Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with GoSave ads in Chrome


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mizu-chan

Mizu-chan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Poland
  • Local time:10:48 PM

Posted 06 October 2014 - 03:58 AM

Hi, 

a few days ago I have noticed that some ads are popping-up in my browser. I have Adblock extension, that's why I was suprised when I saw ads. Moreover when I open something in background in new tab suddenly the adress is changed on one from GoSave. I try to unistall GoSave but it didn't help. I tried looking how to get rid of that and so I am here. I have no idea what I should do. Could you help me? 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.55.2
Run by Olania at 10:42:43 on 2014-10-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3838.1094 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Users\Olania\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Olania\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Olania\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ChomikBox\ChomikBox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NapiProjekt\napisy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Pomocnik logowania za pomocą konta Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "C:\Users\Olania\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spotify] "C:\Users\Olania\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Olania\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [fst_pl_31] <no file>
StartupFolder: C:\Users\Olania\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Olania\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 87.204.204.204 62.233.233.233
TCP: Interfaces\{37F54A94-D1B8-4215-B7EA-A29655488B18} : DHCPNameServer = 87.204.204.204 62.233.233.233
TCP: Interfaces\{37F54A94-D1B8-4215-B7EA-A29655488B18}\47D2D6F62696C656E207C6F5131383130333 : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{37F54A94-D1B8-4215-B7EA-A29655488B18}\55053413639303033323 : DHCPNameServer = 62.179.1.61 62.179.1.63
TCP: Interfaces\{37F54A94-D1B8-4215-B7EA-A29655488B18}\E4F6271623 : DHCPNameServer = 62.179.1.61 62.179.1.63
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\nppl3260.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-12 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-7-12 242728]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-17 4972864]
R3 RTL8187B;Karta Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
R3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BtHidBus;BtHidBus;C:\Windows\System32\drivers\BtHidBus.sys [2013-10-8 24032]
S3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
S3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
S3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-4-15 62040]
S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-6-12 51800]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-15 1255736]
.
=============== File Associations ===============
.
ShellExec: BESTplayer.exe: napiprojekt="C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1"
ShellExec: BESTplayer.exe: napiprojekt0="C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang
ShellExec: mplayerc.exe: napiprojekt="C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1"
ShellExec: mplayerc.exe: napiprojekt0="C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang
.
=============== Created Last 30 ================
.
2014-10-06 07:40:46 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-01 06:16:07 -------- d-----w- C:\ProgramData\YoUtubEAdBloocke
2014-10-01 06:16:06 -------- d-----w- C:\Program Files (x86)\YoUtubEAdBloocke
2014-10-01 06:15:55 -------- d-----w- C:\ProgramData\GOSaavvee
2014-10-01 06:15:53 -------- d-----w- C:\Program Files (x86)\GOSaavvee
2014-10-01 06:15:44 -------- d-----w- C:\ProgramData\e00525812fb6fd92
2014-10-01 06:15:43 -------- d-----w- C:\Users\Olania\AppData\Local\Torch
2014-10-01 06:15:43 -------- d-----w- C:\Users\Olania\AppData\Local\Comodo
2014-10-01 06:15:43 -------- d-----w- C:\Users\Olania\AppData\Local\Chromatic Browser
2014-09-22 14:23:06 -------- d-----w- C:\Users\Olania\AppData\Local\Spotify
2014-09-22 14:22:12 -------- d-----w- C:\Users\Olania\AppData\Roaming\Spotify
.
==================== Find3M  ====================
.
2014-08-06 08:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-21 19:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 10:44:36,18 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 10 October 2014 - 06:54 AM

Hello and welcome to BleepingComputer :)

I will be assisting you with your malware related problems

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

___

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

___

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions. 


Edited by thisisu, 10 October 2014 - 07:02 AM.


#3 Mizu-chan

Mizu-chan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Poland
  • Local time:10:48 PM

Posted 10 October 2014 - 10:54 AM

Thanks a lot for your reply :) I did everything you had asked me to do and I think it has worked. At the first sight I'm not seeing any longer any ads popping up and nothing new isn't opening by itself. So I think everything is bak to normal, but check yourself and tell me if I should do anything else. And here you have all logs and reports as you asked. 

 

AdwCleaner log file:

 

# AdwCleaner v3.311 - Log utworzony 10/10/2014 o 17:08:53
# Aktualizacja 30/09/2014 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Olania - OLANIA-KOMPUTER
# Ścieżka : C:\Users\Olania\Downloads\adwcleaner_3.311.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
Folder Usunięto : C:\ProgramData\GOSaavvee
Folder Usunięto : C:\Program Files (x86)\Mobogenie
Folder Usunięto : C:\Program Files (x86)\predm
Folder Usunięto : C:\Program Files (x86)\GOSaavvee
Folder Usunięto : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Usunięto : C:\Users\Administrator\AppData\Local\torch
Folder Usunięto : C:\Users\Gość\AppData\Local\Chromatic Browser
Folder Usunięto : C:\Users\Gość\AppData\Local\torch
Folder Usunięto : C:\Users\Olania\AppData\Local\Chromatic Browser
Folder Usunięto : C:\Users\Olania\AppData\Local\lollipop
Folder Usunięto : C:\Users\Olania\AppData\Local\Mobogenie
Folder Usunięto : C:\Users\Olania\AppData\Local\torch
Folder Usunięto : C:\Users\wangzhisong\AppData\Local\Mobogenie
Folder Usunięto : C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\Extensions\Wti@S.com
Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Usunięto : C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
Folder Usunięto : C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
[!] Folder Usunięto : C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcgobnoinbiedppchgnjkimeodpnge
Plik Usunięto : C:\Users\Olania\daemonprocess.txt
Plik Usunięto : C:\Users\Olania\AppData\Roaming\LiveSupport.exe_log.txt
Plik Usunięto : C:\Users\Olania\AppData\Roaming\regsvr32.exe_log.txt
Plik Usunięto : C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\user.js
 
***** [ Zadania ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
Klucz Usunięto : HKCU\Software\Classes\Applications\lollipop.exe
Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASMANCS
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Klucz Usunięto : HKLM\SOFTWARE\Classes\.
Klucz Usunięto : HKLM\SOFTWARE\Classes\..9
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_camstudio_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_format-factory_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_free-screen-to-video_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_windows-movie-maker-2012_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_x264-video-codec_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_x264-video-codec_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{5d8fd90f-3496-47a3-bbc1-88abb8759071}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5d8fd90f-3496-47a3-bbc1-88abb8759071}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Klucz Usunięto : HKCU\Software\1ClickDownload
Klucz Usunięto : HKCU\Software\AVG Nation toolbar
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\lollipop
Klucz Usunięto : HKCU\Software\RegisteredApplicationsEx
Klucz Usunięto : HKCU\Software\smarttweak
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\SweetIM
Klucz Usunięto : HKCU\Software\TutoTag
Klucz Usunięto : HKLM\SOFTWARE\AVG Nation toolbar
Klucz Usunięto : HKLM\SOFTWARE\AVG Security Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Conduit
Klucz Usunięto : HKLM\SOFTWARE\SweetIM
Klucz Usunięto : HKLM\SOFTWARE\Tutorials
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Mozilla Firefox v32.0.3 (x86 pl)
 
[ Plik : C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\prefs.js ]
 
Wpis usunięty : user_pref("extensions.9s5WIRkZC4RLCmNm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Wpis usunięty : user_pref("extensions.pRKF3qM7TJRlLguP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Wpis usunięty : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Wpis usunięty : user_pref("extentions.webcake.installId", "371bb1ff-df39-4263-83fe-732e0d929a98");
 
-\\ Google Chrome v37.0.2062.124
 
[ Plik : C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Usunięto [Search Provider] : hxxp://www.bosch.pl/pl/pl/_technik_19/gsa_7/search-results.php?lang=pl&scenario=1&q={searchTerms}&x=-1090&y=-86
Usunięto [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms}
Usunięto [Extension] : iphcgobnoinbiedppchgnjkimeodpnge
Usunięto [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
 
*************************
 
AdwCleaner[R0].txt - [9060 octets] - [10/10/2014 17:00:30]
AdwCleaner[S0].txt - [8338 octets] - [10/10/2014 17:08:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8398 octets] ##########

 

 
 
JRT file:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Olania on 2014-10-10 at 17:18:08,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Olania\AppData\Roaming\mozilla\firefox\profiles\9og3mf5g.default\prefs.js
 
user_pref("extensions.9s5WIRkZC4RLCmNm.url", "hxxp://getjpijs.info/sync2/?q=hfZ9ofV9CShEAen0rTUGrihTB6lKDzt4olbrtNtVh7n0rjnFrdaFrdgFqTaEtMFHhd9FqdwErdgFrTsEqjnMDMlGojUMAe4Uojk
Emptied folder: C:\Users\Olania\AppData\Roaming\mozilla\firefox\profiles\9og3mf5g.default\minidumps [13 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-10-10 at 17:26:53,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Olania (administrator) on OLANIA-KOMPUTER on 10-10-2014 17:39:36
Running from C:\Users\Olania\Desktop
Loaded Profile: Olania (Available profiles: Olania)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(Spotify Ltd) C:\Users\Olania\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Olania\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-08-03] (TOSHIBA Corporation.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM-x32\...\Run: [fst_pl_31] => [X]
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKU\S-1-5-21-3738634061-1449098732-4011751340-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3738634061-1449098732-4011751340-1000\...\Run: [uTorrent] => C:\Users\Olania\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-01] (BitTorrent Inc.)
HKU\S-1-5-21-3738634061-1449098732-4011751340-1000\...\Run: [Spotify] => C:\Users\Olania\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3738634061-1449098732-4011751340-1000\...\Run: [Spotify Web Helper] => C:\Users\Olania\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3738634061-1449098732-4011751340-1000\...\MountPoints2: {06b8a2d8-f473-11e2-962d-00238b1c5fce} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Olania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Olania\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 62.233.233.233
 
FireFox:
========
FF ProfilePath: C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: YoUtubEAdBloocke - C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\Extensions\H@uq63L.org [2014-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> 166B6647FCD0B42DC403671B97DBF949F473DDCD2A0446B18971FC56453F34AB
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-01]
CHR Extension: (Dropbox) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-10-01]
CHR Extension: (No Name) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-10-01]
CHR Extension: (Google Wallet) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-03-06] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
R2 o2flash; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-12] (DT Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 17:39 - 2014-10-10 17:41 - 00014465 _____ () C:\Users\Olania\Desktop\FRST.txt
2014-10-10 17:39 - 2014-10-10 17:39 - 00000000 ____D () C:\FRST
2014-10-10 17:18 - 2014-10-10 17:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-10 17:16 - 2014-10-10 17:27 - 00000000 ____D () C:\Users\Olania\Desktop\infekcja
2014-10-10 17:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-10 17:00 - 2014-10-10 17:09 - 00000000 ____D () C:\AdwCleaner
2014-10-10 16:57 - 2014-10-10 16:57 - 02109952 _____ (Farbar) C:\Users\Olania\Desktop\FRST64.exe
2014-10-10 16:57 - 2014-10-10 16:57 - 01705755 _____ (Thisisu) C:\Users\Olania\Downloads\JRT.exe
2014-10-10 16:56 - 2014-10-10 16:56 - 01375089 _____ () C:\Users\Olania\Downloads\adwcleaner_3.311.exe
2014-10-10 06:51 - 2014-10-10 06:51 - 00020624 _____ () C:\Users\Olania\Downloads\[kickass.to]how.to.get.away.with.murder.s01e03.hdtv.x264.lol.ettv.torrent
2014-10-10 06:51 - 2014-10-10 06:51 - 00019828 _____ () C:\Users\Olania\Downloads\[kickass.to]the.vampire.diaries.s06e02.hdtv.x264.lol.ettv.torrent
2014-10-10 06:51 - 2014-10-10 06:51 - 00017480 _____ () C:\Users\Olania\Downloads\[kickass.to]greys.anatomy.s11e03.hdtv.x264.lol.ettv.torrent
2014-10-09 08:35 - 2014-10-09 08:35 - 00028668 _____ () C:\Users\Olania\Downloads\[kickass.to]arrow.s03e01.hdtv.xvid.fum.ettv.torrent
2014-10-09 08:35 - 2014-10-09 08:35 - 00024953 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.pd.s02e03.hdtv.x264.lol.ettv.torrent
2014-10-09 08:35 - 2014-10-09 08:35 - 00015972 _____ () C:\Users\Olania\Downloads\[kickass.to]modern.family.s06e03.hdtv.x264.killers.ettv.torrent
2014-10-09 08:34 - 2014-10-09 08:34 - 00037152 _____ () C:\Users\Olania\Downloads\[kickass.to]american.horror.story.s04e01.hdtv.x264.lol.ettv.torrent
2014-10-08 18:28 - 2014-10-08 18:28 - 00985414 _____ () C:\Users\Olania\Downloads\n33130d.zip
2014-10-08 07:52 - 2014-10-08 07:52 - 00017138 _____ () C:\Users\Olania\Downloads\[kickass.to]supernatural.s10e01.hdtv.x264.lol.ettv.torrent
2014-10-08 07:52 - 2014-10-08 07:52 - 00014940 _____ () C:\Users\Olania\Downloads\[kickass.to]awkward.s04e14.hdtv.x264.killers.ettv.torrent
2014-10-08 07:52 - 2014-10-08 07:52 - 00014887 _____ () C:\Users\Olania\Downloads\[kickass.to]new.girl.s04e04.web.dl.xvid.fum.ettv.torrent
2014-10-08 07:52 - 2014-10-08 07:52 - 00013713 _____ () C:\Users\Olania\Downloads\[kickass.to]manhattan.love.story.s01e02.hdtv.x264.lol.ettv.torrent
2014-10-08 07:51 - 2014-10-08 07:51 - 00026657 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.fire.s03e03.hdtv.x264.lol.ettv.torrent
2014-10-07 20:55 - 2014-10-07 20:55 - 00018490 _____ () C:\Users\Olania\Downloads\[kickass.to]supernatural.s10.special.a.very.special.supernatural.special.hdt.torrent
2014-10-07 09:54 - 2014-10-07 09:54 - 00006784 _____ () C:\Users\Olania\Downloads\[kickass.to]brooklyn.nine.nine.s02e02.hdtv.x264.lol.eztv.torrent
2014-10-07 09:38 - 2014-10-07 10:33 - 367060992 _____ () C:\Users\Olania\Downloads\Top.Model.S04E06.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-07 09:19 - 2014-10-07 09:19 - 00011151 _____ () C:\Users\Olania\Downloads\[kickass.to]the.big.bang.theory.s08e04.hdtv.x264.lol.ettv.torrent
2014-10-07 09:17 - 2014-10-07 09:17 - 00028704 _____ () C:\Users\Olania\Downloads\[kickass.to]the.originals.s02e01.hdtv.xvid.fum.ettv.torrent
2014-10-07 09:17 - 2014-10-07 09:17 - 00028697 _____ () C:\Users\Olania\Downloads\[kickass.to]scorpion.s01e03.hdtv.xvid.fum.ettv.torrent
2014-10-07 09:17 - 2014-10-07 09:17 - 00022507 _____ () C:\Users\Olania\Downloads\[kickass.to]sleepy.hollow.s02e03.hdtv.x264.2hd.ettv.torrent
2014-10-07 09:17 - 2014-10-07 09:17 - 00020925 _____ () C:\Users\Olania\Downloads\[kickass.to]gotham.s01e03.hdtv.x264.lol.ettv.torrent
2014-10-06 16:20 - 2014-10-06 16:20 - 00026267 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e07.hdtv.x264.killers.ettv.torrent
2014-10-06 16:20 - 2014-10-06 16:20 - 00022984 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e08.hdtv.x264.killers.ettv.torrent
2014-10-06 16:20 - 2014-10-06 16:20 - 00021257 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e05.hdtv.x264.killers.ettv.torrent
2014-10-06 16:20 - 2014-10-06 16:20 - 00012718 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e06.hdtv.x264.killers.eztv.torrent
2014-10-06 16:20 - 2014-10-06 16:20 - 00011750 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e09.hdtv.x264.killers.eztv.torrent
2014-10-06 16:19 - 2014-10-06 16:19 - 00013671 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e01.hdtv.x264.killers.eztv.torrent
2014-10-06 16:19 - 2014-10-06 16:19 - 00012998 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e04.hdtv.x264.killers.eztv.torrent
2014-10-06 16:19 - 2014-10-06 16:19 - 00011950 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e03.hdtv.x264.killers.eztv.torrent
2014-10-06 16:19 - 2014-10-06 16:19 - 00010891 _____ () C:\Users\Olania\Downloads\[kickass.to]the.knick.s01e02.hdtv.x264.killers.eztv.torrent
2014-10-06 15:56 - 2014-10-06 15:56 - 00061866 _____ () C:\Users\Olania\Downloads\[kickass.to]homeland.s04e01.e02.web.dl.xvid.fum.ettv.torrent
2014-10-06 15:55 - 2014-10-06 15:55 - 00031196 _____ () C:\Users\Olania\Downloads\[kickass.to]the.strain.s01e13.web.dl.xvid.fum.ettv.torrent
2014-10-06 15:55 - 2014-10-06 15:55 - 00028750 _____ () C:\Users\Olania\Downloads\[kickass.to]once.upon.a.time.s04e02.hdtv.xvid.fum.ettv.torrent
2014-10-06 09:40 - 2014-10-06 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 09:25 - 2014-10-06 09:25 - 00609917 _____ () C:\Users\Olania\Downloads\Hotel King (2014) Complete XVID LIMO - English.rar
2014-10-06 09:24 - 2014-10-06 09:24 - 00015844 _____ () C:\Users\Olania\Downloads\Trot Lovers (2014) Complete (eng subbed).torrent
2014-10-06 09:23 - 2014-10-06 09:23 - 00012329 _____ () C:\Users\Olania\Downloads\King of High School (2014) Complete (hardsubbed).torrent
2014-10-06 09:21 - 2014-10-06 09:21 - 00021081 _____ () C:\Users\Olania\Downloads\Hotel King (2014) Complete (eng subbed).torrent
2014-10-06 09:14 - 2014-10-06 09:14 - 00334075 _____ () C:\Users\Olania\Downloads\It's Okay It's Love (2014) Complete 720p LIMO - English.rar
2014-10-06 09:14 - 2014-10-06 09:14 - 00103078 _____ () C:\Users\Olania\Downloads\It's Okay It's Love (2014) Complete 720p LIMO.torrent
2014-10-05 10:12 - 2014-10-05 10:13 - 07422976 _____ () C:\Users\Olania\Downloads\pomiary_szczeg1.ppt
2014-10-05 08:45 - 2014-10-05 08:45 - 00020407 _____ () C:\Users\Olania\Downloads\[kickass.to]intruders.s01e07.hdtv.x264.killers.ettv.torrent
2014-10-03 22:02 - 2014-10-03 22:02 - 00020995 _____ () C:\Users\Olania\Downloads\Medicus_-_The_Physician_ 2013 _[DVDRip_RMVB]_[Lektor_PL][Torrenty.org].torrent
2014-10-03 21:45 - 2014-10-03 21:45 - 00015094 _____ () C:\Users\Olania\Downloads\Sin City 2  Damulka warta grzechu - Sin City A Dame To Kill For  2014 [BRRip] [XViD-J25] [Napisy PL][Torrenty.org].torrent
2014-10-03 21:45 - 2014-10-03 21:45 - 00014892 _____ () C:\Users\Olania\Downloads\22 Jump Street  2014  [WEB DL XviD-RARBG][Torrenty.org].torrent
2014-10-03 16:45 - 2014-10-05 13:06 - 00000000 ____D () C:\Users\Olania\Desktop\Ustawy
2014-10-03 16:44 - 2014-10-03 16:45 - 00000000 ____D () C:\Users\Olania\Desktop\Pomiary katastralne
2014-10-03 06:27 - 2014-10-03 06:27 - 00020347 _____ () C:\Users\Olania\Downloads\[kickass.to]how.to.get.away.with.murder.s01e02.hdtv.x264.lol.ettv.torrent
2014-10-03 06:27 - 2014-10-03 06:27 - 00019511 _____ () C:\Users\Olania\Downloads\[kickass.to]the.vampire.diaries.s06e01.hdtv.x264.lol.ettv.torrent
2014-10-03 06:27 - 2014-10-03 06:27 - 00018417 _____ () C:\Users\Olania\Downloads\[kickass.to]greys.anatomy.s11e02.hdtv.x264.lol.ettv.torrent
2014-10-02 21:47 - 2014-10-02 21:48 - 00016561 _____ () C:\Users\Olania\Downloads\Igrzyska smierci  W pierscieniu ognia - The Hunger Games  Catching Fire  2013  [720p BDRip XviD AC3-MAXX] [Napisy PL][Torrenty.org].torrent
2014-10-02 16:45 - 2014-10-02 16:45 - 01618944 _____ () C:\Users\Olania\Downloads\Wyklad1.ppt
2014-10-02 09:01 - 2014-10-02 09:01 - 00017532 _____ () C:\Users\Olania\Downloads\[kickass.to]modern.family.s06e02.hdtv.x264.killers.ettv.torrent
2014-10-02 09:01 - 2014-10-02 09:01 - 00008083 _____ () C:\Users\Olania\Downloads\[kickass.to]modern.family.s06e01.hdtv.x264.killers.eztv.torrent
2014-10-02 09:00 - 2014-10-02 09:01 - 00026713 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.pd.s02e02.hdtv.x264.lol.ettv.torrent
2014-10-01 08:16 - 2014-10-04 10:28 - 00000000 ____D () C:\ProgramData\YoUtubEAdBloocke
2014-10-01 08:16 - 2014-10-01 19:23 - 00000000 ____D () C:\Program Files (x86)\YoUtubEAdBloocke
2014-10-01 08:15 - 2014-10-01 08:16 - 00000000 ____D () C:\ProgramData\e00525812fb6fd92
2014-10-01 08:15 - 2014-10-01 08:15 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Olania\AppData\Local\Comodo
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Gość\AppData\Local\Google
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Gość\AppData\Local\Comodo
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Gość
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-01 08:15 - 2014-10-01 08:15 - 00000000 ____D () C:\Users\Administrator
2014-10-01 08:10 - 2014-10-01 08:10 - 561409802 ____H () C:\Users\Olania\Desktop\BIT2578.tmp
2014-10-01 07:59 - 2014-10-01 07:59 - 00026994 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.fire.s03e02.hdtv.x264.lol.ettv.torrent
2014-10-01 07:59 - 2014-10-01 07:59 - 00014886 _____ () C:\Users\Olania\Downloads\[kickass.to]new.girl.s04e03.web.dl.xvid.fum.ettv.torrent
2014-10-01 07:59 - 2014-10-01 07:59 - 00013480 _____ () C:\Users\Olania\Downloads\[kickass.to]awkward.s04e13.hdtv.x264.killers.ettv.torrent
2014-10-01 07:59 - 2014-10-01 07:59 - 00013458 _____ () C:\Users\Olania\Downloads\[kickass.to]manhattan.love.story.s01e01.hdtv.x264.2hd.ettv.torrent
2014-09-30 13:07 - 2014-09-30 13:07 - 00013227 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.pd.s02e01.hdtv.x264.lol.eztv.torrent
2014-09-30 10:06 - 2014-09-30 10:06 - 00028710 _____ () C:\Users\Olania\Downloads\[kickass.to]gotham.s01e02.hdtv.xvid.fum.ettv.torrent
2014-09-30 10:06 - 2014-09-30 10:06 - 00023029 _____ () C:\Users\Olania\Downloads\[kickass.to]scorpion.s01e02.hdtv.x264.lol.ettv.torrent
2014-09-30 10:06 - 2014-09-30 10:06 - 00021759 _____ () C:\Users\Olania\Downloads\[kickass.to]sleepy.hollow.s02e02.hdtv.x264.lol.ettv.torrent
2014-09-30 10:06 - 2014-09-30 10:06 - 00010931 _____ () C:\Users\Olania\Downloads\[kickass.to]the.big.bang.theory.s08e03.hdtv.x264.lol.ettv.torrent
2014-09-29 08:32 - 2014-09-29 08:32 - 00244304 _____ () C:\Users\Olania\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-29 07:56 - 2014-09-29 07:56 - 00015782 _____ () C:\Users\Olania\Downloads\[kickass.to]brooklyn.nine.nine.s02e01.hdtv.x264.killers.ettv.torrent
2014-09-29 07:52 - 2014-09-29 07:52 - 00024525 _____ () C:\Users\Olania\Downloads\[kickass.to]once.upon.a.time.s04e01.hdtv.x264.lol.ettv.torrent
2014-09-29 07:52 - 2014-09-29 07:52 - 00023033 _____ () C:\Users\Olania\Downloads\[kickass.to]the.strain.s01e12.web.dl.x264.fum.ettv.torrent
2014-09-29 07:52 - 2014-09-29 07:52 - 00022197 _____ () C:\Users\Olania\Downloads\[kickass.to]masters.of.sex.s02e12.hdtv.x264.killers.ettv.torrent
2014-09-28 23:06 - 2014-09-28 23:06 - 00018336 _____ () C:\Users\Olania\Downloads\[kickass.to]intruders.s01e06.hdtv.x264.2hd.ettv.torrent
2014-09-27 10:31 - 2014-09-27 10:31 - 00014991 _____ () C:\Users\Olania\Downloads\[kickass.to]my.iz.buduschego.1.2008.dvbrip.xvid.miguel.lektor.pl.torrent
2014-09-27 10:22 - 2014-09-27 10:22 - 00021095 _____ () C:\Users\Olania\Downloads\[kickass.to]shpion.2012.480p.bdrip.xvid.ac3.elite.torrent
2014-09-27 10:22 - 2014-09-27 10:22 - 00014730 _____ () C:\Users\Olania\Downloads\[kickass.to]shpion.2012.brrip.xvid.playxd.torrent
2014-09-27 10:21 - 2014-09-27 10:21 - 00015760 _____ () C:\Users\Olania\Downloads\[kickass.to]duhless.2012.hdrip.hq.underverse.torrent
2014-09-27 10:19 - 2014-09-27 10:19 - 00015240 _____ () C:\Users\Olania\Downloads\[Limetorrents.cc]_Legenda No 17(Легенда №17)[2013]DVDRip XviD[Russia].torrent
2014-09-26 18:43 - 2014-09-26 18:43 - 00028747 _____ () C:\Users\Olania\Downloads\[kickass.to]greys.anatomy.s11e01.hdtv.xvid.fum.ettv.torrent
2014-09-26 18:43 - 2014-09-26 18:43 - 00020964 _____ () C:\Users\Olania\Downloads\[kickass.to]how.to.get.away.with.murder.s01e01.hdtv.x264.lol.ettv.torrent
2014-09-25 18:45 - 2014-09-25 18:45 - 00025933 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.pd.s02e01.hdtv.x264.lol.ettv.torrent
2014-09-25 18:36 - 2014-09-25 18:36 - 00073044 _____ () C:\Users\Olania\Downloads\[kickass.to]sons.of.anarchy.1.6.unofficial.soundtrack.2008.2013 (1).torrent
2014-09-25 18:35 - 2014-09-25 18:35 - 00073044 _____ () C:\Users\Olania\Downloads\[kickass.to]sons.of.anarchy.1.6.unofficial.soundtrack.2008.2013.torrent
2014-09-24 15:46 - 2014-09-24 20:23 - 00000000 ____D () C:\Users\Olania\Desktop\z karty sd
2014-09-24 15:40 - 2014-09-24 15:40 - 00000796 _____ () C:\Users\Olania\Desktop\z telefonu.txt
2014-09-24 13:33 - 2014-09-24 13:33 - 00014760 _____ () C:\Users\Olania\Downloads\Jak sie zakochac - How to Fall in Love  2012  [HDTV] [XViD-MX] [Lektor PL][Torrenty.org].torrent
2014-09-24 13:33 - 2014-09-24 13:33 - 00014710 _____ () C:\Users\Olania\Downloads\Dawca pamieci - The Giver  2014  [HDRip] [XViD-MORS] [Napisy PL][Torrenty.org].torrent
2014-09-24 13:33 - 2014-09-24 13:33 - 00014677 _____ () C:\Users\Olania\Downloads\Moms Night Out  2014  [BRRip XviD-MiNS] [Lektor PL][Torrenty.org].torrent
2014-09-24 10:55 - 2014-09-24 10:55 - 00000057 _____ () C:\Users\Olania\Desktop\książki_do_pozytania.txt
2014-09-24 08:57 - 2014-09-24 08:57 - 00014275 _____ () C:\Users\Olania\Downloads\[kickass.to]new.girl.s04e01.hdtv.x264.killers.ettv.torrent
2014-09-24 08:50 - 2014-09-24 08:50 - 00031073 _____ () C:\Users\Olania\Downloads\[kickass.to]gotham.s01e01.hdtv.xvid.fum.ettv.torrent
2014-09-24 08:50 - 2014-09-24 08:50 - 00028656 _____ () C:\Users\Olania\Downloads\[kickass.to]scorpion.s01e01.hdtv.xvid.fum.ettv.torrent
2014-09-24 08:48 - 2014-09-24 08:48 - 00011522 _____ () C:\Users\Olania\Downloads\[kickass.to]the.big.bang.theory.s08e01.hdtv.x264.lol.ettv.torrent
2014-09-24 08:48 - 2014-09-24 08:48 - 00010050 _____ () C:\Users\Olania\Downloads\[kickass.to]the.big.bang.theory.s08e02.hdtv.x264.lol.ettv.torrent
2014-09-24 08:47 - 2014-09-24 08:47 - 00029654 _____ () C:\Users\Olania\Downloads\[kickass.to]chicago.fire.s03e01.hdtv.x264.lol.ettv.torrent
2014-09-24 08:47 - 2014-09-24 08:47 - 00027892 _____ () C:\Users\Olania\Downloads\[kickass.to]sleepy.hollow.s02e01.hdtv.x264.killers.ettv.torrent
2014-09-24 08:47 - 2014-09-24 08:47 - 00015145 _____ () C:\Users\Olania\Downloads\[kickass.to]new.girl.s04e02.hdtv.x264.killers.ettv.torrent
2014-09-24 08:47 - 2014-09-24 08:47 - 00015083 _____ () C:\Users\Olania\Downloads\[kickass.to]awkward.s04e12.hdtv.x264.killers.ettv.torrent
2014-09-22 16:23 - 2014-10-08 13:46 - 00000000 ____D () C:\Users\Olania\AppData\Local\Spotify
2014-09-22 16:23 - 2014-09-22 16:23 - 00001772 _____ () C:\Users\Olania\Desktop\Spotify.lnk
2014-09-22 16:23 - 2014-09-22 16:23 - 00001758 _____ () C:\Users\Olania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-09-22 16:22 - 2014-10-10 17:15 - 00000000 ____D () C:\Users\Olania\AppData\Roaming\Spotify
2014-09-17 09:06 - 2014-09-17 09:06 - 07375311 _____ () C:\Users\Olania\Downloads\CAŁA SERIA.zip
2014-09-12 20:22 - 2014-09-12 20:23 - 00000000 ____D () C:\Users\Olania\Desktop\Vikings
2014-09-10 16:39 - 2014-09-10 16:39 - 00001265 _____ () C:\Users\Olania\Desktop\skróty klawiszowe.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 17:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-10 17:21 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 17:21 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 17:16 - 2013-06-11 22:10 - 00000000 ____D () C:\Users\Olania\AppData\Roaming\uTorrent
2014-10-10 17:15 - 2013-06-11 22:43 - 00000000 ___RD () C:\Users\Olania\Dropbox
2014-10-10 17:15 - 2013-06-11 22:38 - 00000000 ____D () C:\Users\Olania\AppData\Roaming\Dropbox
2014-10-10 17:12 - 2014-07-23 23:21 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2014-10-10 17:12 - 2014-03-06 07:27 - 00033082 _____ () C:\Windows\PFRO.log
2014-10-10 17:12 - 2014-01-26 16:58 - 00034744 _____ () C:\Windows\setupact.log
2014-10-10 17:12 - 2013-11-06 18:42 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-10 17:12 - 2013-06-11 21:55 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 17:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 17:08 - 2014-07-23 23:21 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-10-10 17:08 - 2013-06-11 21:49 - 00000000 ____D () C:\Users\Olania
2014-10-10 17:05 - 2013-06-11 21:55 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 16:58 - 2013-07-30 15:55 - 00000000 ____D () C:\Users\Olania\AppData\Local\ChomikBox
2014-10-10 16:48 - 2013-06-11 22:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-10 06:34 - 2013-07-30 15:58 - 00000000 ____D () C:\Users\Olania\.gstreamer-0.10
2014-10-09 22:49 - 2013-06-14 19:06 - 00001611 _____ () C:\Users\Olania\Desktop\Seriale.txt
2014-10-09 20:59 - 2011-04-12 15:21 - 00701260 _____ () C:\Windows\system32\perfh015.dat
2014-10-09 20:59 - 2011-04-12 15:21 - 00136246 _____ () C:\Windows\system32\perfc015.dat
2014-10-09 20:59 - 2009-07-14 07:13 - 01558380 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 10:39 - 2013-09-13 15:58 - 00000000 ____D () C:\Users\Olania\Desktop\Zdjęcia
2014-10-05 18:51 - 2014-04-23 16:12 - 00000000 ____D () C:\Users\Olania\Downloads\K-drama
2014-10-04 10:53 - 2013-10-11 09:27 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-03 19:47 - 2014-02-05 19:58 - 00030865 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 09:39 - 2013-07-24 20:28 - 00000000 ____D () C:\Users\Olania\Desktop\Studia
2014-10-01 18:21 - 2013-08-29 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 18:21 - 2013-06-12 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 08:15 - 2013-06-11 21:55 - 00000000 ____D () C:\Users\Olania\AppData\Local\Google
2014-10-01 08:15 - 2013-06-11 21:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-01 08:15 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-01 08:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-29 08:36 - 2013-06-12 10:08 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-29 07:46 - 2013-06-11 22:41 - 00000000 ____D () C:\Users\Olania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-26 11:17 - 2013-06-12 10:33 - 00000000 ____D () C:\Users\Olania\AppData\Roaming\foobar2000
2014-09-26 09:24 - 2013-06-11 22:31 - 00000000 ____D () C:\Users\Olania\AppData\Local\Last.fm
2014-09-25 09:30 - 2013-06-11 21:56 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-23 20:45 - 2013-11-02 13:38 - 00000000 ____D () C:\Users\Olania\Downloads\książki
2014-09-23 20:43 - 2014-03-08 13:45 - 00000000 ____D () C:\Users\Olania\Downloads\Radio Bagdad - Kupujac czern
 
Some content of TEMP:
====================
C:\Users\Olania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp40zj8y.dll
C:\Users\Olania\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Olania\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Olania\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Olania\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Olania\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Olania\AppData\Local\Temp\optprosetup.exe
C:\Users\Olania\AppData\Local\Temp\ose00000.exe
C:\Users\Olania\AppData\Local\Temp\Quarantine.exe
C:\Users\Olania\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Olania\AppData\Local\Temp\_is9CFA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-01 18:52
 
==================== End Of Log ============================

 

Attached Files



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 10 October 2014 - 12:46 PM

That looks much better. Just a couple more scans and a fix and I think you'll be in the clear.

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
start
HKLM-x32\...\Run: [fst_pl_31] => [X]
FF Extension: YoUtubEAdBloocke - C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\Extensions\H@uq63L.org [2014-10-06]
CHR Extension: (No Name) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-10-01]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
2014-10-01 08:16 - 2014-10-04 10:28 - 00000000 ____D () C:\ProgramData\YoUtubEAdBloocke
2014-10-01 08:16 - 2014-10-01 19:23 - 00000000 ____D () C:\Program Files (x86)\YoUtubEAdBloocke
2014-10-01 08:15 - 2014-10-01 08:16 - 00000000 ____D () C:\ProgramData\e00525812fb6fd92
2014-10-01 08:10 - 2014-10-01 08:10 - 561409802 ____H () C:\Users\Olania\Desktop\BIT2578.tmp
File: C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:320208DA
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:53B8C5D2
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:F74EC668
C:\Program Files (x86)\LiveSupport
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

Step 2

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

 

Step 3

 

Please scan with TDSSKiller

Download it to your desktop

Open TDSSKiller

Accept both agreements

Click Change Parameters

Add a checkmark to "Detect TDLFS file system". Leave the other settings alone. Press OK when finished.

Click the Start Scan button.

Open Windows Explorer and find the report of the TDSSKiller scan at C:\TDSSKiller.version_month.day.year_XX.XX.XX_log.txt

Please attach this log to your next post


Edited by thisisu, 10 October 2014 - 12:47 PM.


#5 Mizu-chan

Mizu-chan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Poland
  • Local time:10:48 PM

Posted 11 October 2014 - 09:07 AM

Here are the reports you asked for: 

 

Fixlog file: 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
Ran by Olania at 2014-10-11 15:04:22 Run:1
Running from C:\Users\Olania\Desktop\infekcja
Loaded Profile: Olania (Available profiles: Olania)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [fst_pl_31] => [X]
FF Extension: YoUtubEAdBloocke - C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\Extensions\H@uq63L.org [2014-10-06]
CHR Extension: (No Name) - C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-10-01]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
2014-10-01 08:16 - 2014-10-04 10:28 - 00000000 ____D () C:\ProgramData\YoUtubEAdBloocke
2014-10-01 08:16 - 2014-10-01 19:23 - 00000000 ____D () C:\Program Files (x86)\YoUtubEAdBloocke
2014-10-01 08:15 - 2014-10-01 08:16 - 00000000 ____D () C:\ProgramData\e00525812fb6fd92
2014-10-01 08:10 - 2014-10-01 08:10 - 561409802 ____H () C:\Users\Olania\Desktop\BIT2578.tmp
File: C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:320208DA
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:53B8C5D2
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:F74EC668
C:\Program Files (x86)\LiveSupport
EmptyTemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_pl_31 => value deleted successfully.
C:\Users\Olania\AppData\Roaming\Mozilla\Firefox\Profiles\9og3mf5g.default\Extensions\H@uq63L.org => Moved successfully.
C:\Users\Olania\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj directory not found.
BT => Service deleted successfully.
BTCOM => Service deleted successfully.
IvtComBusSrv => Service deleted successfully.
Prot6Flt => Service deleted successfully.
C:\ProgramData\YoUtubEAdBloocke => Moved successfully.
C:\Program Files (x86)\YoUtubEAdBloocke => Moved successfully.
C:\ProgramData\e00525812fb6fd92 => Moved successfully.
C:\Users\Olania\Desktop\BIT2578.tmp => Moved successfully.
 
========================= File: C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe ========================
 
"C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe" not found.
====== End Of File: ======
 
C:\ProgramData\TEMP => ":0BF4DA47" ADS removed successfully.
C:\ProgramData\TEMP => ":10DB9BB7" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":302ECBD6" ADS removed successfully.
C:\ProgramData\TEMP => ":320208DA" ADS removed successfully.
C:\ProgramData\TEMP => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\TEMP => ":53B8C5D2" ADS removed successfully.
C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
C:\ProgramData\TEMP => ":97427454" ADS removed successfully.
C:\ProgramData\TEMP => ":F74EC668" ADS removed successfully.
"C:\Program Files (x86)\LiveSupport" => File/Directory not found.
EmptyTemp: => Removed 2.5 GB temporary data.
 
 
The system needed a reboot. 
 

 

==== End of Fixlog ====
 
MBAM Scan log:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-10-11
Scan Time: 15:25:56
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.11.04
Rootkit Database: v2014.10.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Olania
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364751
Time Elapsed: 24 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Now is everything all right? :)

 

Attached Files


Edited by Mizu-chan, 11 October 2014 - 09:10 AM.


#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 11 October 2014 - 12:45 PM

It's reassuring to me :)

Things still running smoothly on your end? Ready for final cleanup steps?



#7 Mizu-chan

Mizu-chan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Poland
  • Local time:10:48 PM

Posted 12 October 2014 - 02:14 AM

Everything is fine. I have even the feeling that websites are opening faster. No ads. Everything back to normal. 
I'm ready for the next step. :) 



#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 12 October 2014 - 03:43 AM

Great  :thumbup2:

 

1. Delete FRST

2. Delete the C:\FRST folder

3. Ensure you have the latest version the following applications if you use them. The outdated versions of these applications are commonly used to infect computers: 

  • Adobe Flash Player
  • Adobe Reader
  • Java
  • Microsoft Silverlight

4. No matter which browser you decide to use, I highly recommend this browser extension which effectively blocks annoying banners, pop-ups, and video ads - even on Facebook and YouTube: Adblock Plus.

5. A couple of small yet highly effective programs I recommend are: SpywareBlaster and CCleaner Slim.

6. Finally, delete your old system restore points and create a new one. If you need help with this, click here.

 

Be safe !


Edited by thisisu, 12 October 2014 - 03:43 AM.


#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 12 October 2014 - 03:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users