Jump to content

"Your comp. has been blocked.."


Guest jaba79
 Share

Recommended Posts

Hi

I need your help.

I got infected by virus and my computer has been blocked.

I can`t run it on safe mode. It freezes. So I dont know the name of the virus.

What should I do?

Thanks fou your help.

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 4 weeks later...

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Thanks for the update, sorry to hear about your hospital stay, hope you are fit and well. Ok continue please:

 

Please download Farbar Recovery Scan Tool from here:                                                                   
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014

Ran by SYSTEM on MININT-8UNLM97 on 24-01-2014 11:29:07

Running from F:\

Windows 7 Professional Service Pack 1 (X64) OS Language: Polish

Internet Explorer Version 10

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-21] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)

HKLM\...\Run: [intelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()

HKLM\...\Run: [DFEPApplication] - c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)

HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-28] (Wave Systems Corp.)

HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)

HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)

HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-08-25] (McAfee, Inc.)

HKLM-x32\...\Run: [FtLnSOP_setup] - C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [143360 2010-02-08] (PFU LIMITED)

HKLM-x32\...\Run: [FJTWAIN Setup] - C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2011-03-25] (FUJITSU LIMITED)

HKLM-x32\...\Run: [FTPWRENV] - C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED)

HKLM-x32\...\Run: [FiWIA Service Checker] - C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe [86016 2009-10-21] (PFU LIMITED)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iBM Lotus Notes Preloader] - C:\Program Files (x86)\IBM\Lotus\Notes\nntspreld.exe [20360 2010-08-11] (IBM Corp)

HKLM-x32\...\Run: [iPlusManager] - C:\Program Files (x86)\Plus Internet\iPlusChecker.exe [446464 2010-01-04] ()

HKLM-x32\...\Run: [smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-10-30] (Filefacts.net)

HKLM-x32\...\Run: [sFAUpdater] - C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655936 2013-10-28] (Filefacts.net)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-16] ()

HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-21] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\Warbud\...\Run: [ALLUpdate] - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] ()

HKU\Warbud\...\Run: [Time Organizer] - C:\Program Files (x86)\Time Organizer\Time Organizer.exe

HKU\Warbud\...\Run: [ProXmar Memo] - C:\Program Files (x86)\ProXmar MEMO\pxmemo.exe /tray

HKU\Warbud\...\Run: [Zegarynka] - C:\Users\Warbud\AppData\Local\Temp\7zO0C18CB1A\Zegarynka.exe <===== ATTENTION

HKU\Warbud\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)

HKU\Warbud\...\Run: [Daufdoo] - C:\Users\Warbud\AppData\Roaming\Lavop\edso.exe

HKU\Warbud\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

HKU\Warbud\...\Run: [bz5F2eppnt] - C:\Users\Warbud\AppData\Local\p2Nf4p0TNwy\bz5F2eppnt.exe [235008 2013-12-19] ()

HKU\Warbud\...\Winlogon: [shell] explorer.exe [2871808 2012-01-30] (Microsoft Corporation) <==== ATTENTION

Lsa: [Authentication Packages] msv1_0 wvauth

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk

ShortcutTarget: Logitech . Rejestracja produktu.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk

ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-03-24] (Autodesk)

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)

S2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)

S2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED)

S2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2010-08-11] (IBM)

S2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )

S2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2010-08-25] (McAfee, Inc.)

S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2010-08-25] (McAfee, Inc.)

S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-08-25] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2010-08-25] (McAfee, Inc.)

S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)

S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()

S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)

S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2010-01-04] (Huawei Technologies Co., Ltd.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-04] (Huawei Technologies Co., Ltd.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98088 2010-08-25] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120224 2010-08-25] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [470808 2010-08-25] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [78768 2010-08-25] (McAfee, Inc.)

S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-08-25] (McAfee, Inc.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)

S3 slusb; C:\Windows\System32\Drivers\slusb.sys [15104 2009-02-03] (Beijing Senselock Corp.)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-15] (Duplex Secure Ltd.)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]

S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]

S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]

S3 massfilter; system32\drivers\massfilter.sys [x]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]

S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [x]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-24 11:28 - 2014-01-24 11:28 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2014-01-24 11:28 - 2014-01-24 11:28 - 00000000 ____D C:\FRST

Files to move or delete:

====================

C:\Users\Warbud\AppData\Roaming\skype.ini

C:\ProgramData\lcj6gwllv.bxx

C:\ProgramData\lcj6gwllv.fdd

C:\ProgramData\lcj6gwllv.fvv

C:\ProgramData\lcj6gwllv.pss

C:\ProgramData\lcj6gwllv.reg

C:\ProgramData\vllwg6jcl.dss

Some content of TEMP:

====================

C:\Users\Warbud\AppData\Local\Temp\G2MInstallerExtractor.exe

C:\Users\Warbud\AppData\Local\Temp\mt5setup.exe

C:\Users\Warbud\AppData\Local\Temp\svchost.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-11-28 21:46:19

Restore point made on: 2013-12-03 19:07:19

Restore point made on: 2013-12-03 19:11:29

Restore point made on: 2013-12-06 11:11:48

Restore point made on: 2013-12-10 09:54:55

Restore point made on: 2013-12-14 10:57:40

Restore point made on: 2013-12-16 13:50:49

Restore point made on: 2013-12-18 15:39:59

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8088.93 MB

Available physical RAM: 7263.46 MB

Total Pagefile: 8087.13 MB

Available Pagefile: 7263.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.29 GB) (Free:132.57 GB) NTFS

Drive f: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (RECOVERY) (Fixed) (Total:12.76 GB) (Free:5.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: B0594ADE)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 984 MB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=984 MB) - (Type=06)

LastRegBack: 2013-12-10 09:56

==================== End Of Log ============================

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Next,

 

See if the system will now boot normally, if so do the following and post fresh logs...

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Kevin....
 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014

Ran by SYSTEM at 2014-01-25 08:36:02 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

HKU\Warbud\...\Run: [Zegarynka] - C:\Users\Warbud\AppData\Local\Temp\7zO0C18CB1A\Zegarynka.exe <===== ATTENTION

C:\Users\Warbud\AppData\Local\Temp\7zO0C18CB1A

HKU\Warbud\...\Run: [Daufdoo] - C:\Users\Warbud\AppData\Roaming\Lavop\edso.exe

C:\Users\Warbud\AppData\Roaming\Lavop

HKU\Warbud\...\Run: [bz5F2eppnt] - C:\Users\Warbud\AppData\Local\p2Nf4p0TNwy\bz5F2eppnt.exe [235008 2013-12-19] ()

C:\Users\Warbud\AppData\Local\p2Nf4p0TNwy

HKU\Warbud\...\Winlogon: [shell] explorer.exe [2871808 2012-01-30] (Microsoft Corporation) <==== ATTENTION

C:\Users\Warbud\AppData\Roaming\skype.ini

C:\ProgramData\lcj6gwllv.bxx

C:\ProgramData\lcj6gwllv.fdd

C:\ProgramData\lcj6gwllv.fvv

C:\ProgramData\lcj6gwllv.pss

C:\ProgramData\lcj6gwllv.reg

C:\ProgramData\vllwg6jcl.dss

C:\Users\Warbud\AppData\Local\Temp\G2MInstallerExtractor.exe

C:\Users\Warbud\AppData\Local\Temp\mt5setup.exe

C:\Users\Warbud\AppData\Local\Temp\svchost.exe

End

*****************

HKU\Warbud\Software\Microsoft\Windows\CurrentVersion\Run\\Zegarynka => Value deleted successfully.

"C:\Users\Warbud\AppData\Local\Temp\7zO0C18CB1A" => File/Directory not found.

HKU\Warbud\Software\Microsoft\Windows\CurrentVersion\Run\\Daufdoo => Value deleted successfully.

C:\Users\Warbud\AppData\Roaming\Lavop => Moved successfully.

HKU\Warbud\Software\Microsoft\Windows\CurrentVersion\Run\\bz5F2eppnt => Value deleted successfully.

C:\Users\Warbud\AppData\Local\p2Nf4p0TNwy => Moved successfully.

HKU\Warbud\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\Warbud\AppData\Roaming\skype.ini => Moved successfully.

C:\ProgramData\lcj6gwllv.bxx => Moved successfully.

C:\ProgramData\lcj6gwllv.fdd => Moved successfully.

C:\ProgramData\lcj6gwllv.fvv => Moved successfully.

C:\ProgramData\lcj6gwllv.pss => Moved successfully.

C:\ProgramData\lcj6gwllv.reg => Moved successfully.

C:\ProgramData\vllwg6jcl.dss => Moved successfully.

C:\Users\Warbud\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.

C:\Users\Warbud\AppData\Local\Temp\mt5setup.exe => Moved successfully.

C:\Users\Warbud\AppData\Local\Temp\svchost.exe => Moved successfully.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014

Ran by Warbud (administrator) on WAW2189W7 on 25-01-2014 08:46:26

Running from C:\Users\Warbud\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: Polish

Internet Explorer Version 10

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

(PFU LIMITED) C:\Windows\twain_32\fjscan32\FJTWMKSV.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe

( ) C:\Windows\System32\lxeccoms.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

() C:\Windows\SysWOW64\srvany.exe

(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(PFU LIMITED) C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

(PFU LIMITED) C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe

(FUJITSU LIMITED) C:\Windows\twain_32\fjscan32\FjtwMkup.exe

(PFU LIMITED) C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe

(PFU LIMITED) C:\Windows\twain_32\fjscan32\FiWiaChecker.exe

(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

(NesterSoft Inc.) C:\Program Files (x86)\TimeLeft3\TimeLeft.exe

(Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe

() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dinotify.exe

(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-21] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)

HKLM\...\Run: [intelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()

HKLM\...\Run: [DFEPApplication] - c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)

HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-28] (Wave Systems Corp.)

HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)

HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)

HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-08-25] (McAfee, Inc.)

HKLM-x32\...\Run: [FtLnSOP_setup] - C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [143360 2010-02-08] (PFU LIMITED)

HKLM-x32\...\Run: [FJTWAIN Setup] - C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2011-03-25] (FUJITSU LIMITED)

HKLM-x32\...\Run: [FTPWRENV] - C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED)

HKLM-x32\...\Run: [FiWIA Service Checker] - C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe [86016 2009-10-21] (PFU LIMITED)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iBM Lotus Notes Preloader] - C:\Program Files (x86)\IBM\Lotus\Notes\nntspreld.exe [20360 2010-08-11] (IBM Corp)

HKLM-x32\...\Run: [iPlusManager] - C:\Program Files (x86)\Plus Internet\iPlusChecker.exe [446464 2010-01-04] ()

HKLM-x32\...\Run: [smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-10-30] (Filefacts.net)

HKLM-x32\...\Run: [sFAUpdater] - C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655936 2013-10-28] (Filefacts.net)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-16] ()

HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Run: [ALLUpdate] - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] ()

HKCU\...\Run: [Time Organizer] - C:\Program Files (x86)\Time Organizer\Time Organizer.exe

HKCU\...\Run: [ProXmar Memo] - C:\Program Files (x86)\ProXmar MEMO\pxmemo.exe /tray

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)

HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2920084410-710084243-1787270808-1000\$a4d25b2bf69a51ae2de389f89fd62e48\n. ATTENTION! ====> ZeroAccess?

MountPoints2: F - F:\AutoRun.exe

MountPoints2: {062a88b2-3be0-11e2-8f60-d067e543517f} - E:\AutoRun.exe

MountPoints2: {1497edb7-4159-11e2-8ccd-00a0c6000000} - E:\AutoRun.exe

MountPoints2: {27ce7a46-f0f6-11e2-937c-d067e543517f} - G:\AutoRun.exe

MountPoints2: {59ca3ad6-6c70-11e1-a01f-d067e543517f} - E:\AutoRun.exe

MountPoints2: {7a5babc4-6c02-11e1-b158-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {8bb54a22-2bd3-11e2-b592-806e6f6e6963} - F:\AutoRun.exe

MountPoints2: {9aee2793-2bda-11e2-9042-d067e543517f} - E:\AutoRun.exe

MountPoints2: {9aee27b1-2bda-11e2-9042-d067e543517f} - E:\AutoRun.exe

MountPoints2: {aabd6642-2b52-11e2-a076-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {aabd667b-2b52-11e2-a076-d067e543517f} - E:\AutoRun.exe

MountPoints2: {bd97e4e6-a817-11e1-a232-6427378623d3} - F:\AutoRun.exe

MountPoints2: {c2c699c3-6c01-11e1-a466-806e6f6e6963} - F:\AutoRun.exe

MountPoints2: {f22c94c1-3bdc-11e2-a2a2-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {f22c94ec-3bdc-11e2-a2a2-6427378623d3} - E:\AutoRun.exe

MountPoints2: {f2967f9f-2b55-11e2-a43b-d067e543517f} - E:\AutoRun.exe

Lsa: [Authentication Packages] msv1_0 wvauth

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk

ShortcutTarget: Logitech . Rejestracja produktu.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk

ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - DefaultScope {D8B62B67-97F2-45B6-98E6-FAD029219220} URL =

SearchScopes: HKCU - {8624EE84-1C6E-459A-8FD8-D31307A288DA} URL = http://www.google.com/search?hl=pl&q={searchTerms}

SearchScopes: HKCU - {D8B62B67-97F2-45B6-98E6-FAD029219220} URL =

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:

========

FF ProfilePath: C:\Users\Warbud\AppData\Roaming\Mozilla\Firefox\Profiles\nx05g6wg.default

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)

FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-07]

Chrome:

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-03-24] (Autodesk)

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)

R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED)

R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2010-08-11] (IBM)

R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2010-08-25] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2010-08-25] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-08-25] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2010-08-25] (McAfee, Inc.)

R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)

S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()

R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)

R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2010-01-04] (Huawei Technologies Co., Ltd.)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-04] (Huawei Technologies Co., Ltd.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98088 2010-08-25] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120224 2010-08-25] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [470808 2010-08-25] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [78768 2010-08-25] (McAfee, Inc.)

R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-08-25] (McAfee, Inc.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)

S3 slusb; C:\Windows\System32\Drivers\slusb.sys [15104 2009-02-03] (Beijing Senselock Corp.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-15] (Duplex Secure Ltd.)

U3 ajdkeq38; C:\Windows\System32\Drivers\ajdkeq38.sys [0 ] (Microsoft Corporation)

U3 aqsjwdhu; C:\Windows\System32\Drivers\aqsjwdhu.sys [0 ] (Microsoft Corporation)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]

S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]

S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]

S3 massfilter; system32\drivers\massfilter.sys [x]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]

S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [x]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-25 08:46 - 2014-01-25 08:47 - 00022295 _____ C:\Users\Warbud\Desktop\FRST.txt

2014-01-25 08:44 - 2014-01-25 08:41 - 02077696 _____ (Farbar) C:\Users\Warbud\Desktop\FRST64.exe

2014-01-24 11:28 - 2014-01-24 11:28 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2014-01-25 08:47 - 2014-01-25 08:46 - 00022295 _____ C:\Users\Warbud\Desktop\FRST.txt

2014-01-25 08:46 - 2009-07-14 05:45 - 00025040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-25 08:46 - 2009-07-14 05:45 - 00025040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-25 08:44 - 2009-07-14 05:51 - 00123268 _____ C:\Windows\setupact.log

2014-01-25 08:41 - 2014-01-25 08:44 - 02077696 _____ (Farbar) C:\Users\Warbud\Desktop\FRST64.exe

2014-01-25 08:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-24 11:28 - 2014-01-24 11:28 - 00000000 ____D C:\FRST

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-10 09:56

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014

Ran by Warbud at 2014-01-25 08:47:18

Running from C:\Users\Warbud\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29111 - BitTorrent Inc.)

7-Zip 9.21 (x64 edition) (Version: 9.21.00.0 - Igor Pavlov)

AccelerometerP11 (x32 Version: 2.00.10.33 - STMicroelectronics)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) - Polish (x32 Version: 10.1.3 - Adobe Systems Incorporated)

ATMA V 5.05 (x32 Version: 5.05 - Yougen Kaisha)

Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)

AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden

AutoCAD 2007 - Polski (x32 Version: 17.0.54.110 - Autodesk)

Autodesk DWF Viewer (x32 Version: 6.5 - Autodesk, Inc.)

AutoHotkey 1.1.13.01 (x32 Version: 1.1.13.01 - AutoHotkey Community)

BankBrowser (HKCU Version: 3.6 - DialCom24 Sp. z o.o.)

BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden

Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.4.6.2 - Broadcom Corporation)

Camtasia Studio 8 (x32 Version: 8.0.2.918 - TechSmith Corporation)

Crystal Reports Basic Runtime for Visual Studio 2008 (x32 Version: 10.5.0.0 - Business Objects)

Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden

CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418 - CyberLink Corp.)

CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (x32 Version: 4.46.1.0328 - DT Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)

Dell Backup and Recovery Manager (Version: 1.3.1 - Dell Inc.)

Dell Client System Update (x32 Version: 1.2.1 - Dell Inc.)

Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden

Dell Data Protection | Access (x32 Version: 2.1.00001.002 - Dell Inc.)

Dell Data Protection | Access | Drivers (x32 Version: 2.01.018 - Dell Inc.)

Dell Data Protection | Access | Middleware (x32 Version: 2.01.010 - Dell Inc.)

Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)

Dell Feature Enhancement Pack (Version: 2.1.000 - Dell)

Dell Touchpad (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)

Dell Webcam Central (x32 Version: 1.40.28 - Creative Technology Ltd)

DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden

Diablo II (x32 Version: - )

Diablo III (x32 Version: - Blizzard Entertainment)

Digital Line Detect (x32 Version: 1.21 - BVRP Software, Inc)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk)

DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden

EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Fashion maps (x32 Version: - )

FlvRecorder (x32 Version: - )

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Foxtab (x32 Version: - FoxTab) <==== ATTENTION

Fraps (remove only) (x32 Version: - )

FUJITSU Scanner USB HotFix (x32 Version: 1.00.0000 - PFU)

Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden

GetASFStream (x32 Version: - )

GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)

IBFX - MT4 - Tools 4.7.4 (x32 Version: 4.7.4 - Interbank FX, LLC.)

Intel PROSet Wireless (Version: - ) Hidden

Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)

InteriCAD T5 (x32 Version: 5 - YFSoftware)

InteriCAD T5 (x32 Version: 5 - YFSoftware) Hidden

iPlus manager 2.2 (x32 Version: - )

Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden

Java 7 Update 3 (x32 Version: 7.0.30 - Oracle)

Java 7 Update 4 (64-bit) (Version: 7.0.40 - Oracle)

JavaFX 2.0.3 (x32 Version: 2.0.3 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

K-Lite Codec Pack 8.9.5 (Full) (x32 Version: 8.9.5 - )

Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)

Lotus Notes 8.5.2 pl (x32 Version: 8.52.10295 - IBM)

McAfee Agent (x32 Version: 4.0.0.1496 - McAfee, Inc.)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

McAfee VirusScan Enterprise (x32 Version: 8.7.00004 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

MetaTrader 5 (Version: 5.00 - MetaQuotes Software Corp.)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (Polish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (Polish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Mobipocket Reader 6.2 (x32 Version: 6.2.608 - Mobipocket.com)

Mobogenie (x32 Version: - Mobogenie.com) <==== ATTENTION

Modem Diagnostic Tool (Version: 1.0.28.0 - Dell)

Mozilla Firefox 25.0.1 (x86 pl) (x32 Version: 25.0.1 - Mozilla)

Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

Netwaiting (x32 Version: 2.5.59 - BVRP Software, Inc)

NinjaTrader 7 (x32 Version: 7.0.1014 - NinjaTrader)

NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden

O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.)

O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden

O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden

O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.210GS - O2Micro)

Oprogramowanie Intel® PROSet/Wireless WiFi (Version: 14.00.20110 - Intel Corporation)

Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)

Pakiet sterowników systemu Windows - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

PC-CCID (Version: 2.0.0 - Gemalto) Hidden

PDFCreator (x32 Version: 1.7.0 - pdfforge)

PhotoShowExpress (x32 Version: 2.0.063 - ##COMPANY_NAME##) Hidden

Plus Internet Monitor wersja 1.0 (x32 Version: 1.0 - Polkomtel sp. z o.o.)

Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 15.4.3508.1109 - Microsoft Corporation)

Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden

Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden

Pulover's Macro Creator wersja 4.1.0 (Version: 4.1.0 - Rodolfo U. Batista)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 1.0.439 - Nazwa firmy) Hidden

Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Scanner Utility for Microsoft Windows V09L21 (x32 Version: 9.11.2.0 - FUJITSU)

Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)

Smart File Advisor 1.1.3 (x32 Version: 1.1.3 - Filefacts.net)

Software Operation Panel (x32 Version: - )

Software Operation Panel (x32 Version: 3.3.1.2 - PFU LIMITED)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden

TC2000 (HKCU Version: - www.tc2000.com)

thinkorswim from TD AMERITRADE (x32 Version: - TD AMERITRADE, Inc.)

TimeLeft (x32 Version: 3.59 - NesterSoft Inc.)

Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)

Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32 Version: - Microsoft)

Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden

Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden

Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden

Web Stream Recorder 2010 (x32 Version: 3.0.0.2070 - Sytexis Software)

WIDCOMM Bluetooth Software (Version: 6.3.0.7900 - Broadcom Corporation)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)

WinPcap 4.1.1 (x32 Version: 4.1.0.1753 - CACE Technologies)

XM MT4 (x32 Version: 4.00 - MetaQuotes Software Corp.)

YFLibrary (x32 Version: - )

==================== Restore Points =========================

28-11-2013 20:46:13 Windows Update

03-12-2013 18:07:02 Removed PDF Architect

03-12-2013 18:11:22 Usunięto: Day Organizer, ver. 2.2.1.2

06-12-2013 10:11:25 Windows Update

10-12-2013 08:54:24 Windows Update

14-12-2013 09:57:22 Windows Update

16-12-2013 12:50:29 Installed Camtasia Studio 8

18-12-2013 14:39:35 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {AA2FB1BA-D2C7-4331-B73B-9C55BFDDA503} - \FoxTab No Task File

Task: {EFB754E0-D2E1-4FB9-98EE-A00EF7A6CE4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-01-30 15:42 - 2011-06-10 19:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2010-12-23 20:33 - 2010-12-23 20:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2011-02-08 08:41 - 2011-02-08 08:41 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

2009-08-25 16:00 - 2009-08-25 16:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

2009-10-22 20:07 - 2009-10-22 20:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll

2010-11-25 05:44 - 2010-11-25 05:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2012-08-19 11:53 - 2005-04-19 12:53 - 00013824 _____ () C:\Program Files (x86)\TimeLeft3\TrayClock.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_0favicon-901616231

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_1favicon735730157

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_2favicon1189273084

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_3favicon61223927

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_4favicon-179816536

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/25/2014 08:39:11 AM) (Source: System Restore) (User: )

Description: Wystąpił nieokreślony błąd podczas przywracania systemu: (Windows Update). Informacje dodatkowe: 0x80070002.

Error: (01/25/2014 08:38:26 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 09:03:37 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:43:22 AM) (Source: Application Error) (User: )

Description: Nazwa aplikacji powodującej błąd: SmartSettings.exe, wersja: 2.1.0.551, sygnatura czasowa: 0x4e55679e

Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18229, sygnatura czasowa: 0x51fb1677

Kod wyjątku: 0xe0434352

Przesunięcie błędu: 0x000000000000940d

Identyfikator procesu powodującego błąd: 0x1384

Godzina uruchomienia aplikacji powodującej błąd: 0xSmartSettings.exe0

Ścieżka aplikacji powodującej błąd: SmartSettings.exe1

Ścieżka modułu powodującego błąd: SmartSettings.exe2

Identyfikator raportu: SmartSettings.exe3

Error: (12/24/2013 08:43:16 AM) (Source: .NET Runtime) (User: )

Description: Application: SmartSettings.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Exception

Stack:

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])

at Dell.FeatureEnhancementPack.SmartSettings.EntryPoint.Main(System.String[])

Error: (12/24/2013 08:40:49 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:30:47 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:26:12 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:23:44 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:22:55 AM) (Source: .NET Runtime) (User: )

Description: Application: SmartSettings.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Exception

Stack:

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])

at Dell.FeatureEnhancementPack.SmartSettings.EntryPoint.Main(System.String[])

System errors:

=============

Error: (01/25/2014 08:38:24 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 09:03:34 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 09:03:23 AM) (Source: EventLog) (User: )

Description: Poprzednie zamknięcie systemu przy 08:54:37 na ‎2013-‎12-‎24 było nieoczekiwane.

Error: (12/24/2013 08:40:19 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 08:40:01 AM) (Source: EventLog) (User: )

Description: Poprzednie zamknięcie systemu przy 08:32:23 na ‎2013-‎12-‎24 było nieoczekiwane.

Error: (12/24/2013 08:30:48 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 08:26:11 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 08:23:44 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 08:20:43 AM) (Source: Service Control Manager) (User: )

Description: Usługa NTRU TSS v1.2.1.36 TCS zależy od usługi Usługi podstawowe modułu TPM, której nie można uruchomić z powodu następującego błędu:

%%0

Error: (12/24/2013 08:20:43 AM) (Source: EventLog) (User: )

Description: Poprzednie zamknięcie systemu przy 08:19:44 na ‎2013-‎12-‎24 było nieoczekiwane.

Microsoft Office Sessions:

=========================

Error: (01/25/2014 08:39:11 AM) (Source: System Restore)(User: )

Description: Windows Update0x80070002

Error: (01/25/2014 08:38:26 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 09:03:37 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:43:22 AM) (Source: Application Error)(User: )

Description: SmartSettings.exe2.1.0.5514e55679eKERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940d138401cf007baeac1120C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exeC:\Windows\system32\KERNELBASE.dll10003ffe-6c6f-11e3-9cfd-d067e543517f

Error: (12/24/2013 08:43:16 AM) (Source: .NET Runtime)(User: )

Description: Application: SmartSettings.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Exception

Stack:

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])

at Dell.FeatureEnhancementPack.SmartSettings.EntryPoint.Main(System.String[])

Error: (12/24/2013 08:40:49 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:30:47 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:26:12 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:23:44 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2013 08:22:55 AM) (Source: .NET Runtime)(User: )

Description: Application: SmartSettings.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Exception

Stack:

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])

at Dell.FeatureEnhancementPack.SmartSettings.EntryPoint.Main(System.String[])

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 8088.93 MB

Available physical RAM: 6219.89 MB

Total Pagefile: 16176.05 MB

Available Pagefile: 14178.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.29 GB) (Free:132.58 GB) NTFS

Drive g: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: B0594ADE)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 984 MB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=984 MB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Thanks for the logs, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Uninstall the following via Programs and Features:

 

Foxtab
Mobogenie

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs in next reply, also give update on any remaining issues or concerns..

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014

Ran by Warbud at 2014-01-25 12:24:10 Run:2

Running from C:\Users\Warbud\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2920084410-710084243-1787270808-1000\$a4d25b2bf69a51ae2de389f89fd62e48\n. ATTENTION! ====> ZeroAccess?

MountPoints2: F - F:\AutoRun.exe

MountPoints2: {062a88b2-3be0-11e2-8f60-d067e543517f} - E:\AutoRun.exe

MountPoints2: {1497edb7-4159-11e2-8ccd-00a0c6000000} - E:\AutoRun.exe

MountPoints2: {27ce7a46-f0f6-11e2-937c-d067e543517f} - G:\AutoRun.exe

MountPoints2: {59ca3ad6-6c70-11e1-a01f-d067e543517f} - E:\AutoRun.exe

MountPoints2: {7a5babc4-6c02-11e1-b158-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {8bb54a22-2bd3-11e2-b592-806e6f6e6963} - F:\AutoRun.exe

MountPoints2: {9aee2793-2bda-11e2-9042-d067e543517f} - E:\AutoRun.exe

MountPoints2: {9aee27b1-2bda-11e2-9042-d067e543517f} - E:\AutoRun.exe

MountPoints2: {aabd6642-2b52-11e2-a076-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {aabd667b-2b52-11e2-a076-d067e543517f} - E:\AutoRun.exe

MountPoints2: {bd97e4e6-a817-11e1-a232-6427378623d3} - F:\AutoRun.exe

MountPoints2: {c2c699c3-6c01-11e1-a466-806e6f6e6963} - F:\AutoRun.exe

MountPoints2: {f22c94c1-3bdc-11e2-a2a2-806e6f6e6963} - E:\AutoRun.exe

MountPoints2: {f22c94ec-3bdc-11e2-a2a2-6427378623d3} - E:\AutoRun.exe

MountPoints2: {f2967f9f-2b55-11e2-a43b-d067e543517f} - E:\AutoRun.exe

Task: {AA2FB1BA-D2C7-4331-B73B-9C55BFDDA503} - \FoxTab No Task File

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_0favicon-901616231

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_1favicon735730157

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_2favicon1189273084

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_3favicon61223927

AlternateDataStreams: C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website:TASKICON_4favicon-179816536

End

*****************

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{062a88b2-3be0-11e2-8f60-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{062a88b2-3be0-11e2-8f60-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1497edb7-4159-11e2-8ccd-00a0c6000000} => Key deleted successfully.

HKCR\CLSID\{1497edb7-4159-11e2-8ccd-00a0c6000000} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27ce7a46-f0f6-11e2-937c-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{27ce7a46-f0f6-11e2-937c-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59ca3ad6-6c70-11e1-a01f-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{59ca3ad6-6c70-11e1-a01f-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5babc4-6c02-11e1-b158-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{7a5babc4-6c02-11e1-b158-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bb54a22-2bd3-11e2-b592-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{8bb54a22-2bd3-11e2-b592-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aee2793-2bda-11e2-9042-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{9aee2793-2bda-11e2-9042-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aee27b1-2bda-11e2-9042-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{9aee27b1-2bda-11e2-9042-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aabd6642-2b52-11e2-a076-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{aabd6642-2b52-11e2-a076-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aabd667b-2b52-11e2-a076-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{aabd667b-2b52-11e2-a076-d067e543517f} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd97e4e6-a817-11e1-a232-6427378623d3} => Key deleted successfully.

HKCR\CLSID\{bd97e4e6-a817-11e1-a232-6427378623d3} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2c699c3-6c01-11e1-a466-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{c2c699c3-6c01-11e1-a466-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22c94c1-3bdc-11e2-a2a2-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{f22c94c1-3bdc-11e2-a2a2-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22c94ec-3bdc-11e2-a2a2-6427378623d3} => Key deleted successfully.

HKCR\CLSID\{f22c94ec-3bdc-11e2-a2a2-6427378623d3} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2967f9f-2b55-11e2-a43b-d067e543517f} => Key deleted successfully.

HKCR\CLSID\{f2967f9f-2b55-11e2-a43b-d067e543517f} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA2FB1BA-D2C7-4331-B73B-9C55BFDDA503} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2FB1BA-D2C7-4331-B73B-9C55BFDDA503} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab => Key deleted successfully.

C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website => ":TASKICON_0favicon-901616231" ADS removed successfully.

C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website => ":TASKICON_1favicon735730157" ADS removed successfully.

C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website => ":TASKICON_2favicon1189273084" ADS removed successfully.

C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website => ":TASKICON_3favicon61223927" ADS removed successfully.

C:\Users\Warbud\AppData\Roaming\Microsoft\Windows\Start Menu\INTERIA.PL S.A..website => ":TASKICON_4favicon-179816536" ADS removed successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware (Okres testowy) 1.75.0.1300

www.malwarebytes.org

Wersja bazy: v2014.01.25.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Warbud :: WAW2189W7 [administrator]

Ochrona: Włączona

2014-01-25 12:37:47

MBAM-log-2014-01-25 (16-08-05).txt

Typ skanowania: Pełne skanowanie (C:\|)

Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 517651

Upłynęło: 2 godzin(y), 1 minut(y), 2 sekund(y)

Wykrytych procesów w pamięci: 0

(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0

(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 2

HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

Wykrytych wartości rejestru: 1

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> Nie wykonano akcji.

Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagrożeń)

wykrytych folderów: 0

(Nie znaleziono zagrożeń)

Wykrytych plików: 12

C:\FRST\Quarantine\mt5setup.exe (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

C:\FRST\Quarantine\p2Nf4p0TNwy\bz5F2eppnt.exe (Trojan.MSIL) -> Nie wykonano akcji.

C:\Program Files (x86)\Sytexis Software\Web Stream Recorder 2010\infolib.dll (Trojan.Scar) -> Nie wykonano akcji.

C:\Program Files (x86)\Sytexis Software\Web Stream Recorder 2010\web.stream.recorder.2010.3.0.0.2070-d1shninja.exe (PUP.Hacktool.Patcher) -> Nie wykonano akcji.

C:\Users\Warbud\AppData\Local\Temp\generator-1.zip (Trojan.MSIL) -> Nie wykonano akcji.

C:\Users\Warbud\AppData\Local\Temp\generator.zip (Trojan.MSIL) -> Nie wykonano akcji.

C:\Users\Warbud\AppData\Local\Temp\7zOC4F169D8\generator.exe (Trojan.MSIL) -> Nie wykonano akcji.

C:\Users\Warbud\Desktop\Uporządkuj to\PROGRAMY\Alcohol-120(12712).exe (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

C:\Users\Warbud\Desktop\Uporządkuj to\PROGRAMY\Audacity(11826).exe (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

C:\Users\Warbud\Desktop\Uporządkuj to\PROGRAMY\Total-Commander(12316).exe (PUP.Optional.InstallCore.A) -> Nie wykonano akcji.

C:\Users\Warbud\Desktop\Uporządkuj to\PROGRAMY\Rekordery\wsrecorder.3.0.0.2070.exe (Trojan.Scar) -> Nie wykonano akcji.

C:\Users\Warbud\AppData\Local\Temp\xcoca.ine (Trojan.Agent) -> Nie wykonano akcji.

(zakończone)

Link to post
Share on other sites

# AdwCleaner v3.017 - Log utworzony 25/01/2014 o 16:18:49

# Aktualizacja 12/01/2014 przez Xplode

# System operacyjny : Windows 7 Professional Service Pack 1 (64 bits)

# Użytkownik : Warbud - WAW2189W7

# Ścieżka : C:\Users\Warbud\Desktop\AdwCleaner.exe

# Opcja : Szukaj

***** [ Usługi ] *****

***** [ Pliki / Foldery ] *****

Folder Znaleziono C:\Program Files (x86)\Mobogenie

Folder Znaleziono C:\Users\Warbud\AppData\Local\Mobogenie

Folder Znaleziono C:\Users\Warbud\Documents\Mobogenie

***** [ Skróty ] *****

***** [ Rejestr ] *****

Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (pl)

[ Plik : C:\Users\Warbud\AppData\Roaming\Mozilla\Firefox\Profiles\nx05g6wg.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3055 octets] - [17/11/2013 10:51:00]

AdwCleaner[R1].txt - [911 octets] - [17/11/2013 11:02:49]

AdwCleaner[R2].txt - [1029 octets] - [25/01/2014 16:18:49]

AdwCleaner[s0].txt - [2918 octets] - [17/11/2013 10:53:43]

AdwCleaner[s1].txt - [968 octets] - [17/11/2013 11:04:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1208 octets] ##########

Results of screen317's Security Check version 0.99.79

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

McAfee VirusScan Enterprise

Antivirus out of date!

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.0.3

Java 7 Update 3

Java version out of Date!

Adobe Flash Player 11.9.900.170

Adobe Reader 10.1.3 Adobe Reader out of Date!

Mozilla Firefox 25.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

McAfee VirusScan Enterprise x64 EngineServer.exe

McAfee VirusScan Enterprise VsTskMgr.exe

McAfee VirusScan Enterprise x64 McShield.exe

McAfee VirusScan Enterprise x64 mfeann.exe

McAfee VirusScan Enterprise shstat.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.