea\Desktop\de citit.txt
2016-12-21 01:02 - 2016-12-21 01:02 - 00000000 ____D C:\searchplugins
2016-12-20 16:55 - 2016-12-20 16:55 - 00097766 _____ C:\Users\Mihnea\Downloads\cerere_v6.pdf
2016-12-19 20:58 - 2016-12-19 20:58 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\MPC-HC
2016-12-19 20:50 - 2016-12-19 20:50 - 00002928 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-12-19 20:50 - 2016-12-19 20:50 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Lavasoft
2016-12-19 20:50 - 2016-12-19 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-12-19 20:50 - 2016-12-19 20:49 - 00345360 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2016-12-19 20:44 - 2016-12-19 20:44 - 00000000 ____D C:\ProgramData\Lavasoft
2016-12-19 20:42 - 2016-12-19 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-12-19 20:42 - 2016-12-19 20:42 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-12-19 20:41 - 2016-12-19 20:41 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Programs
2016-12-19 20:40 - 2016-12-19 20:41 - 38413968 _____ (KLCP ) C:\Users\Mihnea\Downloads\K-Lite_Codec_Pack_1270_Full.exe
2016-12-19 20:31 - 2016-12-19 20:31 - 00001591 _____ C:\Users\Mihnea\Desktop\DivX Movies.lnk
2016-12-19 20:28 - 2016-12-19 20:28 - 00001037 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-12-19 20:24 - 2016-12-19 20:24 - 00001062 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-12-19 20:23 - 2016-12-19 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-12-19 20:19 - 2016-12-19 20:27 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2016-12-19 20:16 - 2016-12-19 20:16 - 02427336 _____ (DivX, LLC) C:\Users\Mihnea\Downloads\DivXInstaller(1).exe
2016-12-19 13:28 - 2016-12-19 13:29 - 01269336 _____ (Adobe Systems Incorporated) C:\Users\Mihnea\Downloads\uninstall_flash_player.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 19:09 - 2016-12-14 22:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-18 18:59 - 2016-12-14 22:16 - 00000000 ____D C:\Users\Mihnea\AppData\LocalLow\Mozilla
2017-01-18 18:55 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 16:36 - 2009-07-14 06:34 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-18 16:36 - 2009-07-14 06:34 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-18 16:28 - 2010-03-09 01:44 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Adobe
2017-01-18 15:34 - 2010-03-09 01:11 - 00000000 ____D C:\Program Files\Yahoo!
2017-01-18 14:35 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-18 14:13 - 2010-03-09 01:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-18 12:16 - 2010-03-09 01:26 - 00000000 ____D C:\Program Files\WinZip
2017-01-17 18:43 - 2010-03-09 01:14 - 00847598 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 18:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-01-17 14:27 - 2010-03-09 01:25 - 00000000 ____D C:\Program Files\WinZip 10.0 incl Keygen
2017-01-17 14:27 - 2010-03-09 01:23 - 00000000 ____D C:\Windows\system32\dllcache
2017-01-17 10:48 - 2016-12-14 22:41 - 00000000 ____D C:\ProgramData\iolo
2017-01-17 00:36 - 2016-12-14 22:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-16 23:06 - 2010-03-09 01:44 - 00000000 ____D C:\Program Files\Lavasoft
2017-01-14 10:44 - 2016-12-14 22:08 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 00:24 - 2016-12-14 22:34 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-10 20:09 - 2016-12-14 20:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-10 20:09 - 2016-12-14 20:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-10 20:09 - 2010-03-09 01:14 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 23:18 - 2016-12-14 22:36 - 00000000 ____D C:\Users\Mihnea\AppData\Local\tkdata
2016-12-27 18:12 - 2015-03-16 15:25 - 00000000 ____D C:\Users\Mihnea\AppData\LocalLow\visi_coupon
2016-12-27 10:38 - 2010-03-09 22:49 - 00000000 ____D C:\Windows\Prefetch
2016-12-22 22:02 - 2016-06-02 15:06 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{00384986-28c2-11e6-b16a-001a92faf2ef}.TMContainer00000000000000000001.regtrans-ms
2016-12-22 12:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wdi
2016-12-20 13:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-12-20 13:20 - 2010-04-22 21:27 - 00000000 ____D C:\Users\Mihnea\AppData\Local\Diagnostics
2016-12-20 10:07 - 2010-03-26 16:37 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\DivX
2016-12-19 20:50 - 2010-03-09 01:44 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\Lavasoft
2016-12-19 20:31 - 2010-03-26 16:30 - 00000000 ____D C:\Program Files\DivX
2016-12-19 20:31 - 2010-03-26 16:26 - 00000000 ____D C:\ProgramData\DivX
2016-12-19 20:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\winsxs
2016-12-19 20:05 - 2010-03-26 16:37 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2016-12-19 10:37 - 2016-12-15 01:28 - 00000000 ____D C:\Users\Mihnea\AppData\Roaming\Yahoo Messenger

==================== Files in the root of some directories =======

2010-03-09 01:48 - 2010-06-18 09:55 - 0000600 _____ () C:\Users\Mihnea\AppData\Roaming\winscp.rnd
2010-05-07 22:38 - 2010-06-05 22:56 - 0000600 _____ () C:\Users\Mihnea\AppData\Local\PUTTY.RND
2017-01-17 00:53 - 2017-01-17 00:53 - 0045684 _____ () C:\ProgramData\agent.1484607194.bdinstall.bin
2017-01-17 10:28 - 2017-01-17 10:28 - 0028182 _____ () C:\ProgramData\agent.1484641658.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Mihnea\AppData\Local\Temp\DOhPB8tIVgFL.exe
C:\Users\Mihnea\AppData\Local\Temp\e.exe
C:\Users\Mihnea\AppData\Local\Temp\eaF3MTwnyqEt.exe
C:\Users\Mihnea\AppData\Local\Temp\HKQnDtut0lnv.exe
C:\Users\Mihnea\AppData\Local\Temp\KmsNano_Automatic_Activator_Final_2017_Windows_7_8_8.1__1w1td5i.exe
C:\Users\Mihnea\AppData\Local\Temp\nfsMXMtSkFGX.exe
C:\Users\Mihnea\AppData\Local\Temp\SdULTC3MWlGI.exe
C:\Users\Mihnea\AppData\Local\Temp\setsearchm.exe
C:\Users\Mihnea\AppData\Local\Temp\startpm.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-12 09:39

==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by Mihnea (18-01-2017 19:56:18)
Running from C:\Users\Mihnea\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2010-03-08 23:07:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1309403825-627622425-3339704752-500 - Administrator - Disabled)
Guest (S-1-5-21-1309403825-627622425-3339704752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1309403825-627622425-3339704752-1002 - Limited - Enabled)
Mihnea (S-1-5-21-1309403825-627622425-3339704752-1001 - Administrator - Enabled) => C:\Users\Mihnea

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.3.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.2 - Adobe Systems Incorporated)
Agenda (HKLM\...\{9B82B9FC-D838-4909-8898-033B815E5E04}) (Version: 1.0.5 - Dwight Everhart)
BitComet 1.44 (HKLM\...\BitComet) (Version: 1.44 - CometNetwork)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.5.14 - Bitdefender)
Crystal Reports Basic for Visual Studio 2008 (HKLM\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.1.1.0014 - DT Soft Ltd) <==== ATTENTION
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.125 - DivX, LLC)
eMule (HKLM\...\eMule) (Version:  - )
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.11.110.1 - Intel Security)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
K-Lite Codec Pack 12.7.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.7.0 - KLCP)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version:  - )
System Mechanic (HKLM\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.1.27 - iolo technologies, LLC)
System Mechanic (Version: 16.5.1.27 - iolo technologies, LLC) Hidden
Trojan Remover (HKLM\...\Trojan Remover_is1) (Version: 6.9.5 - Simply Super Software)
Tuber Player v1.06.160.171 (HKLM\...\Tuber Player_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VLC media player 0.9.4 (HKLM\...\VLC media player) (Version: 0.9.4 - VideoLAN Team)
Web Companion (HKLM\...\{908ad363-3520-4db0-96d4-7105952a3a10}) (Version: 2.3.1507.2892 - Lavasoft)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.1.9 (HKLM\...\winscp3_is1) (Version: 4.1.9 - Martin Prikryl)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Yahoo Messenger (HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\yahoomessenger) (Version: 0.8.231 - Yahoo! Inc)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1309403825-627622425-3339704752-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02DDA982-1D29-4BC3-9445-1859C5FA3881} - System32\Tasks\FileSystemDriver => C:\Users\Mihnea\AppData\Local\FileSystemDriver\FileSystemDriver.exe [2017-01-18] () <==== ATTENTION
Task: {0981D5BA-0CFE-4A3B-BD12-37964549C710} - System32\Tasks\ioloToaster => C:\Program Files\System Mechanic\ioloToaster.exe [2016-12-03] (iolo technologies, LLC)
Task: {180F9E94-1B85-4F2C-863A-4759B06A3606} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-13] (WinZip Computing, S.L.)
Task: {24CF6CD0-F63E-4733-B953-D4078BAA3F12} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {47B809C6-D434-4F8D-9149-DA0086682911} - System32\Tasks\ioloActiveCare => C:\Program Files\System Mechanic\SystemMechanic.exe [2016-12-03] (iolo technologies, LLC)
Task: {6839B14F-9269-4074-B5B9-597FCA93F4BA} - System32\Tasks\ioloSmartUpdater => C:\Program Files\System Mechanic\ioloSmartUpdater.exe [2016-12-03] (iolo technologies, LLC)
Task: {856F8A22-E7FC-4E4C-AEEA-702BCA20C4AB} - System32\Tasks\iolo Process Governor => C:\Program Files\System Mechanic\iologovernor.exe [2016-12-03] (iolo technologies, LLC)
Task: {ABEEF2FF-56A8-48EE-8F72-C2E463410A7A} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-13] (WinZip)
Task: {B69A4CD4-89F7-4F8A-B04D-95CA51D64508} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {B9594107-3205-4739-B68A-665C2D04C243} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-11-11] (DivX, LLC)
Task: {D20623E6-8FD3-447B-8A1B-8F3C577D53AB} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-10] ()
Task: {DC6DF9E1-6B85-439A-AA17-E85436DC396F} - System32\Tasks\ioloTUDsDownloader => C:\Program Files\System Mechanic\ioloSmartUpdater.exe [2016-12-03] (iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Mihnea\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=CD33CEC6591E9AA5A078680EA3AD7E20&utm_d=20170118"
ShortcutWithArgument: C:\Users\Mihnea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\Mihnea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Вoйти в Интeрнет.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=quicklaunch03&utm_content=6ac7408278bf483402647c4fde29c433&utm_term=cd33cec6591e9aa5a078680ea3ad7e20&utm_d=20170118"
ShortcutWithArgument: C:\Users\Mihnea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=CD33CEC6591E9AA5A078680EA3AD7E20&utm_d=20170118"

==================== Loaded Modules (Whitelisted) ==============

2017-01-17 00:59 - 2016-04-16 21:06 - 00222392 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-01-17 00:59 - 2016-11-14 16:52 - 00859344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-01-17 00:59 - 2016-11-14 16:52 - 00466568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-01-17 00:59 - 2016-11-14 16:52 - 02629288 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-01-17 00:59 - 2016-11-14 16:52 - 01302496 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-01-17 00:59 - 2014-08-28 16:56 - 00694584 _____ () C:\Program Files\Bitdefender Antivirus Free\bdmetrics.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00130712 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00058520 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00018064 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00300696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00030360 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00059024 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-12-19 20:49 - 2016-12-21 01:00 - 00128144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [140]
AlternateDataStreams: C:\Users\Mihnea\Downloads\7z1604.exe:BDU [0]
AlternateDataStreams: C:\Users\Mihnea\Downloads\FRST.exe:BDU [0]
AlternateDataStreams: C:\Users\Mihnea\Downloads\install_flash_player_13_plugin.exe:BDU [0]
AlternateDataStreams: C:\Users\Mihnea\Downloads\KmsNano_Automatic_Activator_Final_2017_Windows_7_8_8.1__1w1td5i.exe:BDU [0]
AlternateDataStreams: C:\Users\Mihnea\Downloads\trjsetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Mihnea\Downloads\winzip21-update.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1309403825-627622425-3339704752-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-01-17 01:08 - 00001554 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1309403825-627622425-3339704752-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1 - 193.231.100.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Notepad => C:\Windows\System32\dllcache\note.pad.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9FF40B37-C7D9-4B83-865E-4A890729801D}] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A2B3F654-6B65-49E5-9AC3-0603941D4713}] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{0AB14C23-A5E7-4A5C-9563-F9054C186457}C:\windows\system32\dllcache\note.pad.exe] => C:\windows\system32\dllcache\note.pad.exe
FirewallRules: [UDP Query User{33F376F1-0991-4553-9C0E-6A839A17F9E9}C:\windows\system32\dllcache\note.pad.exe] => C:\windows\system32\dllcache\note.pad.exe
FirewallRules: [{931AEA4D-2A25-480F-B5AC-5C4240A9351D}] => C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{BE11588B-BD5F-4BFF-B120-6FC195649A5C}] => C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{6D0AD0B9-D1B0-4D18-A02F-73C31A6EE66E}C:\windows\system32\dllcache\note.pad.exe] => C:\windows\system32\dllcache\note.pad.exe
FirewallRules: [UDP Query User{E500A0E7-1805-4B1C-AA45-8EDC07E5ACEA}C:\windows\system32\dllcache\note.pad.exe] => C:\windows\system32\dllcache\note.pad.exe
FirewallRules: [TCP Query User{70E3BEA3-AA10-4A9E-8BD1-806CD7C470E0}C:\program files\emule\emule.exe] => C:\program files\emule\emule.exe
FirewallRules: [UDP Query User{F60E3742-8247-40E0-A8A0-E6195851B549}C:\program files\emule\emule.exe] => C:\program files\emule\emule.exe
FirewallRules: [TCP Query User{5DDA3C08-E5D9-403A-B976-23F060935E5A}C:\program files\yahoo!\messenger\yahoomessenger.exe] => C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{BF9223BB-2270-4BFA-AD68-06C725A31F64}C:\program files\yahoo!\messenger\yahoomessenger.exe] => C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{F6C60791-E097-4D7D-9AC1-F25303F29984}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF119653-80F1-41F9-97D1-98819771A801}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{18C59934-EF7F-4AE1-B82E-7C9D886B4702}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{CFD0A343-9DCE-4436-B778-D63E04639E45}C:\program files\bitcomet\bitcomet.exe] => C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{A1EB8BC0-CE43-4460-BDB4-785748A1C8E9}C:\program files\bitcomet\bitcomet.exe] => C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{A700EE71-DF33-4F85-B2E8-E7C8D74A044F}] => C:\Users\Mihnea\AppData\Local\Temp\KMSnano\data\qemu-system-i386.exe
FirewallRules: [{4C3588AD-BF1C-48FD-9660-B09A64906C5A}] => C:\Users\Mihnea\AppData\Local\Temp\KMSnano\data\qemu-system-i386.exe

==================== Restore Points =========================

18-01-2017 15:00:58 Revo Uninstaller's restore point - Yahoo! Toolbar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2017 06:55:15 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 04:03:20 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 03:35:16 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 03:00:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b6e75490-777d-42e1-b5bd-07fb97cfaf1c}

Error: (01/18/2017 02:28:27 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 02:22:16 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 02:06:20 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 01:44:33 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 01:15:45 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (01/18/2017 12:40:09 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.


System errors:
=============
Error: (01/18/2017 06:55:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WC Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/18/2017 06:55:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WC Assistant service to connect.

Error: (01/18/2017 06:55:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/18/2017 06:55:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/18/2017 06:55:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (01/18/2017 06:55:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.

Error: (01/18/2017 06:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/18/2017 04:04:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WC Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/18/2017 04:04:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WC Assistant service to connect.

Error: (01/18/2017 04:03:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.


CodeIntegrity:
===================================
  Date: 2016-10-28 15:53:16.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2130 @ 1.86GHz
Percentage of memory in use: 66%
Total physical RAM: 2039.37 MB
Available physical RAM: 677.81 MB
Total Virtual: 4078.73 MB
Available Virtual: 2232.65 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:55.89 GB) (Free:10.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:54.43 GB) (Free:38.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 23D859C5)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=55.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=54.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Thank you.

Attached Files


Edited by hamluis, 18 January 2017 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:27 PM

Posted 20 January 2017 - 07:46 PM

Hi mihnea

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, BitComet, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please uninstall the following programs:
DAEMON Tools Toolbar
Intel Security True Key
System Mechanic
Web Companion


Also this has to be removed:
C:\Program Files\WinZip 10.0 incl Keygen
This is an illegal download.... assistance will be halted if the download remains


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mihnea\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Please reset your browsers:

To Reset Firefox
  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.
Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:
  • Bookmarks
  • Browsing history
  • Passwords
  • Cookies
  • Web form auto-fill information
  • Personal dictionary
--------------------

Reset IE back to the defaults.
  • Close any Internet Explorer or Windows Explorer windows that are currently open.
  • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.
In your next reply, please submit:
Fixlog.txt
and let me know if there's any improvement in the system.



Thanks.

Attached Files


Edited by Starbuck, 20 January 2017 - 07:51 PM.

BBPP6nz.png


#3 mihnea

mihnea
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 22 January 2017 - 05:48 AM

Thank you for your fast reply. I followed the steps yesterday morning, but waited onemore day before posting the reply to see if I something bad occurs.

 

The only remaining problem I had (before starting the steps in your reply), was the redirect to bets and sites. I also had the impression I was being redirected by malware  to a site that copies adobe flash and says I need to dowload a "new version" which didn't work.

Step 1
Why did I have to remove those programs, they were blocking FRST?
The Winzip was an installer from 7 years ago, I deleted it

 

Step 3
You meant refresh I think

 

Ok, everything is fine now, thanks.

Attached Files



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:27 PM

Posted 22 January 2017 - 08:22 AM

Hi mihnea
 

Why did I have to remove those programs, they were blocking FRST?

Those programs are what we normally call PuP's.
They're normally installed as a third party program when you install a 'free' program.
Most people don't realise that they're being installed.
They don't help your browsing experience at all.
 

The Winzip was an installer from 7 years ago, I deleted it

Thanks :thumbup2:
 

You meant refresh I think

The reason we use the term 'reset' is that the instructions will reset the browser back to their defaults.
This over-rides any malicious settings that have been put in place.
 

I also had the impression I was being redirected by malware to a site that copies adobe flash and says I need to dowload a "new version" which didn't work.

There are dodgy sites that will try and get you to download a supposedly new version of flash..... these in fact try to get you to install malware.

The version of flash you have installed:

Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)

is the latest version.
 

Ok, everything is fine now, thanks.

Ok, let me know if you are sure that you don't need any further assistance and we'll finish off the cleaning process.

Thanks

Edited by Starbuck, 22 January 2017 - 08:24 AM.

BBPP6nz.png


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:27 PM

Posted 27 January 2017 - 01:15 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending one of the Moderating team or an Administrator
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users