Jump to content

baart

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, Thank you very much for your help. Please enjoy a pint or any quality beverage of your choice:) on me. Log below. # DelFix v1.013 - Logfile created 22/05/2016 at 18:50:45 # Updated 17/04/2016 by Xplode # Username : TOSHIBA - TOSHIBA-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\32788R22FWJFW Deleted : C:\Combofix Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\RegBackup Deleted : C:\Users\TOSHIBA\Desktop\FRST-OlderVersion Deleted : C:\zoek-results.log Deleted : C:\Users\TOSHIBA\Desktop\AdwCleaner.exe Deleted : C:\Users\TOSHIBA\Desktop\Fixlog.txt Deleted : C:\Users\TOSHIBA\Desktop\FRST64.exe Deleted : C:\Users\TOSHIBA\Desktop\JRT.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKCU\console_combofixbackup Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #91 [Scheduled Checkpoint | 05/05/2016 16:39:35] Deleted : RP #93 [Restore Point Created by FRST | 05/11/2016 08:59:26] Deleted : RP #94 [JRT Pre-Junkware Removal | 05/11/2016 14:30:52] Deleted : RP #95 [JRT Pre-Junkware Removal | 05/15/2016 12:12:18] Deleted : RP #97 [Restore Point Created by FRST | 05/16/2016 15:14:17] Deleted : RP #98 [Installed Extended Asian Language font pack for Adobe Reader XI. | 05/19/2016 21:16:29] Deleted : RP #100 [Restore Point Created by FRST | 05/20/2016 19:06:59] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. Hi, All done, log below. Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016 Ran by TOSHIBA (2016-05-20 20:06:57) Run:3 Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: C:\Users\TOSHIBA\Desktop\DANE\Users\user\AppData\Local\Temp\is740357246\3FA05BD7_stp\RAM.dll C:\Users\TOSHIBA\Downloads\Programy\FreeAudioCDToMP3Converter(dobreprogramy.pl).exe C:\Windows\SysWOW64\tasks.dll cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. C:\Users\TOSHIBA\Desktop\DANE\Users\user\AppData\Local\Temp\is740357246\3FA05BD7_stp\RAM.dll => moved successfully C:\Users\TOSHIBA\Downloads\Programy\FreeAudioCDToMP3Converter(dobreprogramy.pl).exe => moved successfully C:\Windows\SysWOW64\tasks.dll => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-602517175-1845547032-1401471891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-602517175-1845547032-1401471891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= EmptyTemp: => 369.8 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 20:08:13 ====
  3. Hi, Log below. thx, B C:\FRST\Quarantine\C\Program Files (x86)\Computer Secure Net\jswtask.exe a variant of Win32/Techsnab.AB potentially unwanted application C:\FRST\Quarantine\C\Users\TOSHIBA\AppData\Local\Temp\hp2_upd2_v1056.exe.xBAD a variant of Win32/Techsnab.AB potentially unwanted application C:\Users\TOSHIBA\Desktop\DANE\Users\user\AppData\Local\Temp\is740357246\3FA05BD7_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application C:\Users\TOSHIBA\Downloads\Programy\FreeAudioCDToMP3Converter(dobreprogramy.pl).exe Win32/OpenCandy potentially unsafe application C:\Windows\SysWOW64\tasks.dll a variant of Win32/Tasks.A potentially unwanted application
  4. Hi, Fixlog below. Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016 Ran by TOSHIBA (2016-05-16 16:14:12) Run:2 Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-602517175-1845547032-1401471891-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" C:\Program Files (x86)\ALLPlayer FF Session Restore: -> is enabled. FF Extension: Firefox Helper2 - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\extensions\firefox@helper2 [2016-05-13] [not signed] C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\extensions\firefox@helper2 FF Extension: British English Dictionary (Marco Pinto) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\Extensions\marcoagpinto@mail.telepac.pt [2016-05-13] C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\Extensions\marcoagpinto@mail.telepac.pt 2016-05-13 14:04 - 2016-05-15 12:21 - 00003288 _____ C:\Windows\System32\Tasks\Computer Secure Net Uninstaller 2016-05-13 14:04 - 2016-05-13 14:04 - 00000000 ____D C:\Program Files (x86)\Computer Secure Net 2016-05-12 23:10 - 2016-05-12 23:10 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Stare dane programu Firefox C:\Users\TOSHIBA\AppData\Local\Temp\hp2_upd2_v1056.exe Task: {5C5DDEB6-6CEA-43BC-A5D2-47CD11B1B411} - System32\Tasks\Computer Secure Net Uninstaller => C:\Program Files (x86)\Computer Secure Net\jswtask.exe [2016-05-13] () <==== ATTENTION Task: {D3C1C72A-B2C7-454B-BD6C-FCE69AFC124C} - System32\Tasks\Computer Secure Net Uninstaller => C:\Program Files (x86)\Computer Secure Net\jswtask.exe [2016-05-13] () <==== ATTENTION C:\Program Files (x86)\Computer Secure Net C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\prefs.js cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-602517175-1845547032-1401471891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value removed successfully "C:\Program Files (x86)\ALLPlayer" => not found. FF Session Restore: -> removed successfully C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\extensions\firefox@helper2 => not found. "C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\extensions\firefox@helper2" => not found. C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\Extensions\marcoagpinto@mail.telepac.pt => moved successfully "C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\Extensions\marcoagpinto@mail.telepac.pt" => not found. "C:\Windows\System32\Tasks\Computer Secure Net Uninstaller" => not found. "C:\Program Files (x86)\Computer Secure Net" => not found. C:\Users\TOSHIBA\Desktop\Stare dane programu Firefox => moved successfully C:\Users\TOSHIBA\AppData\Local\Temp\hp2_upd2_v1056.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C5DDEB6-6CEA-43BC-A5D2-47CD11B1B411}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5DDEB6-6CEA-43BC-A5D2-47CD11B1B411} => key not found. C:\Windows\System32\Tasks\Computer Secure Net Uninstaller => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Computer Secure Net Uninstaller => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C1C72A-B2C7-454B-BD6C-FCE69AFC124C} => key not found. C:\Windows\System32\Tasks\Computer Secure Net Uninstaller => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Computer Secure Net Uninstaller => key not found. "C:\Program Files (x86)\Computer Secure Net" => not found. C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\qzz1bupt.default-1463091025218\prefs.js => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= RemoveProxy: ========= HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-602517175-1845547032-1401471891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-602517175-1845547032-1401471891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= EmptyTemp: => 280 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 16:16:29 ====
  5. just in case they are needed - new FRST, AdwCleaner and JRT logs below. Thx, B Addition.txt FRST.txt JRT.txt AdwCleaner[S10].txt
  6. Hi, I was about to uninstall Firefox but suddenly it crashed with a message that Plugin Container stopped working. When I restarted Firefox the "Ads by Provider" returned. It happened while visiting PCWorld website funnily enough So what shall I do first - repeat the whole process again, uninstall Firefox or are we looking for a different solution? While I can see we have managed to remove it for a while I am not sure where the vulnerability in my system is that allows it to return and how I can protect myself from it. Any ideas? Thx, B
  7. Hi, It hasn't achieved much. When looking at active processes Firefox and System Idle Process consume majority of the CPU power. Also the Plugin Container keeps crashing. Again not sure if it is linked to the virus or is it a problem with my system. Thx, B
  8. Hi, since the repair everything seems to be OK apart from 100% CPU usage when Firefox is running. Not sure if it is linked. Thx, B
  9. Hi, Logs below. AdwCleaner would not generate one and just said "no malicious software found". thx, B Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by TOSHIBA (2016-05-11 09:59:21) Run:1 Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-602517175-1845547032-1401471891-1000\...\Policies\Explorer: [RestrictRun] 0 Tcpip\..\Interfaces\{6DAC2451-0677-43FB-B869-18216F18E7EE}: [DhcpNameServer] 192.168.42.129 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Session Restore: -> is enabled. FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 gxnca; System32\drivers\jcrtiayh.sys [X] C:\ComboFix\catchme.sys C:\Windows\System32\drivers\jcrtiayh.sys C:\Users\TOSHIBA\AppData\Local\Temp\libeay32.dll C:\Users\TOSHIBA\AppData\Local\Temp\msvcr120.dll C:\Users\TOSHIBA\AppData\Local\Temp\SkypeSetup.exe C:\Users\TOSHIBA\AppData\Local\Temp\sqlite3.dll Task: {383B43B5-4AAC-4F6D-90AD-54405BE51227} - System32\Tasks\{20EA8875-850A-42BF-82BC-F1163F5665B9} => pcalua.exe -a "C:\Users\TOSHIBA\AppData\Local\Temp\Temp1_Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2003).zip\SETUP.EXE" C:\Users\TOSHIBA\AppData\Local\Temp\Temp1_Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2003).zip Task: {75B6AF02-B0B0-4628-893F-417C0F1E9726} - System32\Tasks\Computer Secure Net Uninstaller => C:\Program Files (x86)\Computer Secure Net\jswtask.exe [2016-05-04] () <==== ATTENTION C:\Program Files (x86)\Computer Secure Net cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value removed successfully HKU\S-1-5-21-602517175-1845547032-1401471891-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DAC2451-0677-43FB-B869-18216F18E7EE}\\DhcpNameServer => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully FF Session Restore: -> removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully catchme => service removed successfully gxnca => service removed successfully "C:\ComboFix\catchme.sys" => not found. "C:\Windows\System32\drivers\jcrtiayh.sys" => not found. C:\Users\TOSHIBA\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\TOSHIBA\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\TOSHIBA\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\TOSHIBA\AppData\Local\Temp\sqlite3.dll => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{383B43B5-4AAC-4F6D-90AD-54405BE51227}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{383B43B5-4AAC-4F6D-90AD-54405BE51227}" => key removed successfully C:\Windows\System32\Tasks\{20EA8875-850A-42BF-82BC-F1163F5665B9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20EA8875-850A-42BF-82BC-F1163F5665B9}" => key removed successfully "C:\Users\TOSHIBA\AppData\Local\Temp\Temp1_Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2003).zip" => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B6AF02-B0B0-4628-893F-417C0F1E9726} => key not found. C:\Windows\System32\Tasks\Computer Secure Net Uninstaller => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Computer Secure Net Uninstaller" => key removed successfully C:\Program Files (x86)\Computer Secure Net => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Home Premium x64 Ran by TOSHIBA (Administrator) on 11/05/2016 at 15:30:50.76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Windows\prefetch\FREECELL.EXE-B8D57695.pf (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11/05/2016 at 15:35:58.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. Hi, the problem reoccurred, so I am posting the logs again this time done before I used the AdwCleaner. I assume it is relevant. Thx, B Addition1.txt FRST1.txt
  11. Hi, thanks for a quick reply. Logs below. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016 Ran by TOSHIBA (administrator) on TOSHIBA-PC (10-05-2016 16:26:56) Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe ( ) C:\Windows\System32\lxcrcoms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [lxcrmon.exe] => C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe [291496 2009-05-01] () HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.) HKLM\...\Run: [LXCRCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-602517175-1845547032-1401471891-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-602517175-1845547032-1401471891-1000\...\Policies\Explorer: [RestrictRun] 0 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6DAC2451-0677-43FB-B869-18216F18E7EE}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{701BC7CF-3581-429E-868B-99245D5BCEB1}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-602517175-1845547032-1401471891-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-602517175-1845547032-1401471891-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation) Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\gb6xkpqu.default FF SelectedSearchEngine: Yahoo! FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\gb6xkpqu.default\searchplugins\google-default.xml [2015-03-23] FF Extension: Eliminator Slajdów - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\gb6xkpqu.default\Extensions\jid0-GaZOxvWNYcafEsmayJDIG3XXVi8@jetpack.xpi [2015-11-11] FF Extension: British English Dictionary (Marco Pinto) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\gb6xkpqu.default\Extensions\marcoagpinto@mail.telepac.pt [2016-04-28] FF Extension: Adblock Plus - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\gb6xkpqu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [566192 2006-12-11] ( ) R2 lxcr_device; C:\Windows\SysWOW64\lxcrcoms.exe [537520 2006-12-11] ( ) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-17] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-07] (Emsisoft GmbH) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 gxnca; System32\drivers\jcrtiayh.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-10 16:26 - 2016-05-10 16:27 - 00007944 _____ C:\Users\TOSHIBA\Desktop\FRST.txt 2016-05-10 16:26 - 2016-05-10 16:26 - 00000000 ____D C:\Users\TOSHIBA\Desktop\FRST-OlderVersion 2016-05-10 16:26 - 2016-05-10 16:26 - 00000000 ____D C:\FRST 2016-05-09 14:16 - 2016-05-09 14:17 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Programy 2016-05-09 14:14 - 2016-05-09 14:18 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Dokumenty 2016-05-09 14:06 - 2016-05-09 14:11 - 00000000 ____D C:\Users\TOSHIBA\Desktop\filmy 2016-05-08 21:23 - 2016-05-09 22:42 - 00000000 ____D C:\Users\TOSHIBA\AppData\LocalLow\uTorrent 2016-05-08 20:42 - 2016-05-10 16:26 - 02381312 _____ (Farbar) C:\Users\TOSHIBA\Desktop\FRST64.exe 2016-05-03 20:28 - 2016-05-09 21:29 - 00000000 ____D C:\AdwCleaner 2016-05-02 15:54 - 2016-05-02 15:54 - 00000000 ____D C:\Program Files\lx_cats 2016-05-02 15:51 - 2016-05-02 15:51 - 00000000 ____D C:\Program Files\Lexmark 2400 Series 2016-05-02 15:50 - 2016-05-02 15:54 - 00018185 _____ C:\Windows\system32\LexFiles.ulf 2016-05-02 15:50 - 2016-05-02 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2400 Series 2016-05-02 15:50 - 2016-05-02 15:51 - 00000000 ____D C:\Program Files (x86)\Lexmark 2400 Series 2016-05-02 15:50 - 2006-12-11 12:12 - 00566192 _____ ( ) C:\Windows\system32\lxcrcoms.exe 2016-05-02 15:50 - 2006-12-11 12:12 - 00537520 _____ ( ) C:\Windows\SysWOW64\lxcrcoms.exe 2016-05-02 15:50 - 2006-12-11 12:12 - 00385968 _____ ( ) C:\Windows\SysWOW64\lxcrih.exe 2016-05-02 15:50 - 2006-12-11 12:12 - 00233392 _____ ( ) C:\Windows\system32\lxcrih.exe 2016-05-02 15:50 - 2006-12-11 12:12 - 00181168 _____ ( ) C:\Windows\SysWOW64\lxcrppls.exe 2016-05-02 15:50 - 2006-12-11 12:08 - 00002365 _____ C:\Windows\SysWOW64\lxcr.loc 2016-05-02 15:50 - 2006-12-11 12:08 - 00002365 _____ C:\Windows\system32\lxcr.loc 2016-05-02 15:50 - 2006-11-29 06:26 - 00091136 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrinsr.dll 2016-05-02 15:50 - 2006-11-29 06:26 - 00023040 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrcur.dll 2016-05-02 15:50 - 2006-11-29 06:24 - 00131584 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrjswr.dll 2016-05-02 15:50 - 2006-11-29 06:22 - 00184320 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrinsb.dll 2016-05-02 15:50 - 2006-11-29 06:22 - 00067584 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrcub.dll 2016-05-02 15:50 - 2006-11-29 06:21 - 00236032 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrins.dll 2016-05-02 15:50 - 2006-11-29 06:21 - 00097280 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrcu.dll 2016-05-02 15:50 - 2006-11-29 06:20 - 00654336 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcrutil.dll 2016-05-02 15:50 - 2006-11-29 04:54 - 00106496 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsr.dll 2016-05-02 15:50 - 2006-11-29 04:54 - 00036864 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcur.dll 2016-05-02 15:50 - 2006-11-29 04:53 - 00147456 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrjswr.dll 2016-05-02 15:50 - 2006-11-29 04:52 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsb.dll 2016-05-02 15:50 - 2006-11-29 04:52 - 00086016 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcub.dll 2016-05-02 15:50 - 2006-11-29 04:52 - 00077824 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcu.dll 2016-05-02 15:50 - 2006-11-29 04:51 - 00176128 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrins.dll 2016-05-02 15:50 - 2006-11-29 04:50 - 00462848 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrutil.dll 2016-05-02 15:50 - 2006-11-28 05:57 - 00385024 _____ () C:\Windows\SysWOW64\lxcrcomx.dll 2016-05-02 15:50 - 2006-11-06 18:56 - 00409600 _____ ( ) C:\Windows\system32\lxcrpmui.dll 2016-05-02 15:50 - 2006-11-06 18:53 - 01417728 _____ ( ) C:\Windows\system32\lxcrserv.dll 2016-05-02 15:50 - 2006-11-06 18:38 - 00249856 _____ ( ) C:\Windows\system32\lxcrcomm.dll 2016-05-02 15:50 - 2006-11-06 18:34 - 00487424 _____ ( ) C:\Windows\system32\lxcrlmpm.dll 2016-05-02 15:50 - 2006-11-06 18:32 - 00194048 _____ C:\Windows\system32\LXCRinst.dll 2016-05-02 15:50 - 2006-11-06 18:31 - 00226816 _____ ( ) C:\Windows\system32\lxcriesc.dll 2016-05-02 15:50 - 2006-11-06 18:27 - 00010752 _____ ( ) C:\Windows\system32\lxcrpplc.dll 2016-05-02 15:50 - 2006-11-06 18:25 - 00695808 _____ ( ) C:\Windows\system32\lxcrcomc.dll 2016-05-02 15:50 - 2006-11-06 18:24 - 00035328 _____ ( ) C:\Windows\system32\lxcrprox.dll 2016-05-02 15:50 - 2006-11-06 18:14 - 00238592 _____ ( ) C:\Windows\system32\lxcrinpa.dll 2016-05-02 15:50 - 2006-11-06 18:12 - 01099264 _____ ( ) C:\Windows\system32\lxcrusb1.dll 2016-05-02 15:50 - 2006-11-06 18:05 - 00305152 _____ ( ) C:\Windows\system32\LXCRhcp.dll 2016-05-02 15:50 - 2006-11-06 17:37 - 00643072 _____ ( ) C:\Windows\SysWOW64\lxcrpmui.dll 2016-05-02 15:50 - 2006-11-06 17:35 - 01224704 _____ ( ) C:\Windows\SysWOW64\lxcrserv.dll 2016-05-02 15:50 - 2006-11-06 17:28 - 00421888 _____ ( ) C:\Windows\SysWOW64\lxcrcomm.dll 2016-05-02 15:50 - 2006-11-06 17:26 - 00585728 _____ ( ) C:\Windows\SysWOW64\lxcrlmpm.dll 2016-05-02 15:50 - 2006-11-06 17:25 - 00274432 _____ C:\Windows\SysWOW64\LXCRinst.dll 2016-05-02 15:50 - 2006-11-06 17:24 - 00397312 _____ ( ) C:\Windows\SysWOW64\lxcriesc.dll 2016-05-02 15:50 - 2006-11-06 17:21 - 00094208 _____ ( ) C:\Windows\SysWOW64\lxcrpplc.dll 2016-05-02 15:50 - 2006-11-06 17:20 - 00684032 _____ ( ) C:\Windows\SysWOW64\lxcrcomc.dll 2016-05-02 15:50 - 2006-11-06 17:20 - 00163840 _____ ( ) C:\Windows\SysWOW64\lxcrprox.dll 2016-05-02 15:50 - 2006-11-06 17:12 - 00413696 _____ ( ) C:\Windows\SysWOW64\lxcrinpa.dll 2016-05-02 15:50 - 2006-11-06 17:11 - 00991232 _____ ( ) C:\Windows\SysWOW64\lxcrusb1.dll 2016-05-02 15:50 - 2006-09-06 06:11 - 00064512 _____ (Lexmark International) C:\Windows\system32\LXCRcfg.dll 2016-05-02 15:50 - 2006-09-06 06:10 - 00077824 _____ (Lexmark International) C:\Windows\SysWOW64\LXCRcfg.dll 2016-05-02 15:50 - 2006-05-09 17:11 - 00983107 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lxcrgf.dll 2016-05-02 15:50 - 2006-05-09 17:11 - 00983107 _____ (Microsoft Corporation) C:\Windows\system32\lxcrgf.dll 2016-05-02 15:50 - 2006-02-07 19:47 - 00535647 _____ C:\Windows\SysWOW64\lxcrhelp.chm 2016-05-02 15:50 - 2006-02-07 19:47 - 00535647 _____ C:\Windows\system32\lxcrhelp.chm 2016-05-02 15:49 - 2016-05-02 15:49 - 00000000 ____D C:\lexmark 2016-05-01 21:34 - 2016-05-01 20:49 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-04-27 22:56 - 2016-04-27 23:03 - 00000000 ____D C:\ProgramData\HitmanPro 2016-04-27 20:13 - 2016-05-08 18:58 - 00000743 _____ C:\Users\TOSHIBA\Desktop\Start Emsisoft Emergency Kit.lnk 2016-04-25 18:16 - 2016-05-09 21:18 - 00003288 _____ C:\Windows\System32\Tasks\Computer Secure Net Uninstaller 2016-04-25 18:16 - 2016-04-25 18:16 - 00000000 ____D C:\Program Files (x86)\Computer Secure Net 2016-04-12 18:16 - 2016-04-12 18:16 - 00003302 _____ C:\Windows\System32\Tasks\System Defrag Logon 2016-04-12 16:09 - 2016-05-09 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-10 16:16 - 2015-02-01 11:27 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\uTorrent 2016-05-09 22:30 - 2009-07-14 06:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-09 22:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-05-09 21:39 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-09 21:39 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-09 21:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-08 22:23 - 2015-02-01 15:55 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\vlc 2016-05-08 20:02 - 2015-04-26 08:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-08 18:58 - 2015-05-07 19:02 - 00000000 ____D C:\EEK 2016-05-08 13:48 - 2016-03-15 18:08 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Accreditation 2016-05-06 12:13 - 2015-06-28 12:33 - 00000000 ____D C:\Users\TOSHIBA\Desktop\do strony B.W 2016-05-06 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-06 08:04 - 2016-01-13 20:29 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\Skype 2016-04-30 21:13 - 2015-01-27 14:47 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Microsoft Games 2016-04-30 20:10 - 2015-04-26 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-30 20:10 - 2015-04-26 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-27 20:06 - 2015-05-16 21:21 - 00317964 _____ C:\Windows\ntbtlog.txt 2016-04-26 18:59 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-25 22:30 - 2015-01-26 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-25 22:30 - 2015-01-26 22:16 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-25 22:29 - 2015-10-21 19:05 - 00000000 ____D C:\Users\TOSHIBA\.oracle_jre_usage 2016-04-25 22:28 - 2015-01-26 22:17 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-04-24 16:37 - 2016-02-23 17:49 - 00000000 ____D C:\Users\TOSHIBA\Desktop\pulpit 2016-04-13 20:04 - 2015-08-20 21:19 - 00000000 ____D C:\Users\TOSHIBA\Desktop\przywiazanie 2016-04-13 19:14 - 2015-05-21 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-13 19:13 - 2015-01-22 14:50 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-13 19:13 - 2015-01-22 14:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-03-23 00:08 - 2015-03-23 00:08 - 0000017 _____ () C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg 2016-02-02 18:49 - 2016-02-02 18:49 - 0000207 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\TOSHIBA\AppData\Local\Temp\libeay32.dll C:\Users\TOSHIBA\AppData\Local\Temp\msvcr120.dll C:\Users\TOSHIBA\AppData\Local\Temp\SkypeSetup.exe C:\Users\TOSHIBA\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-08 13:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by TOSHIBA (2016-05-10 16:28:05) Running from C:\Users\TOSHIBA\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2015-01-22 12:26:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-602517175-1845547032-1401471891-500 - Administrator - Disabled) Guest (S-1-5-21-602517175-1845547032-1401471891-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-602517175-1845547032-1401471891-1002 - Limited - Enabled) TOSHIBA (S-1-5-21-602517175-1845547032-1401471891-1000 - Administrator - Enabled) => C:\Users\TOSHIBA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee Classic (HKLM-x32\...\ACDSee Classic) (Version: - ) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free ISO Creator version 2.8 (HKLM-x32\...\Free ISO Creator (by minidvdsoft)_is1) (Version: 1.2 - www.minidvdsoft.com) Hermespod - Podcast Downloader (HKU\S-1-5-21-602517175-1845547032-1401471891-1000\...\bb6d355587a624db) (Version: 3.1.0.1 - HermesPod) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) K-Lite Mega Codec Pack 8.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) Lexmark 2400 Series (HKLM\...\Lexmark 2400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 45.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pl)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) OpenOffice 4.0.1 (HKLM-x32\...\{DA0106A3-216E-48DE-9CF6-655DA8FC1D22}) (Version: 4.01.9714 - Apache Software Foundation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2FBAB073-C9DC-480D-8E6B-F09D44E7B72E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {383B43B5-4AAC-4F6D-90AD-54405BE51227} - System32\Tasks\{20EA8875-850A-42BF-82BC-F1163F5665B9} => pcalua.exe -a "C:\Users\TOSHIBA\AppData\Local\Temp\Temp1_Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2003).zip\SETUP.EXE" Task: {66B06210-DFE3-4CC2-8CB7-949DE5796359} - System32\Tasks\System Defrag Logon => C:\Users\TOSHIBA\AppData\Roaming\System Defrag\System Defrag.exe Task: {75B6AF02-B0B0-4628-893F-417C0F1E9726} - System32\Tasks\Computer Secure Net Uninstaller => C:\Program Files (x86)\Computer Secure Net\jswtask.exe [2016-05-04] () <==== ATTENTION Task: {95F030BC-EAB9-4DA0-865A-25C6EE45E11F} - System32\Tasks\Media Installer Worker => C:\Program Files (x86)\Media Installer\MediaInstaller.exe [2015-10-09] (Backup Updater) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-02 15:54 - 2006-11-27 03:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcrpp6c.dll 2016-05-02 15:50 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 2400 Series\iptk.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-05-07 18:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-602517175-1845547032-1401471891-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: wuauserv => 2 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{EA81CC01-05C1-4180-945D-8C1A9E5C749D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{57DF5704-2FEF-4BC8-BB1E-09370400CF15}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DDD79B9C-3359-4405-8262-F5E8E6D7F40E}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{E275C75A-F08C-4B2C-AA73-FC7671413361}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{4B8DE4A9-39D5-4205-8AEB-61CE301E393F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7A6F150F-C83F-4E4E-B699-3C386944F678}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D9EDE6F8-F011-4B83-B165-46D116EB4B35}] => (Allow) C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B3A8EDB5-6C76-4841-A689-E3A7F572B675}] => (Allow) C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D759BADD-8320-4585-8B78-52B7CEF74A6F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7AE8EF56-4503-40D3-8DC8-AB5207C2107C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA9AC3C1-BE73-4E77-B2A0-3D44CDE2B198}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{844F1AF9-8855-49DC-8ECB-10A81AC6554D}] => (Allow) C:\Users\TOSHIBA\AppData\Roaming\Vuze Leap\VuzeLeap.exe FirewallRules: [{C2D1D5B4-CD8F-42E0-81E5-F304D7DECDD9}] => (Allow) C:\Users\TOSHIBA\AppData\Roaming\Vuze Leap\VuzeLeap.exe FirewallRules: [{C4F79BDD-759F-4EC0-96BF-6FA2787D79B5}] => (Allow) C:\Windows\SysWOW64\lxcrcoms.exe FirewallRules: [{0FBBC51A-58A4-468C-9825-972B3CC460DF}] => (Allow) C:\Windows\SysWOW64\lxcrcoms.exe FirewallRules: [{2441C596-1EC6-4AEE-88D2-2AD0C88F2E99}] => (Allow) C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe FirewallRules: [{78FC6AC9-BE4B-4352-9F71-65F55A3AD458}] => (Allow) C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe FirewallRules: [{96BD3B33-4A50-4C8B-B3C4-39C6063B9AED}] => (Allow) C:\Program Files (x86)\Lexmark 2400 Series\LXCRaiox.exe FirewallRules: [{DD9C9216-E9D9-4BAA-8E07-A359331820A4}] => (Allow) C:\Program Files (x86)\Lexmark 2400 Series\LXCRaiox.exe FirewallRules: [{ABB287A1-E55A-403E-92F3-29DA04FAAFBF}] => (Allow) C:\Windows\System32\lxcrcoms.exe FirewallRules: [{B22B291E-B0D2-4C1F-AD46-265A0E3B6D26}] => (Allow) C:\Windows\System32\lxcrcoms.exe FirewallRules: [{F36E4045-F1EF-4844-AE8A-192780A086F8}] => (Allow) LPort=135 FirewallRules: [{A4FDDC1F-178C-493C-8D8C-67946EDFCA04}] => (Allow) LPort=5000 FirewallRules: [{BE28176B-687D-48EE-8DD7-9C56C1A51548}] => (Allow) LPort=5001 FirewallRules: [{3BA5583A-52C8-4C05-AAE1-87E1DCC1CEE8}] => (Allow) LPort=5002 FirewallRules: [{76BE27D8-B5A8-4BF0-8241-93D03B76C17F}] => (Allow) LPort=5003 FirewallRules: [{1DA6796D-F499-40DF-BBC3-3E007B0D1B95}] => (Allow) LPort=5004 FirewallRules: [{970EBBB5-991D-4E31-BD0E-ED68E43E42BB}] => (Allow) LPort=5005 FirewallRules: [{77EA22FC-334D-40CA-9C06-16B42F0875B5}] => (Allow) LPort=5006 FirewallRules: [{95932113-2E99-4019-BA46-9DD318CD7812}] => (Allow) LPort=5007 FirewallRules: [{51DB2E2B-D3E7-41A8-817A-11C79D054D2F}] => (Allow) LPort=5008 FirewallRules: [{04973CB5-E123-4D74-B6D9-CEE0BDF749A7}] => (Allow) LPort=5009 FirewallRules: [{393937E8-7B45-4B0F-8F74-85C8E6887878}] => (Allow) LPort=5010 FirewallRules: [{D1C3F7EE-8B6A-4A31-89DB-7F316FA14C0F}] => (Allow) LPort=5011 FirewallRules: [{8E8C1790-9CCB-43AF-BA36-E7896CCCFDC2}] => (Allow) LPort=5012 FirewallRules: [{30569145-9F0D-48E5-9447-EAF97EC5C3BB}] => (Allow) LPort=5013 FirewallRules: [{8829B32B-489C-4609-9CFA-EFE00524B62E}] => (Allow) LPort=5014 FirewallRules: [{9B1D8D45-B5AA-476D-B7D5-647CAD9777B0}] => (Allow) LPort=5015 FirewallRules: [{1AD61BEB-68EB-4AA7-9C6D-3049B60B2E5F}] => (Allow) LPort=5016 FirewallRules: [{C3B22522-D88D-457E-9518-C4D00812645F}] => (Allow) LPort=5017 FirewallRules: [{CBD17878-CE9E-4DCA-B378-108CAC6FF337}] => (Allow) LPort=5018 FirewallRules: [{884E51A6-2B8A-45FE-A343-3CA8E0A2B9FD}] => (Allow) LPort=5019 FirewallRules: [{40766BA7-8B91-4698-8CBD-5D11123E661D}] => (Allow) LPort=5020 ==================== Restore Points ========================= 05-05-2016 17:39:35 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/09/2016 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64 Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc Exception code: 0x80000003 Fault offset: 0x0000ec22 Faulting process id: 0xc60 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (05/06/2016 04:25:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64 Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc Exception code: 0x80000003 Fault offset: 0x0000ec22 Faulting process id: 0x788 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (05/03/2016 03:39:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation. . Error: (05/03/2016 03:39:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation. . Error: (05/03/2016 03:39:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired. . Error: (05/02/2016 03:59:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lxcrJSWX.EXE, version: 4.53.0.0, time stamp: 0x456c09ae Faulting module name: lxcrJSWX.EXE, version: 4.53.0.0, time stamp: 0x456c09ae Exception code: 0xc000041d Fault offset: 0x00000000000145e3 Faulting process id: 0x934 Faulting application start time: 0xlxcrJSWX.EXE0 Faulting application path: lxcrJSWX.EXE1 Faulting module path: lxcrJSWX.EXE2 Report Id: lxcrJSWX.EXE3 Error: (05/02/2016 03:59:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lxcrJSWX.EXE, version: 4.53.0.0, time stamp: 0x456c09ae Faulting module name: lxcrJSWX.EXE, version: 4.53.0.0, time stamp: 0x456c09ae Exception code: 0xc0000005 Fault offset: 0x00000000000145e3 Faulting process id: 0x934 Faulting application start time: 0xlxcrJSWX.EXE0 Faulting application path: lxcrJSWX.EXE1 Faulting module path: lxcrJSWX.EXE2 Report Id: lxcrJSWX.EXE3 Error: (04/27/2016 08:13:04 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/27/2016 08:10:56 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/06/2016 10:11:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hp2_upd2_v1021.exe, version: 6.4.0.3, time stamp: 0x56ebb5f5 Faulting module name: hp2_upd2_v1021.exe, version: 6.4.0.3, time stamp: 0x56ebb5f5 Exception code: 0xc0000417 Fault offset: 0x0000b309 Faulting process id: 0x8ec Faulting application start time: 0xhp2_upd2_v1021.exe0 Faulting application path: hp2_upd2_v1021.exe1 Faulting module path: hp2_upd2_v1021.exe2 Report Id: hp2_upd2_v1021.exe3 System errors: ============= Error: (05/10/2016 07:05:35 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (05/10/2016 07:05:35 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (05/10/2016 07:05:32 AM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (05/10/2016 07:05:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (05/09/2016 10:33:41 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (05/09/2016 10:29:12 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (05/09/2016 10:29:11 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (05/09/2016 10:29:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (05/09/2016 10:29:08 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (05/09/2016 10:29:07 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. CodeIntegrity: =================================== Date: 2015-05-07 18:15:57.255 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-07 18:15:57.145 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Sempron(tm) SI-42 Percentage of memory in use: 28% Total physical RAM: 3838.42 MB Available physical RAM: 2740.25 MB Total Virtual: 7675.04 MB Available Virtual: 6533.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:235.38 GB) (Free:111.29 GB) NTFS Drive d: (data) (Fixed) (Total:230.28 GB) (Free:37.58 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 213560A1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=235.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=230.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. Hi all, AdwCleaner removes the helper2 virus but the next day it is back and I get the usual "Ads by Provider" . Anti-Malware can't find it. I run Win7 64-bit and use Firefox. Can someone help please? Thanks in advance. B
  13. Hi all, Same problem as MegJo. Not sure if I should start a new thread but as it is linked I assume this is a good place. AdwCleaner removes the virus and then it comes back the next day. Should I follow the same steps? I run 64-bit W7, Firefox is affected. Thanks in advance. B
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.