Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs keep opening by themselves and no program can see the virus


  • Please log in to reply
11 replies to this topic

#1 Luspea

Luspea

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 30 January 2015 - 03:35 PM

(I posted it before in  "Am I infected? What do I do?" but I was told to add the logs here)

 

 

Hi,

My computer started opening programs by itself (to be specific-three of them-my computer, calculator and Chrome) and I tried soo many programs but not one seem to be able to detect anything that might be causing it.

I use Avast Free antivirus which normally seems to detect anything just fine, but this time it neither showed me any warning nor showed anything in full scan.

I thought that ComboFix have helped for a while, but then there was the same thing again.

I tried CCleaner, ATF Cleaner, SuperAntiSpyware, ESET Online Scanner, F-Secure Online Scanner, Malwarebytes  Anti-Malware, Emsisoft Anti-Malware and possibly some other programms which I can’t remember, but all they found were some minor things which didn’t help.

Sometimes I would think for a few moments that that was it, but then they pop up again. 

(Also I have a plug-in keyboard, cause I heard that a wireless one might cause such problems)

 

Adding the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01

Ran by Agata (administrator) on AGATA-PC on 30-01-2015 21:01:28
Running from C:\Users\Agata\Desktop
Loaded Profiles: Agata (Available profiles: Agata & NeroMediaHomeUser.4 & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\hp\HPEZBTN\HPBtnSrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\System32\atwtusb.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\AutoCare.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1740593809-3823880502-3175953843-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1740593809-3823880502-3175953843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
Toolbar: HKU\S-1-5-21-1740593809-3823880502-3175953843-1000 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-1740593809-3823880502-3175953843-1000 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62
 
FireFox:
========
FF ProfilePath: C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF Extension: British English Dictionary - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-12-11]
FF Extension: United States English Spellchecker - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\en-US@dictionaries.addons.mozilla.org [2012-05-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-27]
FF Extension: DownloadHelper - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-10-13]
FF Extension: divx extension - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\divx@divx2.com.xpi [2012-02-26]
FF Extension: Adblock Plus - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-18]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-01]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]
FF HKU\S-1-5-21-1740593809-3823880502-3175953843-1000\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009-09-09]
FF HKU\S-1-5-21-1740593809-3823880502-3175953843-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "chrome://apps/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Google Search) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (Stylish) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-06-07]
CHR Extension: (AdBlock) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]
CHR Extension: (Video Download Helper) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-12-17]
CHR Extension: (TumTaster) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm [2014-06-07]
CHR Extension: (Google Wallet) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-06-07]
CHR Extension: (Tumblr Savior) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-06-07]
CHR Extension: (Gmail) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-23] (Avast Software)
S4 Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe [422400 2010-01-18] () [File not signed]
S4 Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe [422400 2010-01-18] () [File not signed]
S4 Folding@home-CPU-[3]; C:\Folding@HomeCPU\3\Fah.exe [422400 2010-01-18] () [File not signed]
S4 Folding@home-CPU-[4]; C:\Folding@HomeCPU\4\Fah.exe [422400 2010-01-18] () [File not signed]
R2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2014-12-21] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WTService; C:\Windows\system32\atwtusb.exe [535552 2012-10-19] () [File not signed]
S4 HP Health Check Service; No ImagePath
S2 NeroMediaHomeService.4; No ImagePath
S3 NMIndexingService; No ImagePath
S3 OverwolfUpdaterService; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-23] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [35144 2014-10-20] (The OpenVPN Project)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-23] ()
R1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-01-23] (Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-17] () [File not signed]
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2009-11-12] (AnchorFree Inc)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-23] (Avast Software)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows ® Win 7 DDK provider)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1806448 2014-12-21] (VIA Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; No ImagePath
S3 EagleNT; No ImagePath
S3 EverestDriver; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 oknlb; System32\drivers\efqbi.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05040000}; No ImagePath
S3 zlportio; No ImagePath
U3 azohvon3; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 21:01 - 2015-01-30 21:02 - 00022841 _____ () C:\Users\Agata\Desktop\FRST.txt
2015-01-30 21:01 - 2015-01-30 21:01 - 00000000 ___DC () C:\FRST
2015-01-30 21:00 - 2015-01-30 21:00 - 01121792 _____ (Farbar) C:\Users\Agata\Desktop\FRST.exe
2015-01-30 20:45 - 2015-01-30 20:45 - 00000197 _____ () C:\Windows\system32\2015-01-30-19-45-08.063-AvastVBoxSVC.exe-5548.log
2015-01-30 10:07 - 2015-01-30 10:07 - 00000000 ____D () C:\Users\Agata\AppData\Local\Apple
2015-01-30 10:05 - 2015-01-30 10:05 - 00000000 ____D () C:\Users\Agata\AppData\Local\Apple Computer
2015-01-30 10:03 - 2015-01-30 10:04 - 00000197 _____ () C:\Windows\system32\2015-01-30-09-03-41.053-AvastVBoxSVC.exe-984.log
2015-01-27 19:27 - 2015-01-27 19:28 - 00000197 _____ () C:\Windows\system32\2015-01-27-18-27-59.024-AvastVBoxSVC.exe-1604.log
2015-01-26 23:08 - 2015-01-26 23:08 - 00000197 _____ () C:\Windows\system32\2015-01-26-22-08-37.016-AvastVBoxSVC.exe-1244.log
2015-01-24 18:27 - 2015-01-24 18:27 - 00000197 _____ () C:\Windows\system32\2015-01-24-17-27-39.050-AvastVBoxSVC.exe-5244.log
2015-01-24 15:31 - 2015-01-24 15:31 - 00000106 _____ () C:\Users\Agata\Desktop\Nowy dokument tekstowy.txt
2015-01-24 13:12 - 2015-01-24 13:12 - 02347384 _____ (ESET) C:\Users\Agata\Downloads\esetsmartinstaller_enu.exe
2015-01-24 12:20 - 2015-01-24 12:20 - 00000247 _____ () C:\Windows\system32\2015-01-24-11-20-07.044-aswFe.exe-6088.log
2015-01-24 11:53 - 2015-01-24 12:20 - 00000247 _____ () C:\Windows\system32\2015-01-24-10-53-50.024-aswFe.exe-3044.log
2015-01-24 11:04 - 2015-01-24 11:04 - 00000884 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-24 11:04 - 2015-01-24 11:04 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\9-lab
2015-01-24 11:04 - 2015-01-24 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-24 11:04 - 2015-01-24 11:04 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-24 11:04 - 2015-01-24 11:04 - 00000000 ____D () C:\Program Files\9-lab
2015-01-24 11:03 - 2015-01-24 11:03 - 06208936 _____ () C:\Users\Agata\Downloads\rmtool-setup-x86.exe
2015-01-24 11:02 - 2015-01-24 11:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-24 11:02 - 2015-01-24 11:02 - 00000000 _____ () C:\Windows\setupact.log
2015-01-24 10:49 - 2015-01-24 10:49 - 00000564 _____ () C:\Windows\PFRO.log
2015-01-23 13:34 - 2015-01-23 13:34 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\AVAST Software
2015-01-23 13:33 - 2015-01-23 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-23 13:32 - 2015-01-23 13:33 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-23 13:32 - 2015-01-23 13:32 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-23 13:32 - 2015-01-23 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-23 13:32 - 2015-01-23 13:32 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-23 13:08 - 2015-01-23 13:08 - 00852573 _____ () C:\Users\Agata\Downloads\SecurityCheck.exe
2015-01-23 11:38 - 2015-01-23 13:06 - 00000000 ____D () C:\Users\Agata\Desktop\mbar
2015-01-23 11:38 - 2015-01-23 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-23 11:37 - 2015-01-23 11:37 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Agata\Downloads\mbar-1.08.3.1004.exe
2015-01-23 10:42 - 2015-01-23 10:42 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2015-01-23 10:41 - 2015-01-24 15:28 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-23 10:41 - 2015-01-23 10:41 - 00753184 _____ () C:\Users\Agata\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-23 10:18 - 2015-01-23 10:18 - 02186752 _____ () C:\Users\Agata\Desktop\adwcleaner_4.108.exe
2015-01-23 10:05 - 2015-01-23 10:05 - 01707939 _____ (Thisisu) C:\Users\Agata\Desktop\JRT.exe
2015-01-23 09:50 - 2015-01-23 09:50 - 00000000 __SHD () C:\found.001
2015-01-19 22:59 - 2015-01-23 10:30 - 00000000 ___DC () C:\AdwCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 21:01 - 2009-08-18 15:27 - 01053792 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 20:47 - 2014-05-12 20:19 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6e171172a7a8.job
2015-01-30 20:44 - 2014-12-02 21:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-01-30 20:44 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 20:44 - 2006-11-02 13:47 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 20:44 - 2006-11-02 13:47 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 20:44 - 2006-11-02 11:23 - 00000269 _____ () C:\Windows\win.ini
2015-01-30 14:11 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 12:01 - 2009-08-18 17:40 - 00000000 ____D () C:\Users\Agata\Desktop\Zrzutka
2015-01-30 11:49 - 2009-08-18 18:53 - 00036864 _____ () C:\Users\Agata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 11:13 - 2014-09-08 18:00 - 00000000 ____D () C:\Users\Agata\Desktop\laptop
2015-01-30 10:17 - 2008-07-22 06:27 - 00718030 _____ () C:\Windows\system32\perfh015.dat
2015-01-30 10:17 - 2008-07-22 06:27 - 00152810 _____ () C:\Windows\system32\perfc015.dat
2015-01-30 10:17 - 2006-11-02 11:33 - 01634010 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 10:01 - 2014-01-14 19:08 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-27 19:34 - 2012-10-08 09:46 - 00000000 ____D () C:\Users\Agata\Desktop\druk
2015-01-26 23:07 - 2014-12-21 17:38 - 00001924 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-24 13:11 - 2010-12-11 15:49 - 00000000 ____D () C:\Program Files\Metin2
2015-01-23 13:29 - 2011-08-20 12:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-23 12:31 - 2014-12-02 20:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 11:38 - 2014-12-02 20:40 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 23:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\SchCache
2015-01-19 22:35 - 2014-12-21 17:40 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\ProductData
2015-01-19 22:35 - 2014-01-14 19:06 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\IObit
2015-01-17 18:37 - 2014-06-07 17:20 - 00001939 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-12 23:50 - 2014-12-01 15:27 - 00000000 ____D () C:\Users\Agata\AppData\Local\Adobe
2015-01-12 23:50 - 2009-08-18 15:33 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\Adobe
2015-01-07 20:52 - 2014-01-14 19:19 - 58425344 _____ () C:\Windows\system32\config\software.iobit
2015-01-07 20:52 - 2014-01-14 19:19 - 41832448 _____ () C:\Windows\system32\config\components.iobit
2015-01-07 20:52 - 2014-01-14 19:19 - 00249856 _____ () C:\Windows\system32\config\default.iobit
2015-01-07 20:52 - 2014-01-14 19:19 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2015-01-07 20:52 - 2014-01-14 19:19 - 00028672 _____ () C:\Windows\system32\config\security.iobit
 
==================== Files in the root of some directories =======
 
2014-06-26 22:27 - 2014-06-26 22:27 - 6010880 _____ () C:\Program Files\GUTC287.tmp
2009-08-18 18:19 - 2009-03-16 11:54 - 0076407 _____ () C:\Users\Agata\AppData\Roaming\Smiley.ico
2011-06-14 19:00 - 2011-06-14 19:00 - 0000000 _____ () C:\Users\Agata\AppData\Roaming\wklnhst.dat
2009-08-18 18:53 - 2015-01-30 11:49 - 0036864 _____ () C:\Users\Agata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-17 22:33 - 2011-04-17 22:35 - 0009310 ___SH () C:\Users\Agata\AppData\Local\vvg2b77r3f54443k5r5e64mel6
2010-09-16 20:12 - 2012-10-11 14:03 - 0002193 _____ () C:\ProgramData\hpzinstall.log
2011-04-17 22:33 - 2011-04-17 22:35 - 0009310 ___SH () C:\ProgramData\vvg2b77r3f54443k5r5e64mel6
 
Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 20:51
 
==================== End Of Log ============================
 
 
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 01 February 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKU\S-1-5-21-1740593809-3823880502-3175953843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-1740593809-3823880502-3175953843-1000 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-1740593809-3823880502-3175953843-1000 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Extension: No Name - C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\4dv7ryq3.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (Video Download Helper) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-23]
S4 HP Health Check Service; No ImagePath
S2 NeroMediaHomeService.4; No ImagePath
S3 NMIndexingService; No ImagePath
S3 OverwolfUpdaterService; No ImagePath
S3 catchme; No ImagePath
S3 EagleNT; No ImagePath
S3 EverestDriver; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 oknlb; System32\drivers\efqbi.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05040000}; No ImagePath
S3 zlportio; No ImagePath
U3 azohvon3; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:14D59284
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {6B20B598-AA1A-47A0-B0A6-10B98AB01156} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
C:\Program Files\GUTC287.tmp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

At start up you are running this uninstaller from chrome.
Task: {750D0371-CA36-4C7C-87D3-EC1DB9B64696} - System32\Tasks\{8E62332B-2E9F-4F24-9F77-F1DE516244E8} => pcalua.exe -a C:\Users\Agata\AppData\Local\Google\Chrome\Application\34.0.1847.116\Installer\setup.exe -c --uninstall --multi-install --chrome
Can you remove this from running and let me know if the problem persists.

Edited by nasdaq, 01 February 2015 - 10:06 AM.


#3 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 04 February 2015 - 05:01 AM

I removed 8E62332B-2E9F-4F24-9F77-F1DE516244E8 file, but I can't find C:\Users\Agata\AppData\Local\Google\Chrome\Application\34.0.1847.116\Installer\setup.exe

 

I don't see AppData there and when I found chrome/application in Program Files there are only 39.0.2171.95 and 39.0.2171.99 folders

The problem still exist

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 04 February 2015 - 09:33 AM

I don't see AppData there and when I found chrome/application in Program Files there are only 39.0.2171.95 and 39.0.2171.99 folders

These are old versions of Chrome. You should update Chrome.

Click on "Customize and control Google Chrome":
 p22003758.gif
Click the About Chrome.
If required the update will be done.
===

Let me check to see if something is calling these programs.

Please run the Farbar Recovery Scan Tool. Enter Calc.exe;Chrome.exe in the searchbox and hit the File Search button.
Post the content of the Search.txt in your next reply.

Edited by nasdaq, 07 February 2015 - 01:43 PM.


#5 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 February 2015 - 12:32 PM

I updated chrome, but do you mean I should write xxxxx, Calc.exe;Chrome.exe in seach box of FRST or...?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 07 February 2015 - 01:43 PM

Yes see my correction. sorry.

#7 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 February 2015 - 02:19 PM

Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Agata at 2015-02-07 20:07:06
Running from C:\Users\Agata\Desktop
Boot Mode: Normal
 
================== Search Files: "Calc.exe;Chrome.exe" =============
 
C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.0.6000.16386_none_a7873f3f1dd0e729\calc.exe
[2006-11-02 13:34][2006-11-02 13:34] 0176128 ____A (Microsoft Corporation)  [File is signed]
 
C:\Windows\System32\calc.exe
[2006-11-02 13:34][2006-11-02 13:34] 0176128 ____A (Microsoft Corporation)  [File is signed]
 
C:\Program Files\Google\Chrome\Application\chrome.exe
[2014-06-07 17:20][2015-02-04 10:02] 0843592 ____A (Google Inc.)  [File is signed]
 
====== End Of Search ======


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 08 February 2015 - 08:15 AM

Nothing suspicious. Lets look in the registry.

Please run the Farbar Recovery Scan Tool. Enter Calc.exe;Chrome.exe in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 08 February 2015 - 03:19 PM

Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Agata at 2015-02-08 21:11:46
Running from C:\Users\Agata\Desktop
Boot Mode: Normal
 
================== Search Registry: "Calc.exe;Chrome.exe" ===========
 
 
===================== Search result for "Calc.exe" ==========
 
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-calc.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_887996dd2e7ca9e1]
"f!calc.exe.mui"="0x630061006C0063002E006500780065002E006D0075006900"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AppKey\18]
"ShellExecute"="calc.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-calc.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_887996dd2e7ca9e1]
"f!calc.exe.mui"="0x630061006C0063002E006500780065002E006D0075006900"
 
 
===================== Search result for "Chrome.exe" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
""="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Chrome\Application\chrome.exe""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F62E7FB-3433-48B5-B5B3-DC4B911E7293}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Reguła dla ruchu przychodzącego w Google Chrome zezwalająca na ruch mDNS.|EmbedCtxt=Google Chrome|Edge=FALSE|"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F62E7FB-3433-48B5-B5B3-DC4B911E7293}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Reguła dla ruchu przychodzącego w Google Chrome zezwalająca na ruch mDNS.|EmbedCtxt=Google Chrome|Edge=FALSE|"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\GNU\ffdshow_audio]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;Acer Crystal Eye webcam.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;Camfrog Video Chat.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;Crystal.exe;crystalfree.exe;CrystalPro.exe;cscript.exe;CTCMS.exe;CTCMSU.exe;CTWave.exe;CTWave32.exe;cut_assistant.exe;dashboard.exe;demo32.exe;DivX Player.exe;DivxToDVD.exe;dllhost.exe;dpgenc.exe;Dr.DivX.exe;drdivx.exe;drdivx2.exe;DreamMaker.exe;DSBrws.exe;DScaler.exe;dv.exe;dvbdream.exe;dvbviewer.exe;DVD Shrink 3.2.exe;DVDAuthor.exe;dvdfab.exe;DVDMaker.exe;DVDMF.exe;dvdplay.exe;dvdSanta.exe;DXEffectTester.exe;DXEnum.exe;Easy RealMedia Tools.exe;ehExtHost.exe;ehshell.exe;Encode360.exe;explorer.exe;fenglei.exe;ffmpeg.exe;filtermanager.exe;firefox.exe;Flash.exe;FLVPlayer4Free.exe;FMRadio.exe;Fortius.exe;FreeStyle.exe;FSViewer.exe;Funshion.exe;FusionHDTV.exe;GDivX Player.exe;gdsmux.exe;GoldWave.exe;gom.exe;GomEnc.exe;GoogleDesktop.exe;GoogleDesktopCrawl.exe;graphedit.exe;graphedt.exe;GraphStudio.exe;gspot.exe;HBP.exe;HDVSplit.exe;honestechTV.exe;HPWUCli.exe;i_view32.exe;ICQ.exe;ICQLite.exe;iexplore.exe;IHT.exe;IncMail.exe;InfoTool.exe;infotv.exe;InstallChecker.exe;Internet TV.exe;iPlayer.exe;ipod_video_converter.exe;IPODConverter.exe;JetAudio.exe;jwBrowser.exe;kmplayer.exe;KwMusic.exe;LA.exe;LifeCam.exe;LifeFrame.exe;Lilith.exe;makeAVIS.exe;MatroskaDiag.exe;Maxthon.exe;MDirect.exe;Media Center 12.exe;Media Jukebox.exe;Media Player Classic.exe;MediaLife.exe;MediaPortal.exe;MEDIAREVOLUTION.EXE;MediaServer.exe;megui.exe;mencoder.exe;Metacafe.exe;MMPlayer.exe;MovieMaker.exe;moviemk.exe;moviethumb.exe;MP4Converter.exe;Mp4Player.exe;mpcstar.exe;MpegVideoWizard.exe;mplayer2.exe;mplayerc.exe;mplayerc64.exe;msnmsgr.exe;msoobe.exe;MultimediaPlayer.exe;Munite.exe;MusicManager.exe;Muzikbrowzer.exe;Mv2PlayerPlus.exe;My Movies.exe;myplayer.exe;nero.exe;NeroHome.exe;NeroVision.exe;NicoPlayer.exe;NMSTranscoder.exe;nvplayer.exe;Omgjbox.exe;OnlineTV.exe;Opera.exe;OrbStreamerClient.exe;OUTLOOK.EXE;PaintDotNet.exe;paltalk.exe;pcwmp.exe;PhotoScreensaver.scr;Photoshop.exe;Picasa2.exe;playwnd.exe;PowerDirector.exe;powerdvd.exe;POWERPNT.EXE;PPLive.exe;ppmate.exe;PPStream.exe;PQDVD_PSP.exe;Procoder2.exe;Producer.exe;progdvb.exe;ProgDvbNet.exe;PVCR.exe;Qonoha.exe;QQ.exe;QQLive.exe;QQMusic.exe;QQPlayerSvr.exe;QvodPlayer.exe;QzoneMusic.exe;RadLight.exe;realplay.exe;ReClockHelper.dll;Recode.exe;RecordingManager.exe;rlkernel.exe;RoxMediaDB10.exe;RoxMediaDB9.exe;rundll32.exe;Safari.exe;SelfMV.exe;Shareaza.exe;sherlock2.exe;ShowTime.exe;sidebar.exe;SinkuHadouken.exe;Sleipnir.exe;smartmovie.exe;songbird.exe;SopCast.exe;SplitCam.exe;START.EXE;stillcap.exe;Studio.exe;subedit.exe;SubtitleEdit.exe;SubtitleWorkshop.exe;SubtitleWorkshop4.exe;SWFConverter.exe;telewizja.exe;TheaterTek DVD.exe;time_adjuster.exe;timecodec.exe;tmc.exe;TMPGEnc.exe;TMPGEnc4XP.exe;TOTALCMD.EXE;TSPlayer.exe;Tvants.exe;tvc.exe;TVersity.exe;TVPlayer.exe;TVUPlayer.exe;UCC.exe;Ultra EDIT.exe;UUSeePlayer.exe;VCD_PLAY.EXE;VeohClient.exe;VFAPIFrameServer.exe;VideoConvert.exe;videoconverter.exe;videoenc.exe;VideoManager.exe;VideoSnapshot.exe;VideoSplitter.exe;VIDEOS~1.SCR;VideoWave9.exe;ViPlay.exe;ViPlay3.exe;ViPlay4.exe;virtualdub.exe;virtualdubmod.exe;vplayer.exe;WaveChk.exe;WCreator.exe;WebMediaPlayer.exe;WFTV.exe;winamp.exe;WinAVI 9.0.exe;WinAVI MP4 Converter.exe;WinAVI.exe;WindowsPhotoGallery.exe;windvd.exe;WinDvr.exe;WinMPGVideoConvert.exe;WINWORD.EXE;WLXPhotoGallery.exe;wmenc.exe;wmplayer.exe;wmprph.exe;wscript.exe;x264.exe;XNVIEW.EXE;Xvid4PSP.exe;YahooMessenger.exe;YahooMusicEngine.exe;YahooWidgetEngine.exe;YahooWidgets.exe;zplayer.exe;Zune.exe;"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
"Name"="CHROME.EXE"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
"Name"="CHROME.EXE"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\DirectInput\CHROME.EXE524CDEDB000CE3D0]
"Name"="CHROME.EXE"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\50a2b078_0]
""="{0.0.0.00000000}.{ddeb3760-8e79-442d-b188-6386c2f64769}|\Device\HarddiskVolume1\Users\Agata\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6b939453_0]
""="{0.0.0.00000000}.{9243b47a-6cc2-427b-bf8c-0d1c645bf7c0}|\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\919179a5_0]
""="{0.0.0.00000000}.{b8fc635a-6727-4407-b9cf-bf0e46d7d4d5}|\Device\HarddiskVolume1\Users\Agata\AppData\Local\Google\Chrome\Application\old_chrome.exe%b{00000000-0000-0000-0000-000000000000}"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e2b65228_0]
""="{0.0.0.00000000}.{b8fc635a-6727-4407-b9cf-bf0e46d7d4d5}|\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"d"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
"i"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"c"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
"g"="old_chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"f"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"a"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList]
"d"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithList]
"a"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"h"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
"f"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\OpenWithList]
"c"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]
"h"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\OpenWithList]
"b"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"g"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList]
"b"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList]
"a"="chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"e"="old_chrome.exe"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Classes\http\DefaultIcon]
""="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000\Software\Classes\https\shell\open\command]
""=""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1""
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000_Classes\ftp\DefaultIcon]
""="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000_Classes\https\DefaultIcon]
""="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
 
[HKEY_USERS\S-1-5-21-1740593809-3823880502-3175953843-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Google\Chrome\Application\chrome.exe"="Google Chrome"
====== End Of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 09 February 2015 - 09:11 AM

computer started opening programs by itself (to be specific-three of them-my computer, calculator and Chrome)



Keyboard key can be used to start some programs.

https://groups.google.com/forum/#!msg/microsoft.public.fr.windowsxp/zZolgM6PC4o/sRJv2NtrB-8J

This is the only entry that cought my eyes.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AppKey\18]
"ShellExecute"="calc.exe"

I check my registry and I do have the same setting. I do not have you problem so it's not relevant.
===

Do these programs (my computer, calculator and Chrome) open at the same time?
Do they open when you use certain keyboard keys?
Did you ever install this type of a program that changed some of the key functions?
https://sharpkeys.codeplex.com/

#11 Luspea

Luspea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 February 2015 - 12:16 PM

They open whether I use keyboard or don't touch it at all.

It can be just one window of "my computer" that keeps opening or multiple tabs of everything where more and more keeps popping out.

And I don't think I ever installed anything like that



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 09 February 2015 - 02:42 PM

It's a long shot but could you mouse be going bad.

Stange things can happen to many open windows or program when it's bad.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users