Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by advertise, by couponz - random words linked as an ad


  • Please log in to reply
7 replies to this topic

#1 mlaskowski

mlaskowski

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 May 2016 - 06:19 AM

Hello. I need some help from you, as my PC started to act little slower and I cant get rid of an annoying issue.

 

From some time random words in Google Chrome (only web browser I use) highlight some random words and create a link with them. When I hover the link, little info appears - 'Ads by Advertise', or 'by Couponz'. It basically looks like this:

 

1.jpg

 

Ive already ran SpyHunter4 which cleaned a lot of issues, but this problem still remains. Im using Windows 7 Ultimate. Please help, what should I do?

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 May 2016 - 06:50 AM

Hi mlaskowski :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 mlaskowski

mlaskowski
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 May 2016 - 06:57 AM

 

MiniToolBox by Farbar  Version: 07-02-2016 01

Ran by Baksiu (administrator) on 25-05-2016 at 13:53:43
Running from "C:\Users\Baksiu\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Model: NVDAACPI Manufacturer: GBT___
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Konfiguracja IP systemu Windows
 
Pomylnie oprniono pami podrczn programu rozpoznawania nazw DNS.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
NVIDIA nForce Networking Controller = Połączenie lokalne (Connected)
 
 
# ----------------------------------
# Konfiguracja IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="ethernet_10" address=192.168.56.1
 
 
popd
# Koniec konfiguracji IPv4
 
 
 
Konfiguracja IP systemu Windows
 
   Nazwa hosta . . . . . . . . . . . : Baksiu-PC
   Sufiks podstawowej domeny DNS . . : 
   Typ w©za . . . . . . . . . . . . : Hybrydowy
   Routing IP wĄczony . . . . . . . : Nie
   Serwer WINS Proxy wĄczony. . . . : Nie
 
Karta Ethernet PoĄczenie lokalne:
 
   Sufiks DNS konkretnego poĄczenia : 
   Opis. . . . . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Adres fizyczny. . . . . . . . . . : 00-1D-7D-D7-7A-0E
   DHCP wĄczone . . . . . . . . . . : Tak
   Autokonfiguracja wĄczona . . . . : Tak
   Adres IPv6 poĄczenia lokalnego . : fe80::889a:8d06:5d32:52ff%11(Preferowane) 
   Adres IPv4. . . . . . . . . . . . . : 192.168.0.11(Preferowane) 
   Maska podsieci. . . . . . . . . . : 255.255.255.0
   Dzierľawa uzyskana. . . . . . . . : 25 maja 2016 13:01:47
   Dzierľawa wygasa. . . . . . . . . : 26 maja 2016 13:01:47
   Brama domylna. . . . . . . . . . : 192.168.0.1
   Serwer DHCP . . . . . . . . . . . : 192.168.0.1
   Identyfikator IAID DHCPv6 . . . . : 234888573
   Identyfikator DUID klienta DHCPv6 : 00-01-00-01-12-D6-A3-7F-00-1D-7D-D7-7A-0E
   Serwery DNS . . . . . . . . . . . : 62.179.1.61
                                       62.179.1.63
   NetBIOS przez Tcpip . . . . . . . : WĄczony
 
Karta tunelowa PoĄczenie lokalne* 9:
 
   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia : 
   Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
 
Karta tunelowa 6TO4 Adapter:
 
   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia : 
   Opis. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
 
Karta tunelowa PoĄczenie lokalne* 13:
 
   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia : 
   Opis. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter #5
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
 
Karta tunelowa PoĄczenie lokalne* 17:
 
   Stan nonika . . . .  . . . . . . .: Nonik odĄczony
   Sufiks DNS konkretnego poĄczenia : 
   Opis. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter #9
   Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP wĄczone . . . . . . . . . . : Nie
   Autokonfiguracja wĄczona . . . . : Tak
Serwer:  pl-war-dns02.chello.pl
Address:  62.179.1.61
 
Nazwa:   google.com
Addresses:  2a00:1450:4001:806::200e
 216.58.209.46
 
 
Badanie google.com [216.58.209.46] z 32 bajtami danych:
Odpowied« z 216.58.209.46: bajt˘w=32 czas=10ms TTL=55
Odpowied« z 216.58.209.46: bajt˘w=32 czas=10ms TTL=55
 
Statystyka badania ping dla 216.58.209.46:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 10 ms, Maksimum = 10 ms, Czas redni = 10 ms
Serwer:  pl-war-dns02.chello.pl
Address:  62.179.1.61
 
Nazwa:   yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Badanie yahoo.com [206.190.36.45] z 32 bajtami danych:
Odpowied« z 206.190.36.45: bajt˘w=32 czas=197ms TTL=48
Odpowied« z 206.190.36.45: bajt˘w=32 czas=193ms TTL=48
 
Statystyka badania ping dla 206.190.36.45:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 193 ms, Maksimum = 197 ms, Czas redni = 195 ms
 
Badanie 127.0.0.1 z 32 bajtami danych:
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128
Odpowied« z 127.0.0.1: bajt˘w=32 czas<1 ms TTL=128
 
Statystyka badania ping dla 127.0.0.1:
    Pakiety: Wysane = 2, Odebrane = 2, Utracone = 0
             (0% straty),
Szacunkowy czas bĄdzenia pakiet˘w w millisekundach:
    Minimum = 0 ms, Maksimum = 0 ms, Czas redni = 0 ms
===========================================================================
Lista interfejs˘w
 11...00 1d 7d d7 7a 0e ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
 21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
===========================================================================
 
Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci   Maska sieci      Brama          Interfejs Metryka
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    266
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    266
===========================================================================
Trasy trwae:
  Brak
 
Tabela tras IPv6
===========================================================================
Aktywne trasy:
 Jeli Metryka Miejsce docelowe w sieci      Brama
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::889a:8d06:5d32:52ff/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Trasy trwae:
  Brak
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/25/2016 01:36:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/25/2016 03:16:42 AM) (Source: SideBySide) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest2” w wierszu C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error: (05/25/2016 03:16:40 AM) (Source: SideBySide) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest2” w wierszu C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error: (05/24/2016 12:18:10 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (05/23/2016 11:47:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/23/2016 11:19:12 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/22/2016 12:11:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/21/2016 02:42:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/20/2016 08:41:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/20/2016 01:55:43 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
 
System errors:
=============
Error: (05/24/2016 09:38:21 PM) (Source: volsnap) (User: )
Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.
 
Error: (05/24/2016 09:38:06 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80044182f0, 0xfffff880048de6c0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP052416-20812-01
 
Error: (05/24/2016 09:37:52 PM) (Source: EventLog) (User: )
Description: Poprzednie zamknięcie systemu przy 21:14:03 na ‎2016-‎05-‎24 było nieoczekiwane.
 
Error: (05/24/2016 01:10:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/23/2016 10:43:18 PM) (Source: volsnap) (User: )
Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.
 
Error: (05/22/2016 12:21:20 PM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi EsgScanner z powodu następującego błędu: 
%%1275
 
Error: (05/22/2016 12:21:20 PM) (Source: Application Popup) (User: )
Description: Ładowanie sterownika \SystemRoot\system32\DRIVERS\EsgScanner.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.
 
Error: (05/22/2016 02:05:46 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi EsgScanner z powodu następującego błędu: 
%%1275
 
Error: (05/22/2016 02:05:46 AM) (Source: Application Popup) (User: )
Description: Ładowanie sterownika \SystemRoot\system32\DRIVERS\EsgScanner.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.
 
Error: (05/22/2016 12:48:22 AM) (Source: Microsoft-Windows-TaskScheduler) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942402.
 
 
Microsoft Office Sessions:
=========================
Error: (01/30/2014 11:24:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2014 01:18:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1196 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:16:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:16:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:16:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:09:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:08:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2014 01:08:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 97251 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (12/18/2013 02:06:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/18/2013 02:06:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-04-22 12:52:08.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-22 12:52:08.072
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-22 12:52:08.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-22 12:52:08.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-21 15:49:38.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-21 15:49:38.140
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-21 15:49:38.140
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-21 15:49:38.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 16:36:28.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Baksiu\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 16:36:28.331
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Baksiu\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.2 - )
Ace Stream Media 2.2.10-next (HKCU\...\AceStream) (Version: 2.2.10-next - Ace Stream Media)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Asystent rejestracji usługi Windows Live (HKLM-x32\...\{51958BA7-21E4-4A8B-9098-CD8375BD17B2}) (Version: 5.000.818.5 - Microsoft Corporation)
Bochs 2.4.1 (remove only) (HKLM-x32\...\Bochs 2.4.1) (Version: 2.4.1 - The Bochs Project)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DataCoach Manager 1.25 Trial (HKLM-x32\...\{9D42AAEF-66F9-4A31-BE8C-0507CBF4843A}) (Version: 1.25.0 - DataCoach USA, Inc.)
Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.6.1 - Mediamond Tmi)
Dodatek Zapisywanie jako PDF firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation)
DolbyFiles (HKLM-x32\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 2.0 - Nero AG) Hidden
easy SportsGraphics (HKLM-x32\...\{6917A8F6-028C-4BA2-A70D-1A1BDA6BF227}) (Version: 1.00.0000 - easySports)
e-Deklaracje Desktop (HKLM-x32\...\{3D2D303F-C091-12CB-65F0-F52AE69147A0}) (Version: 8.0.7 - Ministerstwo Finansow) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 8.0.7 - Ministerstwo Finansow)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - FinalWire Ltd.)
FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse)
Football Manager 2012 (HKLM-x32\...\Football Manager 2012_is1) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
GPxPatch (remove only) (HKLM-x32\...\GPxPatch) (Version:  - )
Grand Prix 3 (HKLM-x32\...\{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}) (Version:  - )
Grand Prix 3 Patch (HKLM-x32\...\{3F7F4660-83D7-11D4-BE68-0000B4A81FC5}) (Version:  - )
Grand Prix-cision Racing version V1R1 (HKLM-x32\...\{B8CF1652-1C56-4E42-A53B-84747043A023}_is1) (Version: V1R1 - Robert Latorre)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
GStreamer Free Sotfware plugins for LongoMatch (HKLM-x32\...\{F3933F91-C961-461E-AFB8-05610D9DC2E9}) (Version: 1.1 - LongoMatch Project)
Hama Black Force Pad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Kinovea (HKLM-x32\...\Kinovea) (Version: 0.8.24 - Kinovea)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Menu Templates - Starter Kit (HKLM-x32\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 44.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pl)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Mz Assistant by isvicare (HKLM-x32\...\{96A14CDD-3C80-4CA7-B4E9-5B85818CBC43}) (Version: 3.7.7 - ISVICARE)
NapiProjekt (2.1.0.2287) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Narzędzie do przekazywania usługi Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Nero 9 (HKLM-x32\...\{c19a1a6f-b8a2-4598-a0bc-772a798b4efc}) (Version:  - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.64 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
oCam wersja 212.0 (HKLM-x32\...\oCam_is1) (Version: 212.0 - http://ohsoft.net/)
Oprogramowanie drukarki EPSON (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paint XP version 1.0 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.0 - MSPAINTXP.COM)
Podstawowe programy Windows Live (HKLM-x32\...\{9862473C-E063-4C68-A161-2CDE0E8048A5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Real Alternative 2.0.1 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.1 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Ski Jump International 3.11 Shareware (HKLM-x32\...\Ski Jump International) (Version: 3.11 Shareware - Ville Könönen)
Sony Ericsson PC Suite 6.009.00 (HKLM-x32\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.009.00 - Sony Ericsson)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.12.5 - Sony Ericsson Mobile Communications AB)
SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
SoundTrax (HKLM-x32\...\{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}) (Version: 4.4.37.1 - Nero AG) Hidden
SpyHunter4 wersja 4.21.10.4585 (HKLM\...\SpyHunter4_is1) (Version: 4.21.10.4585 - )
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Tlen.pl (HKLM-x32\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Visual Basic 6.0 Full Runtime (HKLM-x32\...\Visual Basic 6.0 Full Runtime_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.571  - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinImage (deinstalacja) (HKLM-x32\...\WinImagePL) (Version:  - )
WinImage (HKLM-x32\...\WinImage) (Version:  - )
Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.0.0 - Ministerstwo Finansów)
ZunTzu (HKCU\...\767fe15a6510a291) (Version: 1.2.1.14 - ZunTzu Software)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 2047.55 MB
Available physical RAM: 758.73 MB
Total Virtual: 4095.11 MB
Available Virtual: 2200 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:29.29 GB) (Free:2.44 GB) NTFS
3 Drive d: () (Fixed) (Total:97.65 GB) (Free:11.39 GB) NTFS
4 Drive e: () (Fixed) (Total:105.93 GB) (Free:10.39 GB) NTFS
6 Drive g: (gp3) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
7 Drive h: () (Removable) (Total:7.66 GB) (Free:7.56 GB) FAT32
 
========================= Users: ========================================
 
Konta uľytkownik˘w dla \\BAKSIU-PC
 
Administrator            ASPNET                   Baksiu                   
Guest                    
Polecenie zostao wykonane pomylnie.
 
 
**** End of log ****
 

 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 May 2016 - 07:01 AM

Uninstall the following programs:
  • HijackThis - Outdated, doesn't work on Windows 7
  • Java 7 Update 67 - Outdated and vulnerable
  • Java™ 6 Update 17 - Outdated and vulnerable
  • QuickTime - Outdated and vulnerable
Once done, follow the instructions below please.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 mlaskowski

mlaskowski
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 May 2016 - 08:00 AM

Thank you very much. Looks like it worked, as I didn't noticed these links anymore - but Im aware as when used SpyHunter it also stopped for a while, but got back in few minutes.

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Baksiu (Administrator) on 2016-05-25 at 14:19:56,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 26 
 
Successfully deleted: C:\ProgramData\innovative solutions (Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\innovative solutions (Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Roaming\torrentstream (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File) 
Successfully deleted: C:\Program Files (x86)\Common Files\innovative solutions (Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TNO319A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7MVXLW5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF88SVCI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Baksiu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX5B24O5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TNO319A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7MVXLW5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF88SVCI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX5B24O5 (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AF6779F9-F8CA-4861-AB6A-DEBBB5DF0135} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-05-25 at 14:23:07,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ADW

 

 

# AdwCleaner v5.117 - Logfile created 25/05/2016 at 14:27:52

# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Local]
# Operating system : Windows 7 Ultimate  (X64)
# Username : Baksiu - BAKSIU-PC
# Running from : C:\Users\Baksiu\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : swdumon
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Users\Baksiu\AppData\LocalLow\.acestream
[#] Folder Deleted : C:\Users\Baksiu\AppData\Roaming\.acestream
[#] Folder Deleted : C:\Users\Baksiu\AppData\Roaming\acestream
[#] Folder Deleted : C:\Users\Baksiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[#] Folder Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-g-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage-journal
[-] File Deleted : C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\Applications\ace_player.exe
[-] Key Deleted : HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Key Deleted : HKCU\Software\Classes\.acelive
[-] Key Deleted : HKCU\Software\Classes\.acemedia
[-] Key Deleted : HKCU\Software\Classes\.acestream
[-] Key Deleted : HKCU\Software\Classes\.tslive
[-] Key Deleted : HKCU\Software\Classes\acestream
[-] Key Deleted : HKCU\Software\Classes\AceStream.CDAudio
[-] Key Deleted : HKCU\Software\Classes\AceStream.DVDMovie
[-] Key Deleted : HKCU\Software\Classes\AceStream.file
[-] Key Deleted : HKCU\Software\Classes\AceStream.OPENFolder
[-] Key Deleted : HKCU\Software\Classes\AceStream.SVCDMovie
[-] Key Deleted : HKCU\Software\Classes\AceStream.VCDMovie
[-] Key Deleted : HKLM\SOFTWARE\Classes\.acestream
[-] Key Deleted : HKLM\SOFTWARE\Classes\ExplorerBarLiteTest.isExplorerBar
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEhelperActiveX.IEhelperLabel
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEhelperActiveX.IEhelperLabel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKCU\Software\AceStream
[-] Key Deleted : HKCU\Software\dobreprogramy
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B9794A3E-C377-46C4-925D-EE34F7040A1D}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F3EA8E70-30BA-4855-A873-BACCA0A27108}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{AE361EF5-1251-456B-AF91-73C4CBA2F5E1}C:\users\baksiu\appdata\roaming\acestream\engine\ace_engine.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{341532A3-66F1-4EEB-8C75-FA453331EA1D}C:\users\baksiu\appdata\roaming\acestream\engine\ace_engine.exe]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Baksiu\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mfhnkgpdlogbknkhlgdjlejeljbhflim
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6196 bytes] - [25/05/2016 14:27:52]
C:\AdwCleaner\AdwCleaner[R0].txt - [6937 bytes] - [11/10/2013 12:42:34]
C:\AdwCleaner\AdwCleaner[R1].txt - [1510 bytes] - [11/10/2013 12:46:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [6147 bytes] - [11/10/2013 12:44:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [9135 bytes] - [11/10/2013 12:47:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6561 bytes] ##########
 

 

Malwarebytes Anti-Malware - its in Polish, no threats found

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Data skanowania: 2016-05-25
Czas skanowania: 14:46
Raport: malware.txt
Administrator: Tak
 
Wersja: 2.2.1.1043
Baza szkodliwego oprogramowania: v2016.05.25.04
Baza danych rootkitów: v2016.05.20.01
Licencja: Darmowa
Ochrona przed złośliwym oprogramowaniem: Wyłączony
Ochrona przed szkodliwymi stronami: Wyłączony
Samoobrona: Wyłączony
 
System operacyjny: Windows 7
Procesor: x64
System plików: NTFS
Użytkownik: Baksiu
 
Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 310381
Czas, który upłynął: 11 min, 59 s
 
Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PUP: Włączony
PUM: Włączony
 
Procesy: 0
(Nie wykryto zagrożeń)
 
Moduły: 0
(Nie wykryto zagrożeń)
 
Klucze rejestru: 0
(Nie wykryto zagrożeń)
 
Wartości rejestru: 0
(Nie wykryto zagrożeń)
 
Dane rejestru: 0
(Nie wykryto zagrożeń)
 
Foldery: 0
(Nie wykryto zagrożeń)
 
Pliki: 0
(Nie wykryto zagrożeń)
 
Sektory fizyczne: 0
(Nie wykryto zagrożeń)
 
 
(end)

 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 May 2016 - 08:25 AM

We'll run EEK just to see if there's any remnants left :)

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 mlaskowski

mlaskowski
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 May 2016 - 09:08 AM

One threat found. Still, thankfully, no signs of this issue anymore.

 

 

Emsisoft Emergency Kit -Wersja 11.0

Ostatnia aktualizacja: 2016-05-25 15:55:03
Nazwa użytkownika: Baksiu-PC\Baksiu
 
Ustawienia skanera:
 
Typ skanu: Malware skan
Obiekty: Rootkity, Pamięć, Ślady, Pliki
 
Wykrywanie PNP: Włączone
Skanowanie plików skompresowanych: Wyłączone
Skanowanie ADS: Włączone
Filtr rozszerzeń plików: Wyłączone
Zaawansowana pamięć podręczna: Włączone
Bezpośredni dostęp do dysku: Wyłączone
 
Skanowanie uruchomiono: 2016-05-25 15:58:03
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Wykryto: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Wykryto: Setting.DisableRegistryTools (A)
 
Przeskanowano: 78112
Wykryto: 2
 
Koniec skanu: 2016-05-25 16:07:15
Skan trwał: 0:09:12
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
 
Przeniesiono do kwarantanny 1

 



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 May 2016 - 09:36 AM

These are standard detections, so nothing to worry about. Looks like we're all done here :) Also, about SpyHunter, I would give the following a read.

http://www.bleepingcomputer.com/announcement/frivolous-lawsuits/help-bleepingcomputer-defend-freedom-of-speech/

Edited by Aura, 25 May 2016 - 09:36 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users