Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

t was unexpected at this time combofix


  • This topic is locked This topic is locked
10 replies to this topic

#1 Simca05

Simca05

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 January 2015 - 04:17 AM

Hello

 

I want use a smardcard services but it says  error 1058 no enabled drivers .. 

If i try to start this servises manualy it do not says nothing, but the error 1058 still.

 

This computer might have lot of viruses, i want try http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23419631.html 

but first i ask help before i do something.

 

First step what i want to do is unetbootin-xpud-windows-387.exe  to usb and get that report exe. file and copy it here.

 

 

Thank You



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 14 January 2015 - 10:36 AM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Simca05

Simca05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 January 2015 - 06:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by  administrator on MEHH-V4783 on 15-01-2015 12:56:16
Running from C:\Documents and Settings\mehhaanikud\Desktop
Loaded Profiles: UpdatusUser & mehhaanikud 
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-10-29] (Ask)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKU\S-1-5-21-1606980848-484763869-1177238915-1004\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {01ab9a50-298f-11e2-ab61-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {5948d22e-2fb8-11e2-ab6d-a5163687ef20} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {8a78576c-27dd-11e2-ab5f-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {bad50c68-2a33-11e2-ab65-003005cc76c4} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\mehhaanikud\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1606980848-484763869-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3147887959-1230785297-2774617633-1750] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll (RIA)
BHO: DIALux 3.1 ULDBrowserHelper Class -> {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} -> C:\Program Files\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Avery Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} http://192.168.183.237/WebDiginet.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\mehhaanikud\Application Data\Mozilla\Firefox\Profiles\o5p4p0nk.default
FF Homepage: hxxp://www.neti.ee/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eki-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\neti-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\osta-ee.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-15]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader
FF Extension: Estonian ID Card authentication module - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader [2014-10-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-04-26]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (EstEID Firefox plug-in) - C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google'i dokumendid) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (YouTube) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google'i otsing) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DialComService; C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1673520 2011-10-18] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 Samsung UPD Service2; C:\WINDOWS\system32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
S3 SCardDrv; C:\WINDOWS\system32\scardsvr.exe [95744 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A527506D-36E6-4060-89F7-16E8A5787691}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [115712 2010-01-25] (HID Global Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252032 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
U2 CertPropSvc; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 Mtxparhv; system32\DRIVERS\MtxParhv.sys [X]
S3 MtxVxd; \??\C:\WINDOWS\system32\drivers\MtxVxd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 12:56 - 2015-01-15 12:56 - 00018304 _____ () C:\Documents and Settings\mehhaanikud\Desktop\FRST.txt
2015-01-15 12:56 - 2015-01-15 12:56 - 00000000 ____D () C:\FRST
2015-01-15 12:55 - 2015-01-15 12:53 - 01116672 _____ (Farbar) C:\Documents and Settings\mehhaanikud\Desktop\FRST.exe
2015-01-15 08:32 - 2015-01-15 12:55 - 00005528 _____ () C:\WINDOWS\setupapi.log
2015-01-13 09:45 - 2015-01-13 09:46 - 00000000 ___SD () C:\ComboFix
2015-01-13 09:42 - 2015-01-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Desktop\ID kaarti
2015-01-13 09:33 - 2015-01-15 08:12 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\WINDOWS\pss
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-13 09:12 - 2015-01-14 16:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-13 09:12 - 2015-01-13 09:53 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Start Menu\Programs\SUPERAntiSpyware
2015-01-13 09:12 - 2015-01-13 09:33 - 00000522 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3845f5a-f2d8-41ea-8adc-157d59560efd.job
2015-01-13 09:12 - 2015-01-13 09:33 - 00000522 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 185186b6-dd24-4d15-b3aa-59c5063126f3.job
2015-01-13 09:12 - 2015-01-13 09:12 - 00001678 _____ () C:\Documents and Settings\mehhaanikud\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-13 09:12 - 2015-01-13 09:12 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Application Data\SUPERAntiSpyware.com
2015-01-13 09:12 - 2015-01-13 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-01-13 09:02 - 2015-01-13 09:02 - 00000000 _RSHD () C:\cmdcons
2015-01-13 09:02 - 2011-08-24 15:29 - 00000211 _____ () C:\Boot.bak
2015-01-13 09:02 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-01-13 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-13 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-13 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-13 08:59 - 2015-01-13 08:48 - 21011912 _____ (SUPERAntiSpyware) C:\Documents and Settings\mehhaanikud\Desktop\SUPERAntiSpyware.exe
2015-01-13 08:59 - 2015-01-13 08:40 - 05609736 ____R (Swearware) C:\Documents and Settings\mehhaanikud\Desktop\ComboFix.exe
2015-01-13 08:56 - 2015-01-13 08:59 - 00000000 ____D () C:\Qoobox
2015-01-13 08:55 - 2015-01-13 08:55 - 00000000 ____D () C:\WINDOWS\erdnt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 12:57 - 2012-11-29 08:37 - 00000246 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2015-01-15 12:56 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Local Settings\Temp
2015-01-15 12:44 - 2010-09-15 13:39 - 01810516 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-15 12:43 - 2012-04-04 06:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-15 12:40 - 2012-11-12 08:23 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 11:10 - 2014-12-02 13:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-15 08:40 - 2012-11-12 08:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 08:24 - 2011-04-26 08:45 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-01-15 08:19 - 2012-09-07 12:35 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp
2015-01-15 08:17 - 2004-08-04 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-15 08:10 - 2010-09-15 16:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-15 08:10 - 2010-09-15 16:34 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-15 08:09 - 2010-09-15 13:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 16:12 - 2014-01-17 11:00 - 01354234 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3147887959-1230785297-2774617633-1750-0.dat
2015-01-14 16:12 - 2014-01-17 11:00 - 00193762 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-14 16:12 - 2011-04-26 08:50 - 00000178 ___SH () C:\Documents and Settings\mehhaanikud\ntuser.ini
2015-01-14 15:52 - 2011-04-26 08:46 - 00000178 ___SH () C:\Documents and Settings\Administrator.VGM\ntuser.ini
2015-01-14 12:43 - 2012-04-04 06:46 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-14 12:43 - 2011-05-18 06:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 12:06 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Local Settings\Temp
2015-01-13 10:53 - 2014-01-17 10:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 09:31 - 2012-11-05 08:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 09:31 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM
2015-01-13 09:28 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud
2015-01-13 09:28 - 2011-04-26 08:46 - 00001526 __RSH () C:\Documents and Settings\Administrator.VGM\ntuser.pol
2015-01-13 09:02 - 2010-09-15 16:29 - 00000327 __RSH () C:\boot.ini
2015-01-08 13:25 - 2014-10-02 12:25 - 00000250 _____ () C:\WINDOWS\Tasks\id updater task.job
2015-01-07 15:45 - 2012-02-20 10:03 - 00000000 ____D () C:\Program Files\OptiWin 3D pro
2015-01-07 09:01 - 2014-09-01 13:59 - 00015781 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Elspot+prices kuuhinnad.ods
2015-01-05 14:23 - 2011-04-27 11:52 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\My Documents\Arvo asjad
2014-12-19 07:59 - 2013-12-06 08:57 - 00022016 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Põhivara liikumise vormid.xls
 
Some content of TEMP:
====================
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\irsetup.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\ProgramUpgrade.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\RegAsm.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\UpdaterCopy.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\VUU7.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by mehhaanikud at 2015-01-15 12:57:19
Running from C:\Documents and Settings\mehhaanikud\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3ga to mp3 Converter version 1.2.1 (HKLM\...\{7C10F1F0-0334-4613-A0A2-BB6B3EAB392A}_is1) (Version: 1.2.1 - Shuja, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced Monitoring Agent GP (Version: 1.0 - InstallAware Software Corporation) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.9.0 - Ask.com) <==== ATTENTION
Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 6.0 - Autodesk, Inc.)
Autodesk DWF Writer (HKLM\...\{A2A5C34C-BD78-4505-9E57-AFCDF2FB926C}) (Version: 2.0.4.0 - Autodesk, Inc.)
Avery Toolbar Updater (HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30496 - Ask.com) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Creative Centrale (HKLM\...\Creative Centrale) (Version: 1.19.02 - Creative Technology Ltd.)
Creative Centrale (Version: 1.19.02 - Creative Technology Ltd.) Hidden
Creative Software Update (Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN X-Fi2 Documentation (HKLM\...\ZENXFI2UG) (Version:  - Creative Technology Ltd.)
DesignPro 5 (HKLM\...\InstallShield_{C8F04EF6-C4DB-4D86-8D86-32E7DBDA8595}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (HKLM\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (Version: 5.5.708 - Avery Dennison) Hidden
DIAL Communication Framework (HKLM\...\{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}) (Version: 1.0.7.0 - DIAL GmbH)
DIALux 4.10 (HKLM\...\DIALux) (Version: 4.10.0.1 - DIAL GmbH)
Digital microscope (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DjVuLibre+DjView (HKLM\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
Eesti ID-kaardi tarkvara 3.8.2.1491 (HKLM\...\{DA71A71D-6AB5-4367-B5F4-96F2BAA59833}) (Version: 3.8.2.1491 - RIA)
Elevated Installer (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
ESET NOD32 Antivirus (HKLM\...\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )
MicroCapture 2.5 (HKLM\...\MicroCapture) (Version: 2.5 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.01.07 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 34.0 (x86 et) (HKLM\...\Mozilla Firefox 34.0 (x86 et)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{082011D0-9755-4D95-B6AE-B5D4B8A6B057}) (Version: 3.3.9567 - OpenOffice.org)
OptiWin 3D pro (HKLM\...\{09A1EA70-B991-4080-BE48-67A074B6415D}) (Version: 2014.01 - Glamox ASA)
OptiWin 3D pro (Version: 2011.04 - Glamox ASA) Hidden
OptiWin 3D pro (Version: 2011.06 - Glamox ASA) Hidden
OptiWin 3D pro (Version: 2014.01 - Glamox ASA) Hidden
OSRAM DALI Professional (HKLM\...\OSRAM DALI Professional) (Version:  - OSRAM AG)
progeCAD 2007 Pro ENG (HKLM\...\progeCAD 2007 Pro ENG) (Version:  - )
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Telescope Driver (HKLM\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
VBA (3821b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
xSpider 2.9.3-EN/BA (HKLM\...\xSpider_is1) (Version: 2.9.3 - Eaton GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
31-10-2014 09:45:51 System Checkpoint
04-11-2014 10:23:20 System Checkpoint
05-11-2014 09:08:34 Restore Operation
05-11-2014 09:10:34 Restore Operation
05-11-2014 09:12:34 Restore Operation
05-11-2014 12:20:18 Restore Operation
11-11-2014 14:03:07 System Checkpoint
18-11-2014 11:45:37 System Checkpoint
19-11-2014 11:56:10 System Checkpoint
20-11-2014 12:35:51 System Checkpoint
21-11-2014 12:52:44 System Checkpoint
25-11-2014 14:01:33 System Checkpoint
26-11-2014 14:08:06 System Checkpoint
28-11-2014 08:20:11 System Checkpoint
01-12-2014 09:47:10 System Checkpoint
02-12-2014 15:59:34 System Checkpoint
04-12-2014 09:05:18 System Checkpoint
05-12-2014 09:35:22 System Checkpoint
08-12-2014 08:24:30 System Checkpoint
09-12-2014 15:34:28 System Checkpoint
11-12-2014 09:32:04 System Checkpoint
12-12-2014 10:21:39 System Checkpoint
15-12-2014 08:55:40 System Checkpoint
17-12-2014 09:55:33 System Checkpoint
19-12-2014 09:58:20 System Checkpoint
22-12-2014 09:24:15 System Checkpoint
23-12-2014 09:50:42 System Checkpoint
29-12-2014 09:37:59 System Checkpoint
05-01-2015 09:03:18 System Checkpoint
06-01-2015 10:11:55 System Checkpoint
08-01-2015 16:04:00 System Checkpoint
09-01-2015 16:12:31 System Checkpoint
12-01-2015 08:21:55 System Checkpoint
13-01-2015 10:44:02 Software Distribution Service 3.0
14-01-2015 15:16:09 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\id updater task.job => e˛öq
‘„Kė<`Ä«äFČ<
 s€!ß
id-updater.exe-taskSYSTEMId-updater scheduled task0¼
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 185186b6-dd24-4d15-b3aa-59c5063126f3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3845f5a-f2d8-41ea-8adc-157d59560efd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-18 16:30 - 2011-04-11 07:26 - 00024064 _____ () C:\WINDOWS\system32\spd__l.dll
2014-11-27 11:38 - 2014-02-15 08:59 - 00239184 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
2011-05-11 10:11 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-02 13:05 - 2014-12-02 13:05 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-01-17 15:19 - 2011-04-26 09:10 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-12-10 08:42 - 2014-12-06 03:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 08:42 - 2014-12-06 03:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-04-15 07:03 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-15 07:03 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator.VGM^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1606980848-484763869-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1606980848-484763869-1177238915-1003 - Limited - Enabled)
Guest (S-1-5-21-1606980848-484763869-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-484763869-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1606980848-484763869-1177238915-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1606980848-484763869-1177238915-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetXtreme Gigabit Ethernet
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/15/2015 00:56:32 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:18:32 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:17:47 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
 
Error: (01/15/2015 08:13:53 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a).  The specified server cannot perform the requested operation.
  Enrollment will not be performed.
 
Error: (01/15/2015 08:13:50 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
 
Error: (01/15/2015 08:11:03 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:11:01 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:11:01 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:10:59 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
Error: (01/15/2015 08:10:59 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
 
 
System errors:
=============
Error: (01/15/2015 00:56:19 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain VGM due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (01/15/2015 00:18:00 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 10:18:00 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 09:18:00 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 08:48:00 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 08:32:57 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 08:10:30 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 08:10:30 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (01/15/2015 08:10:29 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain VGM due to the following: 
%%1722.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (01/14/2015 08:23:49 AM) (Source: DCOM) (EventID: 10010) (User: VGM)
Description: The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (01/15/2015 00:56:32 PM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:18:32 AM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:17:47 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: The RPC server is unavailable.
 
Error: (01/15/2015 08:13:53 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007003aThe specified server cannot perform the requested operation.
 
Error: (01/15/2015 08:13:50 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: The RPC server is unavailable.
 
Error: (01/15/2015 08:11:03 AM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:11:01 AM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:11:01 AM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:10:59 AM) (Source: crypt32) (EventID: 11) (User: )
 
Error: (01/15/2015 08:10:59 AM) (Source: crypt32) (EventID: 11) (User: )
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.60GHz
Percentage of memory in use: 59%
Total physical RAM: 2046.42 MB
Available physical RAM: 830.75 MB
Total Pagefile: 3429.39 MB
Available Pagefile: 2302.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:125.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (BACKUP) (Removable) (Total:3.75 GB) (Free:3.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CA37CA37)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 6E697373)
No partition Table on disk 2.
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 15 January 2015 - 10:27 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Simca05

Simca05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 16 January 2015 - 07:10 AM

Attached File  AdwCleanerS0.txt   5.75KB   0 downloadsAttached File  FRST.txt   24.86KB   0 downloadsAttached File  JRT.txt   1.08KB   1 downloadsAttached File  Malwarebytes.txt   1.84KB   0 downloads
 
Here is those logs


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 16 January 2015 - 08:10 AM

Please post them in the thread rather than attaching them. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Simca05

Simca05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 16 January 2015 - 08:39 AM

# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Mail.Ru
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\DOCUME~1\MEHHAA~1\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\Documents and Settings\Administrator.VGM\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\einer\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\einer\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Mail.Ru
Folder Deleted : C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\PackageAware
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v35.0 (x86 et)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [5654 octets] - [16/01/2015 10:52:19]
AdwCleaner[R1].txt - [5714 octets] - [16/01/2015 10:55:57]
AdwCleaner[S0].txt - [5743 octets] - [16/01/2015 10:58:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5803 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16.01.2015
Scan Time: 11:09:53
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: mehhaanikud
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 486562
Time Elapsed: 24 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 7
Spyware.Zbot.ED, C:\Documents and Settings\All Users\Application Data\9A7BB451.cpp, Quarantined, [0f42b3442c5dc86e2b3a76725aa7f907], 
Trojan.Downloader, C:\Downloads\Digi-Watcher.com.Watcher.v2.35.WinALL.Incl.Keygen-BLiZZARD.rar, Quarantined, [fb5648af8aff0b2ba09e4c27d42cce32], 
Trojan.FakeAlert, C:\Downloads\Duplicate.rar, Quarantined, [90c1e512890011259058662418e82ad6], 
Trojan.Downloader, C:\Downloads\Digi-Watcher.com.Watcher.v2.35.rar, Quarantined, [b899ef0897f22412132b83f01fe19b65], 
Trojan.Agent.W, C:\Downloads\Loader.rar, Quarantined, [bf9275824e3bea4c8424f353877ed32d], 
PUP.Optional.OpenCandy, C:\Downloads\MediaCoder-0.7.3.4616.exe, Quarantined, [f65b5e99d2b70234da9a823bd332956b], 
Spyware.Zbot.ED, C:\Documents and Settings\mehhaanikud\Local Settings\Temp\VUU7.dll, Quarantined, [8dc4ad4a563342f4acb993558e73758b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by mehhaanikud on R 16.01.2015 at 11:41:42,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\mehhaanikud\Application Data\thinstall"
Successfully deleted: [Folder] "C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\thinstall"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on R 16.01.2015 at 11:45:52,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by mehhaanikud (administrator) on MEHH-V4783 on 16-01-2015 11:46:18
Running from C:\Documents and Settings\mehhaanikud\Desktop
Loaded Profiles: UpdatusUser & mehhaanikud (Available profiles: UpdatusUser & Administrator & mehhaanikud)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKU\S-1-5-21-1606980848-484763869-1177238915-1004\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {01ab9a50-298f-11e2-ab61-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {5948d22e-2fb8-11e2-ab6d-a5163687ef20} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {8a78576c-27dd-11e2-ab5f-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {bad50c68-2a33-11e2-ab65-003005cc76c4} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\mehhaanikud\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1606980848-484763869-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3147887959-1230785297-2774617633-1750] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1606980848-484763869-1177238915-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll (RIA)
BHO: DIALux 3.1 ULDBrowserHelper Class -> {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} -> C:\Program Files\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} http://192.168.183.237/WebDiginet.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\mehhaanikud\Application Data\Mozilla\Firefox\Profiles\o5p4p0nk.default
FF Homepage: hxxp://www.neti.ee/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eki-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\neti-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\osta-ee.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-15]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader
FF Extension: Estonian ID Card authentication module - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader [2014-10-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-04-26]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (EstEID Firefox plug-in) - C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google'i dokumendid) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (YouTube) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google'i otsing) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DialComService; C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1673520 2011-10-18] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 Samsung UPD Service2; C:\WINDOWS\system32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
S3 SCardDrv; C:\WINDOWS\system32\scardsvr.exe [95744 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A527506D-36E6-4060-89F7-16E8A5787691}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [115712 2010-01-25] (HID Global Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252032 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
U2 CertPropSvc; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 Mtxparhv; system32\DRIVERS\MtxParhv.sys [X]
S3 MtxVxd; \??\C:\WINDOWS\system32\drivers\MtxVxd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 11:46 - 2015-01-16 11:46 - 00016704 _____ () C:\Documents and Settings\mehhaanikud\Desktop\FRST.txt
2015-01-16 11:45 - 2015-01-16 11:45 - 00001101 _____ () C:\Documents and Settings\mehhaanikud\Desktop\JRT.txt
2015-01-16 11:41 - 2015-01-16 11:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 11:08 - 2015-01-16 11:09 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-16 11:08 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-16 11:08 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-16 10:52 - 2015-01-16 10:59 - 00000000 ____D () C:\AdwCleaner
2015-01-16 10:51 - 2015-01-16 11:46 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Desktop\KORTDA
2015-01-15 12:56 - 2015-01-16 11:46 - 00000000 ____D () C:\FRST
2015-01-15 12:55 - 2015-01-15 12:53 - 01116672 _____ (Farbar) C:\Documents and Settings\mehhaanikud\Desktop\FRST.exe
2015-01-15 11:09 - 2015-01-15 11:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-15 08:32 - 2015-01-15 13:13 - 00006166 _____ () C:\WINDOWS\setupapi.log
2015-01-13 09:45 - 2015-01-13 09:46 - 00000000 ___SD () C:\ComboFix
2015-01-13 09:42 - 2015-01-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Desktop\ID kaarti
2015-01-13 09:33 - 2015-01-16 11:36 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\WINDOWS\pss
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-13 09:02 - 2015-01-13 09:02 - 00000000 _RSHD () C:\cmdcons
2015-01-13 09:02 - 2011-08-24 15:29 - 00000211 _____ () C:\Boot.bak
2015-01-13 09:02 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-01-13 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-13 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-13 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-13 08:59 - 2015-01-13 08:48 - 21011912 _____ (SUPERAntiSpyware) C:\Documents and Settings\mehhaanikud\Desktop\SUPERAntiSpyware.exe
2015-01-13 08:59 - 2015-01-13 08:40 - 05609736 ____R (Swearware) C:\Documents and Settings\mehhaanikud\Desktop\ComboFix.exe
2015-01-13 08:56 - 2015-01-13 08:59 - 00000000 ____D () C:\Qoobox
2015-01-13 08:55 - 2015-01-13 08:55 - 00000000 ____D () C:\WINDOWS\erdnt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 11:46 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Local Settings\Temp
2015-01-16 11:43 - 2012-04-04 06:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:41 - 2010-09-15 13:39 - 01894922 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 11:40 - 2012-11-12 08:23 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 11:37 - 2012-11-12 08:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 11:37 - 2010-09-15 16:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-16 11:37 - 2010-09-15 16:34 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-16 11:37 - 2004-08-04 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-16 11:36 - 2014-01-17 11:00 - 00193762 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-16 11:36 - 2013-10-11 07:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-01-16 11:36 - 2011-04-26 08:50 - 00000178 ___SH () C:\Documents and Settings\mehhaanikud\ntuser.ini
2015-01-16 11:36 - 2010-09-15 13:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 10:59 - 2014-01-17 11:00 - 01354234 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3147887959-1230785297-2774617633-1750-0.dat
2015-01-15 13:25 - 2014-10-02 12:25 - 00000250 _____ () C:\WINDOWS\Tasks\id updater task.job
2015-01-15 13:18 - 2014-01-10 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 13:13 - 2011-04-26 08:45 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-01-15 08:19 - 2012-09-07 12:35 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp
2015-01-14 15:52 - 2011-04-26 08:46 - 00000178 ___SH () C:\Documents and Settings\Administrator.VGM\ntuser.ini
2015-01-14 12:43 - 2012-04-04 06:46 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-14 12:43 - 2011-05-18 06:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 12:06 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Local Settings\Temp
2015-01-13 10:53 - 2014-01-17 10:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 09:31 - 2012-11-05 08:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 09:31 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM
2015-01-13 09:28 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud
2015-01-13 09:28 - 2011-04-26 08:46 - 00001526 __RSH () C:\Documents and Settings\Administrator.VGM\ntuser.pol
2015-01-13 09:02 - 2010-09-15 16:29 - 00000327 __RSH () C:\boot.ini
2015-01-07 15:45 - 2012-02-20 10:03 - 00000000 ____D () C:\Program Files\OptiWin 3D pro
2015-01-07 09:01 - 2014-09-01 13:59 - 00015781 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Elspot+prices kuuhinnad.ods
2015-01-05 14:23 - 2011-04-27 11:52 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\My Documents\Arvo asjad
2014-12-19 07:59 - 2013-12-06 08:57 - 00022016 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Põhivara liikumise vormid.xls
 
Some content of TEMP:
====================
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\irsetup.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\ProgramUpgrade.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\RegAsm.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mehhaanikud\Local Settings\Temp\UpdaterCopy.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 16 January 2015 - 10:14 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {01ab9a50-298f-11e2-ab61-003005cc76c4} - D:\AutoRun.exe
    HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {5948d22e-2fb8-11e2-ab6d-a5163687ef20} - D:\AutoRun.exe
    HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {8a78576c-27dd-11e2-ab5f-003005cc76c4} - D:\AutoRun.exe
    HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {bad50c68-2a33-11e2-ab65-003005cc76c4} - G:\LaunchU3.exe -a
    URLSearchHook: [S-1-5-21-1606980848-484763869-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
    URLSearchHook: [S-1-5-21-3147887959-1230785297-2774617633-1750] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1606980848-484763869-1177238915-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Simca05

Simca05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 January 2015 - 09:30 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by mehhaanikud at 2015-01-19 15:43:01 Run:1
Running from C:\Documents and Settings\mehhaanikud\Desktop
Loaded Profiles: UpdatusUser & mehhaanikud (Available profiles: UpdatusUser & Administrator & Einer & mehhaanikud & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {01ab9a50-298f-11e2-ab61-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {5948d22e-2fb8-11e2-ab6d-a5163687ef20} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {8a78576c-27dd-11e2-ab5f-003005cc76c4} - D:\AutoRun.exe
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\MountPoints2: {bad50c68-2a33-11e2-ab65-003005cc76c4} - G:\LaunchU3.exe -a
URLSearchHook: [S-1-5-21-1606980848-484763869-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3147887959-1230785297-2774617633-1750] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1606980848-484763869-1177238915-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ab9a50-298f-11e2-ab61-003005cc76c4}" => Key deleted successfully.
HKCR\CLSID\{01ab9a50-298f-11e2-ab61-003005cc76c4} => Key not found. 
"HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5948d22e-2fb8-11e2-ab6d-a5163687ef20}" => Key deleted successfully.
HKCR\CLSID\{5948d22e-2fb8-11e2-ab6d-a5163687ef20} => Key not found. 
"HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a78576c-27dd-11e2-ab5f-003005cc76c4}" => Key deleted successfully.
HKCR\CLSID\{8a78576c-27dd-11e2-ab5f-003005cc76c4} => Key not found. 
"HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bad50c68-2a33-11e2-ab65-003005cc76c4}" => Key deleted successfully.
HKCR\CLSID\{bad50c68-2a33-11e2-ab65-003005cc76c4} => Key not found. 
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1606980848-484763869-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} => value deleted successfully.
HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF} => Key not found. 
EmptyTemp: => Removed 2.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:47:58 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by mehhaanikud (administrator) on MEHH-V4783 on 19-01-2015 16:06:39
Running from C:\Documents and Settings\mehhaanikud\Desktop
Loaded Profiles: UpdatusUser & mehhaanikud (Available profiles: UpdatusUser & Administrator & Einer & mehhaanikud & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKU\S-1-5-21-1606980848-484763869-1177238915-1004\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\mehhaanikud\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
HKU\S-1-5-21-3147887959-1230785297-2774617633-1750\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1606980848-484763869-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3147887959-1230785297-2774617633-1750] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll (RIA)
BHO: DIALux 3.1 ULDBrowserHelper Class -> {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} -> C:\Program Files\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3147887959-1230785297-2774617633-1750 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} http://192.168.183.237/WebDiginet.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
Tcpip\Parameters: [DhcpNameServer] 192.168.183.243 192.168.183.241 192.168.183.246
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\mehhaanikud\Application Data\Mozilla\Firefox\Profiles\o5p4p0nk.default
FF Homepage: hxxp://www.neti.ee/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eki-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\neti-ee.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\osta-ee.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-15]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader
FF Extension: Estonian ID Card authentication module - C:\Program Files\Estonian ID Card\Firefox PKCS11 Loader [2014-10-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-04-26]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (EstEID Firefox plug-in) - C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google'i dokumendid) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (YouTube) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google'i otsing) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DialComService; C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1673520 2011-10-18] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 Samsung UPD Service2; C:\WINDOWS\system32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
S3 SCardDrv; C:\WINDOWS\system32\scardsvr.exe [95744 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A527506D-36E6-4060-89F7-16E8A5787691}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [115712 2010-01-25] (HID Global Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252032 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
U2 CertPropSvc; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 Mtxparhv; system32\DRIVERS\MtxParhv.sys [X]
S3 MtxVxd; \??\C:\WINDOWS\system32\drivers\MtxVxd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 16:06 - 2015-01-19 16:06 - 00016197 _____ () C:\Documents and Settings\mehhaanikud\Desktop\FRST.txt
2015-01-16 11:47 - 2015-01-16 11:47 - 00024420 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Addition.txt
2015-01-16 11:45 - 2015-01-16 11:45 - 00001101 _____ () C:\Documents and Settings\mehhaanikud\Desktop\JRT.txt
2015-01-16 11:41 - 2015-01-16 11:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 11:08 - 2015-01-16 11:09 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 11:08 - 2015-01-16 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-16 11:08 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-16 11:08 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-16 10:52 - 2015-01-16 10:59 - 00000000 ____D () C:\AdwCleaner
2015-01-15 12:56 - 2015-01-19 16:06 - 00000000 ____D () C:\FRST
2015-01-15 12:55 - 2015-01-19 15:37 - 01118208 _____ (Farbar) C:\Documents and Settings\mehhaanikud\Desktop\FRST.exe
2015-01-15 11:09 - 2015-01-15 11:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-15 08:32 - 2015-01-19 15:52 - 00009832 _____ () C:\WINDOWS\setupapi.log
2015-01-13 09:45 - 2015-01-13 09:46 - 00000000 ___SD () C:\ComboFix
2015-01-13 09:42 - 2015-01-13 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Desktop\ID kaarti
2015-01-13 09:33 - 2015-01-19 15:48 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\WINDOWS\pss
2015-01-13 09:29 - 2015-01-13 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-13 09:02 - 2015-01-13 09:02 - 00000000 _RSHD () C:\cmdcons
2015-01-13 09:02 - 2011-08-24 15:29 - 00000211 _____ () C:\Boot.bak
2015-01-13 09:02 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-01-13 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-13 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-13 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-13 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-13 08:59 - 2015-01-13 08:48 - 21011912 _____ (SUPERAntiSpyware) C:\Documents and Settings\mehhaanikud\Desktop\SUPERAntiSpyware.exe
2015-01-13 08:59 - 2015-01-13 08:40 - 05609736 ____R (Swearware) C:\Documents and Settings\mehhaanikud\Desktop\ComboFix.exe
2015-01-13 08:56 - 2015-01-13 08:59 - 00000000 ____D () C:\Qoobox
2015-01-13 08:55 - 2015-01-13 08:55 - 00000000 ____D () C:\WINDOWS\erdnt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 16:06 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\Local Settings\Temp
2015-01-19 16:05 - 2004-08-04 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-19 16:02 - 2011-04-26 08:45 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-01-19 15:59 - 2010-09-15 13:39 - 02007960 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 15:53 - 2011-04-26 08:46 - 00000178 ___SH () C:\Documents and Settings\Administrator.VGM\ntuser.ini
2015-01-19 15:52 - 2011-04-26 08:59 - 00000000 ____D () C:\Program Files\ESET
2015-01-19 15:50 - 2012-11-12 08:23 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 15:49 - 2010-09-15 16:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-19 15:49 - 2010-09-15 16:34 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-19 15:49 - 2010-09-15 13:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 15:48 - 2014-01-17 11:00 - 01354234 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3147887959-1230785297-2774617633-1750-0.dat
2015-01-19 15:48 - 2014-01-17 11:00 - 00193762 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-19 15:48 - 2011-04-26 08:50 - 00000178 ___SH () C:\Documents and Settings\mehhaanikud\ntuser.ini
2015-01-19 15:47 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM\Local Settings\Temp
2015-01-19 15:43 - 2013-06-03 15:07 - 00000000 ____D () C:\Documents and Settings\einer\Local Settings\Temp
2015-01-19 15:43 - 2012-04-04 06:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-19 15:43 - 2010-09-15 13:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-19 15:40 - 2012-11-12 08:23 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 08:41 - 2013-09-03 13:15 - 00001805 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-19 07:56 - 2012-09-07 12:35 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp
2015-01-16 11:36 - 2013-10-11 07:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-01-15 13:25 - 2014-10-02 12:25 - 00000250 _____ () C:\WINDOWS\Tasks\id updater task.job
2015-01-15 13:18 - 2014-01-10 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 12:43 - 2012-04-04 06:46 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-14 12:43 - 2011-05-18 06:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 10:53 - 2014-01-17 10:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 09:31 - 2012-11-05 08:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 09:31 - 2011-04-26 08:46 - 00000000 ____D () C:\Documents and Settings\Administrator.VGM
2015-01-13 09:28 - 2011-04-26 08:50 - 00000000 ____D () C:\Documents and Settings\mehhaanikud
2015-01-13 09:28 - 2011-04-26 08:46 - 00001526 __RSH () C:\Documents and Settings\Administrator.VGM\ntuser.pol
2015-01-13 09:02 - 2010-09-15 16:29 - 00000327 __RSH () C:\boot.ini
2015-01-07 15:45 - 2012-02-20 10:03 - 00000000 ____D () C:\Program Files\OptiWin 3D pro
2015-01-07 09:01 - 2014-09-01 13:59 - 00015781 _____ () C:\Documents and Settings\mehhaanikud\Desktop\Elspot+prices kuuhinnad.ods
2015-01-05 14:23 - 2011-04-27 11:52 - 00000000 ____D () C:\Documents and Settings\mehhaanikud\My Documents\Arvo asjad
 
==================== Files in the root of some directories =======
2014-08-28 14:59 - 2014-07-14 12:33 - 2599936 _____ () C:\Program Files\Common Files\OptiWin 3D pro.msi
2011-09-13 07:15 - 2014-06-19 12:26 - 0019968 _____ () C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-27 10:34 - 2011-04-27 10:34 - 0000076 _____ () C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\FASTWiz.log
2013-05-28 12:03 - 2013-05-28 12:03 - 0000028 _____ () C:\Documents and Settings\mehhaanikud\Local Settings\Application Data\settings.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
ESET was running, we have ESET paid version.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 20 January 2015 - 11:23 AM

Can you make an ESET Scan and post the results here then? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:48 PM

Posted 24 January 2015 - 06:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users