Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs keep opening by themselves and no program can see the virus


  • Please log in to reply
18 replies to this topic

#1 Luspea

Luspea

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 02 December 2014 - 07:09 PM

Hi,

My computer started opening programs by itself (to be specific-three of them-my computer, calculator and Chrome) and I tried soo many programs but not one seem to be able to detect anything that might be causing it.

I use Avast Free antivirus which normally seems to detect anything just fine, but this time it neither showed me any warning nor showed anything in full scan.

I thought that ComboFix have helped for a while, but then there was the same thing again.

I tried CCleaner, ATF Cleaner, SuperAntiSpyware, ESET Online Scanner, F-Secure Online Scanner, Malwarebytes  Anti-Malware, Emsisoft Anti-Malware and possibly some other programms which I can’t remember, but all they found were some minor things which didn’t help.

Sometimes I would think for a few moments that that was it, but then they pop up again.

Unfortunately I didn’t keep the logs, because they tell me nothing and I just assumed that something finally will solve it. But now I’m honestly out of ideas.

(Also I have a plug-in keyboard, cause I heard that a wireless one might cause such problems)



BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2014 - 01:56 AM

Hello there      :welcome:

 

I'm LighthouseParty and I'll be assisting you with your concern today. Let's run a couple of scans to see what could be causing this.
 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#3 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 05 December 2014 - 02:18 PM

Thank you for a quick response!

 

Actually now it seem to have stopped doing that (which is weird since I haven't done anything since the last time it happened-I haven't even turned on this computer), but I don't want to get my hopes up, cause it done that before and it was back soon, so I'm still posting results

 

Minitoolbox


MiniToolBox by Farbar  Version: 30-11-2014
Ran by Agata (administrator) on 05-12-2014 at 16:40:02
Running from "C:\Users\Agata\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Konfiguracja IP systemu Windows
 
Pomy�lnie opr��niono pami�� podr�czn� programu rozpoznawania nazw DNS.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.1.0 - IObit)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_PROPLUS_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_PROPLUS_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_PROPLUS_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
Aktualizacje NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Any Video Converter 3.1.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Batch PNG to JPG (HKLM\...\Batch PNG to JPG1.51) (Version: 1.51 - Design-Lib.com)
Brother MFL-Pro Suite DCP-375CW (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1733BD75-088D-40E1-96B4-BAE75F559961}) (Version: 0.9.27 - Kovid Goyal)
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChomikBox (HKLM\...\{6F23A5FE-CFE7-4340-A480-AA9AC196E9AB}) (Version: 2.0.2.2 - Chomikuj.pl)
ChomikBox (HKLM\...\ChomikBox) (Version:  - )
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivXLand Media Subtitler (HKLM\...\DivXLand Media Subtitler) (Version:  - )
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dzielenie i łączenie plików v1.2.2 (HKLM\...\Dzielenie i łączenie plików_is1) (Version:  - Michał Bąbik)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow (remove only) (HKLM\...\ffdshow) (Version:  - )
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GPL MPEG-1/2 DirectShow Decoder Filter (HKLM\...\{870815CA-6B60-47B6-88DD-A67F42D2F03E}) (Version: 0.1.2 - Peter Wimmer)
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HEXelon Free 5.00 (HKLM\...\{0817A2F5-F1FC-4FA0-9C40-3E12B41DDD73}_is1) (Version:  - )
HP Active Support Library (Version: 3.1.0.6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{E1476612-02D6-42A3-BDC1-E292B4115738}) (Version: 5.7.0.2611 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
JDownloader (HKLM\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
K-Lite Mega Codec Pack 5.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.0 - )
Last.fm Scrobbler 2.1.33 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
LG PC Suite II (HKLM\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)
Lightning Warrior Raidy (HKLM\...\Lightning Warrior Raidy) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.30.1346.0 - Logitech) Hidden
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware wersja 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
Metin2 (HKLM\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 3.5 Language Pack SP1 - plk (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2007 (Version: 12.0.4518.1020 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{306B39C9-3AB1-4161-8567-9C7E50B41AE3}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 14.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 14.0.1 (x86 pl)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM\...\{a80ce823-a8a5-4dd6-968f-52b1b391f023}) (Version:  - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM\...\{A9094B7E-7221-4FDD-8F22-340003F4BDC2}) (Version: 0.24.141 - Overwolf)
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version:  - )
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - plk) (Version:  - Microsoft Corporation)
Pakiet zgodności dla systemu Office 2007 (HKLM\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Panel sterowania NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
ReadWrite Katakana version 1.3 (HKLM\...\ReadWrite Katakana_is1) (Version: 1.3 Build 2228 - Declan Software, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{5C4ED859-875F-4299-AA2C-E0E393BDCD21}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SonicStage 4.3 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ulead GIF Animator 5 Trial (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UltraStar Deluxe (HKLM\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0415-0000-0000000FF1CE}_PROPLUS_{840D15BD-72E8-4710-ABDD-8E883B88BD5D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 5.01 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veoh Video Compass (HKLM\...\Veoh Video Compass) (Version: 1.5.2 - Veoh Networks, Inc.)
Veoh Web Player (HKLM\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VIA Platforma Menedżera urządzeń (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video-AVI to GIF-JPEG 3.1 (HKLM\...\Video-AVI to GIF-JPEG) (Version: 3.1 - MiniHttpServer)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WapSter AQQ (HKLM\...\AQQ) (Version: 2.2.5.10 - Creative Team S.A.)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{E580DFEA-3F1D-4B56-9115-984217032FF5}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
Zoner Photo Studio 12 (HKLM\...\ZonerPhotoStudio12_EN_is1) (Version: 12.0.1.9 - ZONER software)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version:  - Zylom Games)
========================= Restore Points ==================================
 
23-01-2014 12:08:49 Windows Update
23-01-2014 12:10:49 Windows Update
13-04-2014 17:54:27 Zaplanowany punkt kontrolny
27-04-2014 15:57:30 Windows Update
27-04-2014 16:45:39 Instalator modułów systemu Windows
12-05-2014 20:08:39 Instalator modułów systemu Windows
31-05-2014 15:26:06 Instalator modułów systemu Windows
31-05-2014 15:34:02 Instalator modułów systemu Windows
31-05-2014 16:58:41 Windows Update
28-07-2014 19:48:01 Windows Update
09-09-2014 17:28:14 Windows Update
25-09-2014 23:56:27 Windows Update
03-10-2014 21:56:43 avast! antivirus system restore point
19-10-2014 20:35:28 Operacja przywracania
20-10-2014 20:57:31 avast! antivirus system restore point
28-11-2014 23:33:38 avast! antivirus system restore point
01-12-2014 14:49:09 Tuneup Pro Pn, gru 01, 14  15:49
01-12-2014 14:52:42 Instalacja pakietu sterownika urządzenia: TAP-Windows Provider V9 Karty sieciowe
 
**** End of log ****
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-12-05
Scan Time: 16:55:05
Logfile: result malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.05.07
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Agata
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427178
Time Elapsed: 13 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Security check

 Results of screen317's Security Check version 0.99.91  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 CCleaner     
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 14.0.1 Firefox out of Date!  
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2014 - 02:31 PM

Hello there,

 

:step1: Uninstall some programs

 

There's currently some programs on your PC that we need to remove, for the time-being at least. Click the start menu, type in Programs and Features and click Programs and Features. Navigate to each of the following below one-by-one and click uninstall:

  • Java 8 Update 25
  • Java Auto Updater 
  • Spybot - Search & Destroy

:step2: Please download JavaRa from here and once opened it, select 'remove JRE'. The following programs need to be updated, click them for instructions on how to do so:

:step3: Download and run AdwCleaner

  1. Click here to download AdwCleaner to your desktop.
  2. Double click adwcleaner_x.xxx.exe. If prompted, click I agree.
  3. Click scan. When it's finished, select clean.
  4. Allow AdwCleaner to restart your computer.
  5. Once you've restarted, a log should appear. Please post this in your next reply.

:step4: Download Junkware Removal Tool

  1. Click here to download Junkware Removal Tool to your desktop.
  2. Double click JRT.exe. (Win 7 and Vista users, right-click and select run as admin)
  3. Press any key and the scan will begin.
  4. At the end, a log will open. Please post this in your next reply.

Edited by LighthouseParty, 05 December 2014 - 02:32 PM.


#5 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 December 2014 - 10:07 AM

Thank you so much for help!

 

AdwCleaner

# AdwCleaner v4.104 - Log utworzony 05/12/2014 o 23:51:18
# Aktualizacja 05/12/2014 przez Xplode
# Database : 2014-12-03.1 [Live]
# System operacyjny : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Użytkownik : Agata - AGATA-PC
# Ścieżka : C:\Users\Agata\Desktop\adwcleaner_4.104.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
 
***** [ Zadania ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
Klucz Usunięto : HKCU\Software\Tune
Klucz Usunięto : HKLM\SOFTWARE\Tune
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Mozilla Firefox v34.0.5 (x86 pl)
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.bestanimeshop.com/category?top_searchString={searchTerms}&searchString=prince+of+tennis
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [14030 octets] - [12/05/2014 21:16:26]
AdwCleaner[R1].txt - [1354 octets] - [19/10/2014 22:07:26]
AdwCleaner[R2].txt - [1366 octets] - [19/10/2014 22:15:51]
AdwCleaner[R3].txt - [320 octets] - [19/10/2014 22:18:37]
AdwCleaner[R4].txt - [1485 octets] - [19/10/2014 22:45:50]
AdwCleaner[R5].txt - [2894 octets] - [01/12/2014 08:59:58]
AdwCleaner[R6].txt - [2500 octets] - [05/12/2014 23:43:45]
AdwCleaner[S0].txt - [14266 octets] - [12/05/2014 21:20:49]
AdwCleaner[S1].txt - [1611 octets] - [19/10/2014 22:49:02]
AdwCleaner[S2].txt - [2877 octets] - [01/12/2014 09:04:22]
AdwCleaner[S3].txt - [2349 octets] - [05/12/2014 23:51:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2409 octets] ##########
 
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Agata on 2014-12-06 at 15:49:54,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-12-06 at 16:04:08,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2014 - 12:34 PM

How is the PC now?



#7 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 07 December 2014 - 05:54 AM

It seems to be fine. Thank you so much!



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 07 December 2014 - 11:51 AM

Glad your issue is now resolved :)

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

Happy surfing!



#9 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 19 January 2015 - 04:50 PM

I thought it got fixed. I don't use this computer much so only some time later I realised that "My computer" was still opening by itself, but it did so about once in a half hour so it didn't bother me much and I decided to ignore it (which I should learn is a bad choice). And today it started popping all the windows at once again (now with the addiction of google chrome) so I am back to square one and I still do need help. Sorry to bother you again after so long.

I'm scanning it with Malwarebytes Anti-Malware now an I will try to post the log if it let me


Edited by Luspea, 19 January 2015 - 04:58 PM.


#10 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 19 January 2015 - 04:57 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-01-19
Scan Time: 22:38:07
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.19.14
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Agata
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440488
Time Elapsed: 17 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Bundler, C:\$RECYCLE.BIN\S-1-5-21-1740593809-3823880502-3175953843-1000\$RI73EZ7.exe, Quarantined, [6cde34c5fd8c86b0958de4abce37b24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 19 January 2015 - 04:59 PM

It seems that LightHouse party no longer helps here.

 

 

 

 

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
 
Step 5: Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

[/*]

Step 6: Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 
Step 7: Report
 
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.



#12 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 23 January 2015 - 07:41 AM

I scanned with everything but the problem still exists. Additionally "My computer" pops out when I'm trying to write anything on keyboard.

 

1. MiniToolBox by Farbar  Version: 30-11-2014

Ran by Agata (administrator) on 23-01-2015 at 10:01:49
Running from "C:\Users\Agata\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Konfiguracja IP systemu Windows
 
Pomylnie oprniono pami podrczn programu rozpoznawania nazw DNS.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
avast! SecureLine TAP Adapter v3 = Połączenie lokalne 3 (Disconnected)
NVIDIA nForce 10/100 Mbps Ethernet  = Połączenie lokalne 2 (Connected)
USB Wireless 802.11 b/g Adaptor = Połączenie sieci bezprzewodowej 2 (Media disconnected)
 
 
# ----------------------------------
# Konfiguracja IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Koniec konfiguracji IPv4
 
 
 
Konfiguracja IP systemu Windows
 
   Nazwa hosta . . . . . . . . . . . : Agata-PC
   Sufiks podstawowej domeny DNS . . : 
   Typ wza . . . . . . . . . . . . : Hybrydowy
   Routing IP wczony . . . . . . . : Nie
   Serwer WINS Proxy wczony. . . . : Nie
 
Karta bezprzewodowej sieci LAN Poczenie sieci bezprzewodowej 2:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor #2
   Adres fizyczny. . . . . . . . . . : 00-16-44-E7-00-73
   DHCP wczone . . . . . . . . . . : Tak
   Autokonfiguracja wczona . . . . : Tak
 
Karta Ethernet Poczenie lokalne 2:
 
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2
   Adres fizyczny. . . . . . . . . . : BC-5F-F4-02-87-B4
   DHCP wczone . . . . . . . . . . : Tak
   Autokonfiguracja wczona . . . . : Tak
   Adres IPv6 poczenia lokalnego . : fe80::906d:b0c2:996e:bf0b%17(Preferowane) 
   Adres IPv4. . . . . . . . . . . . . : 192.168.0.11(Preferowane) 
   Maska podsieci. . . . . . . . . . : 255.255.255.0
   Dzierawa uzyskana. . . . . . . . : 23 stycznia 2015 09:54:08
   Dzierawa wygasa. . . . . . . . . : 24 stycznia 2015 09:54:04
   Brama domylna. . . . . . . . . . : 192.168.0.1
   Serwer DHCP . . . . . . . . . . . : 192.168.0.1
   Identyfikator IAID DHCPv6 . . . . : 398221300
   Identyfikator DUID klienta DHCPv6 : 00-01-00-01-10-33-03-93-00-1E-90-2C-88-5F
   Serwery DNS . . . . . . . . . . . : 62.179.1.63
                                       62.179.1.62
   NetBIOS przez Tcpip . . . . . . . : Wczony
 
Karta tunelowa Poczenie lokalne*:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : isatap.{9E8C1921-FE4E-416C-8F9F-AB27C670C26A}
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
 
Karta tunelowa Poczenie lokalne* 3:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : 6TO4 Adapter
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
 
Karta tunelowa Poczenie lokalne* 7:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : Karta Microsoft 6to4 #2
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
 
Karta tunelowa Poczenie lokalne* 12:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adres fizyczny. . . . . . . . . . : 02-00-54-55-4E-01
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
 
Karta tunelowa Poczenie lokalne* 13:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : Karta Microsoft 6to4 #3
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
 
Karta tunelowa Poczenie lokalne* 14:
 
   Stan nonika . . . .  . . . . . . .: Nonik odczony
   Sufiks DNS konkretnego poczenia : 
   Opis. . . . . . . . . . . . . . . : isatap.{499A8ABE-B8C6-4A9B-9DE7-B22D4BAB94D0}
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wczone . . . . . . . . . . : Nie
   Autokonfiguracja wczona . . . . : Tak
Server:  pl-waw4a-dns04.chello.pl
Address:  62.179.1.63
 
Name:    google.com
Addresses:  2a00:1450:4013:c01::71
 173.194.65.102
 173.194.65.101
 173.194.65.139
 173.194.65.138
 173.194.65.100
 173.194.65.113
 
 
 
Badanie google.com [173.194.65.102] z 32 bajtami danych:
 
Odpowied z 173.194.65.102: bajtw=32 czas=48ms TTL=43
 
Odpowied z 173.194.65.102: bajtw=32 czas=48ms TTL=43
 
 
 
Statystyka badania ping dla 173.194.65.102:
 
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty),
 
Szacunkowy czas bdzenia pakietw w millisekundach:
 
    Minimum = 48 ms, Maksimum = 48 ms, Czas redni = 48 ms
 
Server:  pl-waw4a-dns04.chello.pl
Address:  62.179.1.63
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
 
Badanie yahoo.com [206.190.36.45] z 32 bajtami danych:
 
Odpowied z 206.190.36.45: bajtw=32 czas=207ms TTL=47
 
Odpowied z 206.190.36.45: bajtw=32 czas=208ms TTL=47
 
 
 
Statystyka badania ping dla 206.190.36.45:
 
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty),
 
Szacunkowy czas bdzenia pakietw w millisekundach:
 
    Minimum = 207 ms, Maksimum = 208 ms, Czas redni = 207 ms
 
 
 
Badanie 127.0.0.1 z 32 bajtami danych:
 
Odpowied z 127.0.0.1: bajtw=32 czas<1 ms TTL=128
 
Odpowied z 127.0.0.1: bajtw=32 czas<1 ms TTL=128
 
 
 
Statystyka badania ping dla 127.0.0.1:
 
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0 (0% straty),
 
Szacunkowy czas bdzenia pakietw w millisekundach:
 
    Minimum = 0 ms, Maksimum = 0 ms, Czas redni = 0 ms
 
===========================================================================
Lista interfejsw
 18 ...00 16 44 e7 00 73 ...... USB Wireless 802.11 b/g Adaptor #2
 17 ...bc 5f f4 02 87 b4 ...... NVIDIA nForce 10/100 Mbps Ethernet #2
  1 ........................... Software Loopback Interface 1
 20 ...00 00 00 00 00 00 00 e0  isatap.{9E8C1921-FE4E-416C-8F9F-AB27C670C26A}
 12 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 13 ...00 00 00 00 00 00 00 e0  Karta Microsoft 6to4 #2
 14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 15 ...00 00 00 00 00 00 00 e0  Karta Microsoft 6to4 #3
 19 ...00 00 00 00 00 00 00 e0  isatap.{499A8ABE-B8C6-4A9B-9DE7-B22D4BAB94D0}
===========================================================================
 
Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci   Maska sieci      Brama          Interfejs Metryka
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    276
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    276
===========================================================================
Trasy trwae:
  Brak
 
Tabela tras IPv6
===========================================================================
Aktywne trasy:
 Jeli Metryka Miejsce docelowe w sieci      Brama
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 17    276 fe80::906d:b0c2:996e:bf0b/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
===========================================================================
Trasy trwae:
  Brak
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/23/2015 09:54:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/19/2015 11:14:01 PM) (Source: AdvancedSystemCareService8) (User: )
Description: Interfejs jest nieznany
 
Error: (01/19/2015 11:14:01 PM) (Source: AdvancedSystemCareService8) (User: )
Description: Nieprawidłowe dojście
 
Error: (01/19/2015 11:10:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/19/2015 11:05:23 PM) (Source: AdvancedSystemCareService8) (User: )
Description: Nieprawidłowe dojście
 
Error: (01/19/2015 10:35:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/19/2015 10:28:27 PM) (Source: Application Error) (User: )
Description: Aplikacja powodująca błąd chrome.exe, wersja 39.0.2171.99, sygnatura czasowa 0x54aef409, moduł powodujący błąd chrome.dll, wersja 39.0.2171.99, sygnatura czasowa 0x54aef01a, kod wyjątku 0x80000003, przesunięcie błędu 0x0051f7f8,
identyfikator procesu 0x52c, godzina rozpoczęcia aplikacji 0xchrome.exe0.
 
Error: (01/19/2015 09:54:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 10:39:36 PM) (Source: AdvancedSystemCareService8) (User: )
Description: Nieprawidłowe dojście
 
Error: (01/18/2015 10:39:36 PM) (Source: AdvancedSystemCareService8) (User: )
Description: Nieprawidłowe dojście
 
 
System errors:
=============
Error: (01/23/2015 10:03:42 AM) (Source: nvstor32) (User: )
Description: Na \Device\RaidPort0 został wykryty błąd parzystości.
 
Error: (01/23/2015 10:03:27 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: ZARZĄDZANIE NT)
Description: 0x80070032
 
Error: (01/23/2015 09:57:58 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (01/23/2015 09:57:58 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (01/23/2015 09:54:42 AM) (Source: Service Control Manager) (User: )
Description: oknlb
 
Error: (01/23/2015 09:54:42 AM) (Source: Service Control Manager) (User: )
Description: Nero MediaHome 4 Service%%3
 
Error: (01/23/2015 09:54:11 AM) (Source: Microsoft-Windows-TaskScheduler) (User: ZARZĄDZANIE NT)
Description: 2147942402
 
Error: (01/19/2015 11:13:39 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: ZARZĄDZANIE NT)
Description: 0x80070032
 
Error: (01/19/2015 11:12:36 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (01/19/2015 11:12:36 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
 
Microsoft Office Sessions:
=========================
Error: (06/04/2013 09:47:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 217 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/01/2012 00:12:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/26/2011 10:46:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 245 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (09/06/2011 10:09:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/17/2011 07:25:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/02/2011 09:13:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/09/2010 07:11:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/21/2010 09:42:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/14/2010 03:38:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/29/2010 06:22:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-19 22:47:31.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:30.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:30.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:29.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:28.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:28.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:27.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 22:47:26.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 21:09:21.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 21:09:20.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_PROPLUS_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_PROPLUS_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_PROPLUS_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
Aktualizacje NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Any Video Converter 3.1.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Batch PNG to JPG (HKLM\...\Batch PNG to JPG1.51) (Version: 1.51 - Design-Lib.com)
Brother MFL-Pro Suite DCP-375CW (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1733BD75-088D-40E1-96B4-BAE75F559961}) (Version: 0.9.27 - Kovid Goyal)
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChomikBox (HKLM\...\{6F23A5FE-CFE7-4340-A480-AA9AC196E9AB}) (Version: 2.0.2.2 - Chomikuj.pl)
ChomikBox (HKLM\...\ChomikBox) (Version:  - )
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivXLand Media Subtitler (HKLM\...\DivXLand Media Subtitler) (Version:  - )
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dzielenie i łączenie plików v1.2.2 (HKLM\...\Dzielenie i łączenie plików_is1) (Version:  - Michał Bąbik)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow (remove only) (HKLM\...\ffdshow) (Version:  - )
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GPL MPEG-1/2 DirectShow Decoder Filter (HKLM\...\{870815CA-6B60-47B6-88DD-A67F42D2F03E}) (Version: 0.1.2 - Peter Wimmer)
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HEXelon Free 5.00 (HKLM\...\{0817A2F5-F1FC-4FA0-9C40-3E12B41DDD73}_is1) (Version:  - )
HP Active Support Library (Version: 3.1.0.6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Easy Setup - Frontend (HKLM\...\{E1476612-02D6-42A3-BDC1-E292B4115738}) (Version: 5.7.0.2611 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
JDownloader (HKLM\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
K-Lite Mega Codec Pack 5.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.0 - )
Last.fm Scrobbler 2.1.33 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
LG PC Suite II (HKLM\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)
Lightning Warrior Raidy (HKLM\...\Lightning Warrior Raidy) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.30.1346.0 - Logitech) Hidden
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
Metin2 (HKLM\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 3.5 Language Pack SP1 - plk (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2007 (Version: 12.0.4518.1020 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{306B39C9-3AB1-4161-8567-9C7E50B41AE3}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 pl) (HKLM\...\Mozilla Firefox 34.0.5 (x86 pl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM\...\{a80ce823-a8a5-4dd6-968f-52b1b391f023}) (Version:  - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version:  - )
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - plk) (Version:  - Microsoft Corporation)
Pakiet zgodności dla systemu Office 2007 (HKLM\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Panel sterowania NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
ReadWrite Katakana version 1.3 (HKLM\...\ReadWrite Katakana_is1) (Version: 1.3 Build 2228 - Declan Software, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{5C4ED859-875F-4299-AA2C-E0E393BDCD21}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SonicStage 4.3 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StepMania v5.0 beta 4 (remove only) (HKLM\...\StepMania 5) (Version:  - StepMania Team)
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ulead GIF Animator 5 Trial (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UltraStar Deluxe (HKLM\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0415-0000-0000000FF1CE}_PROPLUS_{840D15BD-72E8-4710-ABDD-8E883B88BD5D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B6160A7F-1EDB-4ED7-96DD-CF6F83DB347A}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 5.01 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veoh Video Compass (HKLM\...\Veoh Video Compass) (Version: 1.5.2 - Veoh Networks, Inc.)
Veoh Web Player (HKLM\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VIA Platforma Menedżera urządzeń (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video-AVI to GIF-JPEG 3.1 (HKLM\...\Video-AVI to GIF-JPEG) (Version: 3.1 - MiniHttpServer)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WapSter AQQ (HKLM\...\AQQ) (Version: 2.2.5.10 - Creative Team S.A.)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{E580DFEA-3F1D-4B56-9115-984217032FF5}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
Zoner Photo Studio 12 (HKLM\...\ZonerPhotoStudio12_EN_is1) (Version: 12.0.1.9 - ZONER software)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version:  - Zylom Games)
 
========================= Devices: ================================
 
Name: AENDU4SW IDE Controller
Description: AENDU4SW IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: aue6fhgr
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Windows Mobile-based device
Description: Windows Mobile-based device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standard Windows Mobile devices)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3326.39 MB
Available physical RAM: 1177.03 MB
Total Pagefile: 6867.21 MB
Available Pagefile: 4364.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.36 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP) (Fixed) (Total:587.56 GB) (Free:342.58 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.61 GB) (Free:1.13 GB) NTFS
 
========================= Users: ========================================
 
Konta uľytkownik˘w dla \\AGATA-PC
 
Administrator            Agata                    Go†                     
NeroMediaHomeUser.4      UpdatusUser              
Polecenie zostao wykonane pomylnie.
 
 
**** End of log ****
 
2. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Agata on 2015-01-23 at 10:06:49,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-01-23 at 10:15:58,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

3. # AdwCleaner v4.108 - Log utworzony 23/01/2015 o 10:30:19

# Aktualizacja 17/01/2015 przez Xplode
# Database : 2015-01-22.3 [Live]
# System operacyjny : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Użytkownik : Agata - AGATA-PC
# Ścieżka : C:\Users\Agata\Desktop\adwcleaner_4.108.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
 
***** [ Zadania ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v9.0.8112.16592
 
 
-\\ Mozilla Firefox v34.0.5 (x86 pl)
 
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.bestanimeshop.com/category?top_searchString={searchTerms}&searchString=prince+of+tennis
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss&mntrId=169c5c16000000000000dca971b7358b
[C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1981 octets] - [19/01/2015 23:00:01]
AdwCleaner[R1].txt - [2001 octets] - [23/01/2015 10:19:05]
AdwCleaner[S0].txt - [1972 octets] - [19/01/2015 23:04:22]
AdwCleaner[S1].txt - [1854 octets] - [23/01/2015 10:30:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1914 octets] ##########
 
 
4.

Adware Removal Tool v3.9
Time: 2015_01_23_10_41_57
OS: Windows 7 - 32 Bit
Account Name: Agata
U0L0S39
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - File - C:\program files\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\CT2269050.searchProtectorData
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\NewSearchProtectorDialog\SearchProtector.css
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\NewSearchProtectorDialog\SearchProtector.js
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\SearchProtectorDialog\SearchProtector.css
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\SearchProtectorDialog\SearchProtector.js
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_50_226_ct2269050_Images_634775124572492500.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_81_28e_816147d9-d2b0-4dc7-b220-fb7ea1b1228e_Appearance_634726106907093173.png
Deleted - File - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png
Deleted - Folder - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\NewSearchProtectorDialog
Deleted - Folder - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\SearchProtectorBubbleDialog
Deleted - Folder - C:\Users\Agata\Appdata\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\CT2269050\Dialogs\SearchProtectorDialog
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966:d4eda1f8cafea5f43b64322c86f7fa05
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D4EDA1F8CAFEA5F43B64322C86F7FA05:file
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564:d4eda1f8cafea5f43b64322c86f7fa05
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{472734ea-242a-422b-adf8-83d1e48cc825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall:Conduit Engine
 
\\ Finished

 

 

5. Malwarebytes Anti-Rootkit BETA 1.08.3.1004

www.malwarebytes.org
 
Database version:
  main:    v2015.01.23.03
  rootkit: v2015.01.14.01
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Agata :: AGATA-PC [administrator]
 
2015-01-23 12:32:22
mbar-log-2015-01-23 (12-32-22).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 448061
Time elapsed: 33 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.210000 GHz
Memory total: 3487969280, free: 1925791744
 
Downloaded database version: v2015.01.23.03
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/23/2015 11:38:54
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spdw.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor32.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\ATITool.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aswSnx.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\netr73.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys
\??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
 
Scan started
Database versions:
  main:    v2015.01.23.03
  rootkit: v2015.01.14.01
 
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8a7e1560
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xffffffff8a7cb1c8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8a7e1ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff8a7d9618
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8a7db690
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a7d1058
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a7d5ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff8a7c9448
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff88185480
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff87772b88
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff88185480, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88185168, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88185480, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8774c788, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87772b88, DeviceName: \Device\00000065\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffa514f8b0, 0xffffffff88185480, 0xffffffff86f92188
Lower DeviceData: 0xffffffffba771c00, 0xffffffff87772b88, 0xffffffff8760fb10
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1232201502
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1232201565  Numsec = 18057060
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a7d5ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7d36f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a7d5ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a7c9448, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a7db690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7d1708, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a7db690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a7d1058, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a7e1ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7dfbd8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a7e1ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a7d9618, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a7e1560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7e1248, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a7e1560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a7cb1c8, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.210000 GHz
Memory total: 3487969280, free: 1799684096
 
Could not load protection driver
Downloaded database version: v2015.01.23.03
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/23/2015 12:31:45
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spuy.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor32.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\ATITool.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aswSnx.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\DRIVERS\netr73.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys
\??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
 
Scan started
Database versions:
  main:    v2015.01.23.03
  rootkit: v2015.01.14.01
 
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8a999560
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff8a997cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8a999ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a9931b8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8a995750
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff8a995cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a997750
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xffffffff8aaa8cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff889d6a10
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff877227f8
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff889d6a10, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff889d6630, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff889d6a10, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87ba1700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff877227f8, DeviceName: \Device\00000064\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffcbd9e3f8, 0xffffffff889d6a10, 0xffffffff874f8040
Lower DeviceData: 0xffffffffc33c0290, 0xffffffff877227f8, 0xffffffff8702a938
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1232201502
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1232201565  Numsec = 18057060
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a997750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a997438, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a997750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8aaa8cb8, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a995750, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a993938, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a995750, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a995cb8, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a999ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8c6a9890, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a999ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a9931b8, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a999560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a995390, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a999560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a997cb8, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
6.

 Results of screen317's Security Check version 0.99.95  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 23 January 2015 - 03:55 PM

Step 1: 9-Lab Scan

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Step 2: Eset Scan

 

Disable your antivirus prior to running this scan.

 

 

 esetonlinebtn.png

 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#14 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 24 January 2015 - 12:35 PM

Thank you! I think 9-lab helped

 

 

9-lab Removal Tool 1.0.0.25 BETA
9-lab.com
 
Database version: 93.27962
 
Windows Vista Service Pack 2 (Version 6.0, Build 6002, 32-bit Edition)
Internet Explorer 9.0.8112.16421
Agata :: AGATA-PC not implemented yet
 
2015-01-24 11:05:58
9lab-log-2015-01-24 (11-05-58).txt
 
Scan type: 
Objects scanned: 46233
Time Elapsed: 1 h 56 m
 
Registry Keys detected: 1
Risk.RPL.Gen.vb [\software\bearshare]
 
 
Files detected: 4
Risk.RPL.Gen.vb [\software\bearshare]
Rootkit.Win32.Gen.an [C:\Program Files\Metin2\errorlog.exe]
Malware.Win32.Gen.an [C:\Program Files\Metin2\metin2_patcher.exe]
Malware.Win32.Gen.an [C:\Program Files\Metin2\PatchUpdater.exe]
Malware.Win32.Gen.sm!s2 [C:\Users\Agata\Desktop\MiniToolBox.exe]
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=feed96847b170045aaf054159266adea
# engine=21347
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-01 08:00:35
# local_time=2014-12-01 09:00:35 )
# country="Poland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 249725 181884525 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 3710303 254996763 0 0
# scanned=303752
# found=14
# cleaned=13
# scan_time=11131
sh=C091318AC7EED2AF875381420A73278E26FD67C7 ft=1 fh=ff7b59add6625640 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1740593809-3823880502-3175953843-1000\$R0YGA8I.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Veoh_Web_Player\tbVeo0.dll.vir"
sh=ADA73AFCA1A2B703B4ABF863EB2B1C6ABB03B689 ft=1 fh=59f56b65007ffc77 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Veoh_Web_Player\tbVeoh.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Agata\AppData\LocalLow\Veoh_Web_Player\tbVeo0.dll.vir"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Agata\AppData\LocalLow\Veoh_Web_Player\tbVeo1.dll.vir"
sh=ADA73AFCA1A2B703B4ABF863EB2B1C6ABB03B689 ft=1 fh=59f56b65007ffc77 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Agata\AppData\LocalLow\Veoh_Web_Player\tbVeoh.dll.vir"
sh=7CE3756FD766C5ABF3040C21F5B7ECCE2A426B23 ft=1 fh=abdbfcd593573440 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
sh=9CEBA92F761DB6D85EBD1D8E26173B0D3D4E3B0E ft=1 fh=4c4a96031cab45b8 vn="Win32/Toolbar.Zugo potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe"
sh=F8F3FD33B085A2EBD9517D9040C3BF29A588406C ft=1 fh=a6ae269f61162aa9 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Agata\Desktop\Zrzutka\VeohWebPlayerSetup_eng.exe"
sh=7D135D0E25C6122D4EC77A6EE69426496F50CC77 ft=1 fh=98e71b5db7f878fc vn="a variant of Win32/Packed.Themida potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Agata\Desktop\Zrzutka\VN\omerta\omerta_M.exe"
sh=A7627618B2DF04A25984E4BBC64A57AB5F2D280F ft=1 fh=5a3edf9dd760c25a vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Agata\Downloads\FreeStudio.exe"
sh=294AB91288412DECB27232655ADD82FAF0B1C55D ft=1 fh=dabaed1395cd1d06 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Agata\Downloads\VeohWebPlayerSetup_eng.exe"
sh=97B6623159AD752B9947870C0D72EA3C95229F7E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\8f293b.msi"
sh=ECF6CCA67B289E6BCF1E289DCEE41FD35C1E5C89 ft=1 fh=1568f2878bc2669f vn="a variant of Win32/Systweak.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\roboot.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=feed96847b170045aaf054159266adea
# engine=22124
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-24 02:29:09
# local_time=2015-01-24 03:29:09 )
# country="Poland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 16769 6738960 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 4038033 259642477 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 16266 223348437 0 0
# scanned=309676
# found=1
# cleaned=1
# scan_time=8063
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
 

 



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 24 January 2015 - 03:55 PM

How is your machine?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users