Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acts strange, programs not responding etc


  • This topic is locked This topic is locked
16 replies to this topic

#1 wilq

wilq

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 28 October 2014 - 03:06 AM

Hello, my computer started to act strange in last few days, programs are not responding, dvd drive is not responding too (dont see any cd/dvd inside). I tried to run some malware remowal tools but they install but later dont respond also. Mind you im complete newbie in this buissnes.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 31 October 2014 - 04:41 AM

Any help?.



#3 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 06:55 AM

:welcome:

Hello wilq,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 09:21 AM

Security check

 

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Farbar

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Michal (administrator) on MICHAL-KOMPUTER on 01-11-2014 15:19:14
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(GG Network S.A.) C:\Users\Michal\AppData\Local\GG\Application\gghub.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GG Network S.A.) C:\Users\Michal\AppData\Local\GG\Application\ggapp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(GG Network S.A.) C:\Users\Michal\AppData\Local\GG\Application\ggdrive\ggdrive.exe
(GG Network S.A.) C:\Users\Michal\AppData\Local\GG\Application\xulrunner\gghub.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [290816 2011-06-21] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [GG] => C:\Users\Michal\AppData\Local\GG\Application\gghub.exe [4023360 2014-09-10] (GG Network S.A.)
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\ChomikBox.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22040168 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {442455cd-1c32-11e1-a677-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {47247e57-9076-11e1-82f3-8c89a57d54b9} - E:\setup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {55c503a3-8618-11e2-bdc1-8c89a57d54b9} - E:\Setup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {55c503d5-8618-11e2-bdc1-8c89a57d54b9} - E:\Setup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {5ad4b4ff-7986-11e2-a97e-8c89a57d54b9} - E:\setup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {c0358376-0a18-11e3-a532-8c89a57d54b9} - E:\setup.exe
HKU\S-1-5-21-1931387655-1144421392-3440156921-1000\...\MountPoints2: {c5e8272c-9f73-11e3-82f4-8c89a57d54b9} - E:\setup.exe
AppInit_DLLs: c:\windows\syswow64\guard32.dll => c:\windows\syswow64\guard32.dll File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\guard32.dll => "c:\windows\syswow64\guard32.dll" File Not Found
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=40
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=40
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61
Tcpip\..\Interfaces\{3ADF5D57-C078-4CB3-987A-CA68A263B3EA}: [NameServer] 8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748
FF Homepage: https://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: 4game.com/plugin -> E:\4game\npplugin4game.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome:
=======

But farbar stop responding at MSICDSetup

 

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-12-01 21:15:46
System Uptime: 2014-10-28 08:24:23 (0 hours ago)
.
Motherboard: MSI |  | P67A-C45 (MS-7673)
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | SOCKET 0 | 3101/100mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Army Builder V2.2c
µTorrent
AVG 2015
Battle.net
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
CPUID HWMonitor 1.18
D3DX10
DAEMON Tools Lite
Diablo III
Dual-Core Optimizer
GG
Intel® Rapid Storage Technology enterprise
Java 7 Update 67
Java Auto Updater
Logitech Gaming Software
Logitech Gaming Software 8.53
Malwarebytes Anti-Malware wersja 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (PLK)
Microsoft .NET Framework 4.5.1 (Polski)
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Mozilla Firefox 33.0 (x86 pl)
Mozilla Maintenance Service
MSVCRT
NVIDIA PhysX
OpenOffice 4.1.0
Podstawowe programy Windows Live
PunkBuster Services
Raptr
Realtek Ethernet Controller Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype™ 6.20
StarCraft II
System Requirements Lab CYRI
System Requirements Lab Detection
TeamSpeak 3 Client
Unity Web Player
Update for Mipony Download Manager
Update Manager
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.00 (64-bitowy)
Xiph.Org Open Codecs 0.85.17777
Zip Motion Block Video codec (Remove Only)
ZoneAlarm Antivirus
.
==== End Of File ===========================
 



#5 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 10:07 AM

Hello wilq,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 11:31 AM

Rootkit dont found anything

AdvCleaner log

# AdwCleaner v3.311 - Log utworzony 01/11/2014 o 17:28:44
# Aktualizacja 30/09/2014 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Michal - MICHAL-KOMPUTER
# Ścieżka : C:\Users\Michal\Desktop\AdwCleaner.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****

Folder Znaleziono : C:\Program Files (x86)\SmartTweak
Folder Znaleziono : C:\Users\Michal\AppData\Local\Mail.Ru
Folder Znaleziono : C:\Users\Michal\AppData\Roaming\FoxTab
Folder Znaleziono : C:\Users\Michal\AppData\Roaming\Systweak
Plik Znaleziono : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\user.js
Plik Znaleziono : C:\Windows\System32\roboot64.exe

***** [ Zadania ] *****

Zadanie Znaleziono : BrowserProtect
Zadanie Znaleziono : DSite
Zadanie Znaleziono : FoxTab

***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Znaleziono : HKCU\Software\InstalledBrowserExtensions
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Klucz Znaleziono : HKCU\Software\smarttweak
Klucz Znaleziono : [x64] HKCU\Software\InstalledBrowserExtensions
Klucz Znaleziono : [x64] HKCU\Software\smarttweak
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Wartość Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry]
Wartość Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer]
Wartość Znaleziono : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 pl)

[ Plik : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\prefs.js ]


*************************

AdwCleaner[R2].txt - [5113 octets] - [01/11/2014 17:28:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [5173 octets] ##########
 



#7 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 11:45 AM

Adccleaner after cleanup

***** [ Zadania ] *****

Zadanie Usunięto : BrowserProtect
Zadanie Usunięto : DSite
Zadanie Usunięto : FoxTab

***** [ Skróty ] *****


***** [ Rejestr ] *****

Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry]
Wartość Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer]
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Klucz Usunięto : HKCU\Software\InstalledBrowserExtensions
Klucz Usunięto : HKCU\Software\smarttweak
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 pl)

[ Plik : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\prefs.js ]


*************************

AdwCleaner[R2].txt - [5341 octets] - [01/11/2014 17:28:44]
AdwCleaner[S1].txt - [4953 octets] - [01/11/2014 17:32:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5013 octets] ##########



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 11:55 AM

Hello wilq,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 12:05 PM

Advcleaner

 

Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michal on 2014-11-01 at 17:57:56,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\chomikbox



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Michal\AppData\Roaming\mozilla\firefox\profiles\rwe0bluy.default-1380267047748\minidumps [140 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-11-01 at 18:00:44,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Farbar still start to not respond at scanning services : MSICDSetup



#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 12:13 PM

Hello wilq,

Please post the AdwCleaner log!


Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 12:18 PM

Adv log

# AdwCleaner v3.311 - Log utworzony 01/11/2014 o 18:14:02
# Aktualizacja 30/09/2014 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Michal - MICHAL-KOMPUTER
# Ścieżka : C:\Users\Michal\Desktop\AdwCleaner.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Zadania ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****


***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 pl)

[ Plik : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\prefs.js ]


*************************

AdwCleaner[R2].txt - [5341 octets] - [01/11/2014 17:28:44]
AdwCleaner[R3].txt - [962 octets] - [01/11/2014 18:01:42]
AdwCleaner[R4].txt - [823 octets] - [01/11/2014 18:14:02]
AdwCleaner[S1].txt - [5173 octets] - [01/11/2014 17:32:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [942 octets] ##########
 

When trying to run scan on OTL he's not responding too



#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 12:25 PM

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs




***

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***

Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.


***

  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 wilq

wilq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 November 2014 - 12:58 PM

ComboFix

ComboFix 14-10-29.01 - Michal 2014-11-01  18:29:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.8162.5584 [GMT 1:00]
Uruchomiony z: c:\users\Michal\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-10-01 do 2014-11-01  )))))))))))))))))))))))))))))))
.
.
2014-11-01 17:46 . 2014-11-01 17:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-01 16:28 . 2014-11-01 17:14    --------    d-----w-    C:\AdwCleaner
2014-11-01 16:20 . 2014-11-01 16:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-11-01 16:20 . 2014-11-01 16:27    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-01 16:20 . 2014-11-01 16:20    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-01 16:20 . 2014-11-01 16:20    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-30 13:49 . 2014-10-20 02:37    11627712    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{00CA24B4-07FD-4EE9-9806-3D5AFF725583}\mpengine.dll
2014-10-27 21:25 . 2014-11-01 17:03    --------    d-----w-    C:\FRST
2014-10-27 20:54 . 2014-10-27 21:08    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-10-27 20:54 . 2014-10-27 21:11    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-10-21 11:57 . 2014-10-21 11:57    --------    d-----w-    c:\users\Michal\AppData\Roaming\AVG2015
2014-10-21 11:55 . 2014-10-21 11:57    --------    d-----w-    c:\programdata\AVG2015
2014-10-21 11:50 . 2014-10-21 17:42    --------    d-----w-    c:\users\Michal\AppData\Local\Avg2015
2014-10-18 07:44 . 2014-10-18 07:44    --------    d-----w-    c:\programdata\ATI
2014-10-18 07:44 . 2014-10-18 07:44    --------    d-----w-    c:\program files (x86)\AMD AVT
2014-10-16 09:48 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 17:15 . 2014-10-17 15:45    --------    d-----w-    C:\wow
2014-10-14 17:11 . 2014-10-24 14:15    --------    d-----w-    c:\program files (x86)\Battle.net
2014-10-14 15:46 . 2014-10-14 15:46    --------    d-----w-    c:\program files\CCleaner
2014-10-08 06:57 . 2014-10-08 06:57    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-07 10:42 . 2014-10-07 10:42    --------    d-----w-    c:\users\Michal\AppData\Roaming\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-21 07:51 . 2012-06-16 11:31    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-21 07:51 . 2012-06-16 11:31    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 19:19 . 2011-12-09 05:10    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-10-02 14:53 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-25 02:08 . 2014-10-01 10:51    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 10:51    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-15 22:32 . 2014-09-15 22:32    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2011-10-26 01:21    144328    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-09-15 22:31    126848    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2013-12-06 22:03    118096    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2012-09-28 01:10    100032    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2011-10-26 02:04    1335544    ----a-w-    c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2011-10-26 02:05    1113576    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2011-10-26 01:46    10826488    ----a-w-    c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2014-09-15 22:31    9254184    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2012-09-28 01:22    7207592    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2012-09-28 02:23    7028336    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2013-12-06 21:57    8044976    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2013-12-06 21:56    8296296    ----a-w-    c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29    293088    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26    16750080    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18    235008    ----a-w-    c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17    33867264    ----a-w-    c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17    28770304    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13    27918336    ----a-w-    c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09    48128    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09    37888    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09    5639168    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08    23375360    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07    367104    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05    4480000    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2013-12-06 20:53    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03    619008    ----a-w-    c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03    91648    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-09-15 21:59 . 2014-09-15 21:59    827392    ----a-w-    c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2011-10-26 01:22    1210880    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    900608    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    576000    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-09-15 16:21 . 2014-09-15 16:21    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-09-15 16:19 . 2014-09-15 16:19    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-09-09 22:11 . 2014-09-24 11:40    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 11:40    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-28 15:45 . 2011-03-28 17:36    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 06:41    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:41    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-20 19:45 . 2014-08-20 19:45    243480    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-08-06 19:39 . 2014-08-06 19:39    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22040168]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-25 6480664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-06-21 290816]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-09-05 3593744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 4game;4game;e:\4game\4GameService.exe ;e:\4game\4GameService.exe  [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 IAStorDataMgrSvc;Technologia pamięci Intel® Rapid enterprise;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 07:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43    2023936    ----a-w-    c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43    2023936    ----a-w-    c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43    2023936    ----a-w-    c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43    2023936    ----a-w-    c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-02 10464536]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 62.179.1.60 62.179.1.61
TCP: Interfaces\{3ADF5D57-C078-4CB3-987A-CA68A263B3EA}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\rwe0bluy.default-1380267047748\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
AddRemove-Raptr - c:\program files (x86)\Raptr\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-11-01  18:55:25
ComboFix-quarantined-files.txt  2014-11-01 17:55
.
Przed: 33 493 024 768 bajtów wolnych
Po: 33 364 033 536 bajtów wolnych
.
- - End Of File - - B07D6C94599D348307BE5E2BFF264095

 

FSS

Farbar Service Scanner Version: 21-07-2014
Ran by Michal (administrator) on 01-11-2014 at 18:57:23
Running from "C:\Users\Michal\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 



#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 01:12 PM

Please try Farbar Recovery Scan Tool and OTL scan again.

Disable your anti-Virus Software.
Run the scans.

 

When scans are done:
Enable your anti-Virus Software.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 PM

Posted 01 November 2014 - 01:17 PM

During scans disable Spybot - Search & Destroy as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users