Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows softvare restriction policy malware [Closed]

malware antivirus-blocking

  • This topic is locked This topic is locked

#1
mva555

mva555

    New Member

  • Member
  • Pip
  • 1 posts

I foloved this topic: http://www.geekstogo...malware-solved/ because i think i have the same problem. All my antiviruses are blocked. 

 

i get similar mesages from FRST

 

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

 

But fix doesnt work in my case because fixlist is not created. Is there other way to do this.

 

Thank you for help

 

 

here is my full log from FRST :

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by mates (administrator) on KRTKO on 17-05-2014 17:52:27
Running from C:\Documents and Settings\mates\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(ITE Tech. Inc.) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IRMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe
(Opera Software) C:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\System32\NvCpl.dll [7311360 2005-12-10] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [DAEMON Tools] => C:\Program Files\DAEMON Tools\daemon.exe [133016 2005-12-10] (DT Soft Ltd.)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\System32\NvMcTray.dll [86016 2005-12-10] (NVIDIA Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-06-16] (PowerISO Computing, Inc.)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [101136 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [88584 2008-04-04] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [101136 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117384 2012-11-16] (ESET)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKU\.DEFAULT\...\RunOnce: [AutoLaunch] - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe [658688 2011-10-29] ()
HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [328056 2010-10-01] (BitTorrent, Inc.)
HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\Run: [zvfbfcnj] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\zvfbfcnj.dat"
HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\MountPoints2: {2cf04922-4a10-11df-8dfa-000c765c1a58} - I:\Launcher.exe
HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\MountPoints2: {82a6f924-e29f-11df-8ef7-000c765c1a58} - I:\iStudio.exe
HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\MountPoints2: {b68df26f-22bf-11e0-8f75-000c765c1a58} - I:\APPInst.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IRMonitor.exe (ITE Tech. Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
ShortcutTarget: NewShortcut1.lnk -> C:\Program Files\USB_video_device\Utility\RemoteTool\BDARemote.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeleSA.lnk
ShortcutTarget: TeleSA.lnk -> C:\Program Files\AVer Teletext\AVerSA.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask....s}&locale=en_EU
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8011.1662962963
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mates\Application Data\Mozilla\Firefox\Profiles\yxg7rcct.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Documents and Settings\mates\Application Data\Mozilla\Firefox\Profiles\yxg7rcct.default\Extensions\[email protected] [2012-03-11]
FF Extension: anonymoX - C:\Documents and Settings\mates\Application Data\Mozilla\Firefox\Profiles\yxg7rcct.default\Extensions\[email protected] [2014-05-16]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-22]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913184 2012-11-16] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [181664 2013-06-14] (Oracle Corporation)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-29] (Lavasoft Limited)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7442493 2000-08-06] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [65602 2000-08-06] (Microsoft Corporation)
S2 sfrem01; C:\WINDOWS\system32\sfrem01.exe [353912 2006-05-10] (Protection Technology (StarForce))
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe [303170 2000-08-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2004-07-10] (Oak Technology Inc.)
S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
R2 BT848; C:\WINDOWS\System32\drivers\BT848.sys [261696 2002-05-14] (AVerMedia TECHNOLOGIES, Inc.)
R2 BTTUNER; C:\WINDOWS\System32\drivers\BTTUNER.sys [22016 2002-01-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 BTXBAR; C:\WINDOWS\System32\drivers\BTXBAR.sys [13312 2002-01-27] (AVerMedia, TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2007-10-26] ()
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [160856 2012-11-16] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40336 2012-03-14] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [62512 2012-11-16] (ESET)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-04-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-04-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-04-07] (HP)
R2 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [8192 2007-09-14] (REALiX™)
R3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [145920 2012-05-16] (ITE )
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S2 nvcap; C:\WINDOWS\System32\DRIVERS\nvcap.sys [116924 2002-11-18] (NVIDIA Corporation)
S2 nvTUNEP; C:\WINDOWS\System32\DRIVERS\nvtunep.sys [15968 2002-11-18] (NVIDIA Corporation)
S2 nvtvSND; C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [45216 2002-11-18] (NVIDIA Corporation)
S2 NVXBAR; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [10814 2002-11-18] (NVIDIA Corporation)
S3 se45bus; C:\WINDOWS\System32\DRIVERS\se45bus.sys [61536 2006-11-30] (MCCI)
S3 se45mdfl; C:\WINDOWS\System32\DRIVERS\se45mdfl.sys [9360 2006-11-30] (MCCI)
S3 se45mdm; C:\WINDOWS\System32\DRIVERS\se45mdm.sys [97088 2006-11-30] (MCCI)
S3 se45mgmt; C:\WINDOWS\System32\DRIVERS\se45mgmt.sys [88624 2006-11-30] (MCCI)
S3 se45nd5; C:\WINDOWS\System32\DRIVERS\se45nd5.sys [18704 2006-11-30] (MCCI)
S3 se45obex; C:\WINDOWS\System32\DRIVERS\se45obex.sys [86432 2006-11-30] (MCCI)
S3 se45unic; C:\WINDOWS\System32\DRIVERS\se45unic.sys [90800 2006-11-30] (MCCI)
R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [63488 2005-11-03] (Protection Technology)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [643072 2007-10-26] ()
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [535040 2008-05-14] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [286208 2008-05-14] (eMPIA Technology, Inc.)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [19336 2008-01-25] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [28168 2008-01-25] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [14720 2004-05-14] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [14728 2008-01-25] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [48904 2008-01-25] (Logitech Inc.)
S3 bfastfao; \??\C:\DOCUME~1\mates\LOCALS~1\Temp\bfastfao.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
U1 hqfpylprdcdxbqjt; \systemroot\system32\drivers\hqfpylprdcdxbqjt.sys [X]
S3 MsibiosDevice; \??\C:\Program Files\MSI\Live Update 4\LU4\msibios.sys [X]
U1 oqhxbdmexuwptego; \systemroot\system32\drivers\oqhxbdmexuwptego.sys [X]
U1 pmbirdmbftaonnsm; \systemroot\system32\drivers\pmbirdmbftaonnsm.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 tismitqsbtnxvrtq; \systemroot\system32\drivers\tismitqsbtnxvrtq.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\mates\LOCALS~1\Temp\aswMBR.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\Afc.sys FE3EA6E9AFC1A78E6EDCA121E006AFB7
C:\WINDOWS\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\system32\Drivers\AFS2K.sys B34B1AB0A7690A0E2301FEC6D17B2FC1
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\System32\drivers\ALCXSENS.SYS A9355A51698F6901B362EF738B15631D
C:\WINDOWS\System32\drivers\ALCXWDM.SYS F3E15607BA53249C765E36388B332C2F
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\System32\drivers\BT848.sys 97348D5B601D0860542788CB5F2E4992
C:\WINDOWS\System32\drivers\BTTUNER.sys BBA1118F65B2C70B361B827240A184E2
C:\WINDOWS\System32\drivers\BTXBAR.sys 6D4859DFCEC6FB26266595E3B7C42B8E
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\Drivers\dtscsi.sys D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\System32\DRIVERS\e100b325.sys 83403675CAB29E7A4B885B11E7C855D8
C:\WINDOWS\System32\DRIVERS\eamon.sys 3996DF7DC25016A712A7A4CF03F382F1
C:\WINDOWS\System32\DRIVERS\ehdrv.sys 5412ED24FFFCA64E2F0168399B86C952
C:\WINDOWS\System32\DRIVERS\epfw.sys 774BABCB1144513DC86992003740B774
C:\WINDOWS\System32\DRIVERS\Epfwndis.sys 4B86DA2C58063B647577CD669CFFAEEB
C:\WINDOWS\System32\DRIVERS\epfwtdi.sys ABC396DA92829DA72DC836C6C21527EB
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hamachi.sys 833051C6C6C42117191935F734CFBD97
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\DRIVERS\HPZid412.sys 863CC3A82C63C9F60ACF2E85D5310620
C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 08CB72E95DD75B61F2966B311D0E4366
C:\WINDOWS\System32\DRIVERS\HPZius12.sys CA990306ED4EF732AF9695BFF24FC96F
C:\WINDOWS\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\Program Files\HWiNFO32\HWiNFO32.SYS C364282A3C27C1C26BAADE522EB29BC5
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\Drivers\IT9135BDA.sys 532F4655DB4C3F702F420722350B6022
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys 58759156A6918913EDD368F995BE3E53
C:\WINDOWS\System32\DRIVERS\L8042mou.Sys 973F78482AA2F2760323900B3A501C40
C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 6C4A3804510AD8E0F0C07B5BE3D44DDB
C:\WINDOWS\System32\DRIVERS\Lbd.sys 336ABE8721CBC3110F1C6426DA633417
C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys C91206CA84684057118265E8377C77B6
C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys 9F03720FA5E6D14CD4DFEA610F2C1A7C
C:\WINDOWS\System32\DRIVERS\LMouKE.Sys 2A3E4DB78B20B2CD2C548A48A8E6B1B7
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\MPE.sys C0F8E0C2C3C0437CF37C6781896DC3EC
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\System32\drivers\msmpu401.sys CA3E22598F411199ADC2DFEE76CD0AE0
C:\WINDOWS\system32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys BE10DB9AD60D5814AEFF31D976B99448
C:\WINDOWS\System32\DRIVERS\nvcap.sys BB7A456FAFB69C626D178D40FAB16108
C:\WINDOWS\System32\DRIVERS\nvtunep.sys 8F2256695041C440BA23B8F1D5EEE612
C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys EADA5F1597A24687DB469124475F635E
C:\WINDOWS\System32\DRIVERS\NVxbar.sys 1487417AF7A623FD4E581FF3E83D1467
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\PxHelp20.sys B572ED0C3E6165643FA116AF20425A54
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\system32\Drivers\SCDEmu.sys 11D4171BD7F6776A85553CA1F83F7303
C:\WINDOWS\System32\DRIVERS\se45bus.sys 531EBC57DB331C8500C042D9F8A6AEF2
C:\WINDOWS\System32\DRIVERS\se45mdfl.sys 148E7E813681D3A0A05F09826080CC2B
C:\WINDOWS\System32\DRIVERS\se45mdm.sys B4CE022564D0D3FD7B0E5459AA12AA72
C:\WINDOWS\System32\DRIVERS\se45mgmt.sys 6D04EA9C049EBD78D64ADE447DE3F7EB
C:\WINDOWS\System32\DRIVERS\se45nd5.sys FDC74BEAA13A801FAC574BC7AF1450C4
C:\WINDOWS\System32\DRIVERS\se45obex.sys 5E003693822460D37516D9A262DE9E11
C:\WINDOWS\System32\DRIVERS\se45unic.sys FC7021ADB632200DA591A55A35A78ACC
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\System32\DRIVERS\sermouse.sys 1F16931C722C69E4A7866244796C66A0
C:\WINDOWS\System32\drivers\sfdrv01.sys 58235F4483B63FF33B0FC41C1CD624C5
C:\WINDOWS\System32\drivers\sfhlp02.sys E58BFC561F3D1D9C79B61A151C208C78
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\sfvfs02.sys D5A7E09D2C6A702809E49190D52ADC9F
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS A1ECEEAA5C5E74B2499EB51D38185B84
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\emBDA.sys 4C3180982ABBC7CFA14DD21C0CBB1C22
C:\WINDOWS\System32\DRIVERS\emOEM.sys 49B03351781DE98981DF0814A15DC992
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\WINDOWS\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\DRIVERS\Wdf01000.sys FD47474BD21794508AF449D9D91AF6E6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\WmBEnum.sys 38932C4649F8BAAD6CE1000AC6503D5B
C:\WINDOWS\System32\drivers\WmFilter.sys 58B3ADAB903FA1A78C86E6A42B80FE76
C:\WINDOWS\System32\drivers\WmHidLo.sys 131D0E6E7BF530E9D141644F7A708B53
C:\WINDOWS\System32\drivers\WmVirHid.sys E45F01F4014D7AB13B8A0C41EBF48A3D
C:\WINDOWS\System32\drivers\WmXlCore.sys 0398265DD65AAE2ECE180FA9D1E7B5BB
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78

==================== NetSvcs (Whitelisted) ===================

NETSVC: Ip6FwHlp -> No Registry Path.

==================== One Month Created Files and Folders ========

2014-05-17 17:40 - 2014-05-17 17:52 - 00030486 _____ () C:\Documents and Settings\mates\Desktop\FRST.txt
2014-05-17 17:28 - 2014-05-17 17:52 - 00000000 ____D () C:\FRST
2014-05-17 17:27 - 2014-05-17 17:27 - 01056768 _____ (Farbar) C:\Documents and Settings\mates\Desktop\FRST.exe
2014-05-16 20:20 - 2014-05-16 20:20 - 00336496 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\zvfbfcnj.dat
2014-05-03 21:03 - 2014-05-03 21:03 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-03.dmp
2014-05-03 21:01 - 2014-05-03 21:01 - 00001915 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2014-05-03 21:01 - 2014-05-03 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2014-05-03 20:53 - 2014-05-03 20:53 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-02.dmp
2014-05-03 20:30 - 2014-05-03 20:30 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-01.dmp
2014-05-03 18:01 - 2014-05-03 18:01 - 00000000 ____D () C:\Documents and Settings\mates\Desktop\views
2014-05-03 18:01 - 2014-05-03 17:57 - 00004913 _____ () C:\Documents and Settings\mates\Desktop\Copy of skupinyView.php
2014-05-03 17:53 - 2014-05-03 17:57 - 00004913 _____ () C:\Documents and Settings\mates\Desktop\skupinyView.php
2014-05-03 17:47 - 2014-05-03 19:39 - 00000000 ____D () C:\Documents and Settings\mates\Application Data\PSpad
2014-05-03 17:47 - 2014-05-03 17:47 - 00000691 _____ () C:\Documents and Settings\mates\Desktop\PSPad.lnk
2014-05-03 17:47 - 2014-05-03 17:47 - 00000000 ____D () C:\Program Files\PSPad editor
2014-05-03 17:47 - 2014-05-03 17:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PSPad editor
2014-05-03 17:43 - 2014-05-03 17:50 - 00001504 _____ () C:\Documents and Settings\mates\Desktop\zoznamView.php
2014-05-03 10:39 - 2014-05-03 10:39 - 00000000 ____D () C:\Documents and Settings\mates\Desktop\Zbrody
2014-04-29 21:19 - 2014-04-29 21:19 - 01245385 _____ () C:\Documents and Settings\mates\Desktop\StreamTorrentSetup.zip
2014-04-29 21:19 - 2014-04-29 21:19 - 00000792 _____ () C:\Documents and Settings\mates\Desktop\StreamTorrent 1.0.lnk
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Program Files\StreamTorrent 1.0
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Documents and Settings\mates\Start Menu\Programs\StreamTorrent 1.0
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Documents and Settings\mates\Application Data\StreamTorrent
2014-04-29 21:06 - 2014-04-29 21:06 - 00000666 _____ () C:\Documents and Settings\mates\Desktop\SopCast.lnk
2014-04-29 21:06 - 2014-04-29 21:06 - 00000000 ____D () C:\Program Files\SopCast
2014-04-29 21:06 - 2014-04-29 21:06 - 00000000 ____D () C:\Documents and Settings\mates\Start Menu\Programs\SopCast
2014-04-29 21:06 - 2013-06-26 12:41 - 05442093 _____ () C:\Documents and Settings\mates\Desktop\Setup-SopCast-3.8.3-2013-6-26.exe

==================== One Month Modified Files and Folders =======

2014-05-17 17:52 - 2014-05-17 17:40 - 00030486 _____ () C:\Documents and Settings\mates\Desktop\FRST.txt
2014-05-17 17:52 - 2014-05-17 17:28 - 00000000 ____D () C:\FRST
2014-05-17 17:45 - 2009-11-24 06:34 - 00000000 ____D () C:\Documents and Settings\mates\Application Data\uTorrent
2014-05-17 17:27 - 2014-05-17 17:27 - 01056768 _____ (Farbar) C:\Documents and Settings\mates\Desktop\FRST.exe
2014-05-17 17:25 - 2009-12-01 20:14 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 17:21 - 2009-03-05 18:10 - 00388371 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-17 17:15 - 2012-05-16 17:36 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-05-17 17:15 - 2012-05-16 17:21 - 00000144 _____ () C:\monitor.log
2014-05-17 17:15 - 2009-12-01 20:14 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-17 17:15 - 2009-09-18 05:00 - 00000278 ____H () C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
2014-05-17 17:15 - 2009-09-10 11:14 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-05-17 17:15 - 2008-04-20 20:20 - 00043573 _____ () C:\WINDOWS\system32\nvapps.xml
2014-05-17 17:15 - 2004-01-25 14:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-17 17:15 - 2004-01-25 14:10 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2014-05-17 17:15 - 2004-01-25 13:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-17 17:14 - 2004-01-25 13:27 - 00000278 ___SH () C:\Documents and Settings\mates\ntuser.ini
2014-05-17 17:14 - 2004-01-25 13:24 - 00032190 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-17 17:02 - 2009-09-10 15:37 - 00645860 _____ () C:\WINDOWS\setupapi.log
2014-05-17 17:01 - 2009-11-24 06:39 - 00000234 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-05-17 16:21 - 2010-02-06 13:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 22:15 - 2004-01-25 13:27 - 00000000 ____D () C:\Documents and Settings\mates
2014-05-16 20:20 - 2014-05-16 20:20 - 00336496 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\zvfbfcnj.dat
2014-05-16 19:21 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-14 19:45 - 2011-10-11 18:07 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2014-05-14 19:45 - 2011-10-11 18:07 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2014-05-14 19:38 - 2004-01-25 14:08 - 00382038 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 21:03 - 2014-05-03 21:03 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-03.dmp
2014-05-03 21:01 - 2014-05-03 21:01 - 00001915 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2014-05-03 21:01 - 2014-05-03 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2014-05-03 20:58 - 2009-09-20 11:58 - 00000000 ____D () C:\Documents and Settings\mates\Local Settings\Application Data\Google
2014-05-03 20:58 - 2009-09-20 11:56 - 00000000 ____D () C:\Program Files\Google
2014-05-03 20:58 - 2009-09-20 11:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-05-03 20:53 - 2014-05-03 20:53 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-02.dmp
2014-05-03 20:30 - 2014-05-03 20:30 - 00098304 _____ () C:\WINDOWS\Minidump\Mini050314-01.dmp
2014-05-03 19:40 - 2011-11-15 18:20 - 00000600 _____ () C:\Documents and Settings\mates\Application Data\winscp.rnd
2014-05-03 19:39 - 2014-05-03 17:47 - 00000000 ____D () C:\Documents and Settings\mates\Application Data\PSpad
2014-05-03 18:01 - 2014-05-03 18:01 - 00000000 ____D () C:\Documents and Settings\mates\Desktop\views
2014-05-03 17:57 - 2014-05-03 18:01 - 00004913 _____ () C:\Documents and Settings\mates\Desktop\Copy of skupinyView.php
2014-05-03 17:57 - 2014-05-03 17:53 - 00004913 _____ () C:\Documents and Settings\mates\Desktop\skupinyView.php
2014-05-03 17:50 - 2014-05-03 17:43 - 00001504 _____ () C:\Documents and Settings\mates\Desktop\zoznamView.php
2014-05-03 17:47 - 2014-05-03 17:47 - 00000691 _____ () C:\Documents and Settings\mates\Desktop\PSPad.lnk
2014-05-03 17:47 - 2014-05-03 17:47 - 00000000 ____D () C:\Program Files\PSPad editor
2014-05-03 17:47 - 2014-05-03 17:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PSPad editor
2014-05-03 17:44 - 2013-02-15 14:09 - 00000000 ____D () C:\Documents and Settings\mates\Desktop\eclipse
2014-05-03 17:38 - 2012-07-02 08:17 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-03 17:38 - 2011-06-27 09:23 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-03 10:39 - 2014-05-03 10:39 - 00000000 ____D () C:\Documents and Settings\mates\Desktop\Zbrody
2014-04-29 21:19 - 2014-04-29 21:19 - 01245385 _____ () C:\Documents and Settings\mates\Desktop\StreamTorrentSetup.zip
2014-04-29 21:19 - 2014-04-29 21:19 - 00000792 _____ () C:\Documents and Settings\mates\Desktop\StreamTorrent 1.0.lnk
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Program Files\StreamTorrent 1.0
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Documents and Settings\mates\Start Menu\Programs\StreamTorrent 1.0
2014-04-29 21:19 - 2014-04-29 21:19 - 00000000 ____D () C:\Documents and Settings\mates\Application Data\StreamTorrent
2014-04-29 21:06 - 2014-04-29 21:06 - 00000666 _____ () C:\Documents and Settings\mates\Desktop\SopCast.lnk
2014-04-29 21:06 - 2014-04-29 21:06 - 00000000 ____D () C:\Program Files\SopCast
2014-04-29 21:06 - 2014-04-29 21:06 - 00000000 ____D () C:\Documents and Settings\mates\Start Menu\Programs\SopCast
2014-04-28 19:51 - 2009-09-11 19:13 - 00000000 ____D () C:\Program Files\Opera
2014-04-26 15:35 - 2004-06-16 17:26 - 00002481 _____ () C:\Documents and Settings\mates\Desktop\Microsoft Excel.lnk
2014-04-26 14:24 - 2013-12-26 21:57 - 00000000 ____D () C:\Documents and Settings\mates\My Documents\Permanentky 1213-2014

Files to move or delete:
====================
C:\Documents and Settings\mates\hpothb07.dat
C:\Documents and Settings\mates\pOSI62.dll
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job


Some content of TEMP:
====================
C:\Documents and Settings\mates\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\mates\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\mates\Local Settings\Temp\The Sims 2 University_uninst.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

But fix doesnt work in my case because fixlist is not created. Is there other way to do this.


I must remind you that fixes are quite unique for each computer and following blindly instructions given to others can be quite deadly. However, you did the right thing by choosing to get proper assistance instead. Let's get down to business.  :thumbsup:
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    HKU\S-1-5-21-1229272821-1844823847-725345543-1003\...\Run: [zvfbfcnj] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\zvfbfcnj.dat"
    C:\Documents and Settings\All Users\Application Data\zvfbfcnj.dat
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
    ShortcutTarget: NewShortcut1.lnk -> C:\Program Files\USB_video_device\Utility\RemoteTool\BDARemote.exe (No File)
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask....s}&locale=en_EU
    BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    C:\Program Files\Ask.com
    Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
    S2 sfrem01; C:\WINDOWS\system32\sfrem01.exe [353912 2006-05-10] (Protection Technology (StarForce))
    C:\WINDOWS\system32\sfrem01.exe
    U1 hqfpylprdcdxbqjt; \systemroot\system32\drivers\hqfpylprdcdxbqjt.sys [X]
    U1 oqhxbdmexuwptego; \systemroot\system32\drivers\oqhxbdmexuwptego.sys [X]
    U1 pmbirdmbftaonnsm; \systemroot\system32\drivers\pmbirdmbftaonnsm.sys [X]
    U1 tismitqsbtnxvrtq; \systemroot\system32\drivers\tismitqsbtnxvrtq.sys [X]
    2014-05-17 17:15 - 2009-09-18 05:00 - 00000278 ____H () C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
    C:\Documents and Settings\mates\hpothb07.dat
    C:\Documents and Settings\mates\pOSI62.dll
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Reboot:
    • Run your copy of FRST. It is important to ensure it is located in your desktop.

      5mgxgF3.png

    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, antivirus-blocking

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP