Jump to content

Recommended Posts

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

My laptop is causing problems

 

 

Malwarebytes scan

Registry Keys: 2

PUP.Optional.BrowseMark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update BrowseMark, , [ab5e59a1addc2610575abcf253b0639d],

PUP.Optional.Softonic.A, HKU\S-1-5-21-1512879373-3691502714-2910520631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [44c56991e4a5999d1493a4d6877c15eb],

Registry Values: 1

PUP.Optional.LiveSupport, HKU\S-1-5-21-1512879373-3691502714-2910520631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LiveSupport, "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log, , [e326c238e0a9c4721729d8d67d8638c8]

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by user (administrator) on USER-KOMPUTER on 21-01-2015 12:05:42

Running from C:\Users\user\Desktop

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.ethereal.com)

Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)

K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )

Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 35.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 pl)) (Version: 35.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyFreeCodec (HKU\S-1-5-21-1512879373-3691502714-2910520631-1000\...\MyFreeCodec) (Version:  - )

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.32.1111.2010 - Realtek)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden

Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )

SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )

SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )

Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)

Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden

Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.1.71009 - Samsung Electronics Co., Ltd.)

Samsung PC Studio 3 (x32 Version: 3.0.0.71009 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

S-Bar (HKLM-x32\...\{E0194090-D359-446E-AEAE-D3CEDD46E48E}) (Version: 20.011.07112 - MSI)

WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1512879373-3691502714-2910520631-1000_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\EagleGet\npEagleget64.dll No File

==================== Restore Points  =========================

07-01-2015 01:53:34 Windows Update

11-01-2015 01:19:42 Windows Update

12-01-2015 04:53:30 Installed Mystery Case Files - Ravenhearst

12-01-2015 05:01:31 Installed Mystery Case Files - Ravenhearst

12-01-2015 11:10:14 Installed inSSIDer 4

13-01-2015 02:03:07 Removed inSSIDer 4

13-01-2015 08:57:58 Instalacja pakietu sterownika urządzenia: TamoSoft Usługa sieciowa

13-01-2015 22:29:05 Installed Mystery Case Files - Escape from Ravenhearst Collectors Edition

13-01-2015 22:37:14 Zainstalowany program DirectX

14-01-2015 05:33:31 Windows Update

14-01-2015 07:25:08 Windows Update

17-01-2015 07:18:06 Windows Update

20-01-2015 04:41:44 Removed Mystery Case Files - Huntsville

20-01-2015 04:43:07 Removed Mystery Case Files 2 - Prime Suspects

20-01-2015 04:46:04 Removed Mystery Case Files - Ravenhearst

20-01-2015 19:05:44 Windows Update

21-01-2015 07:13:21 Removed Mystery Case Files - Escape from Ravenhearst Collectors Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22D2738C-99E7-4834-92D6-D1A06DA9789C} - System32\Tasks\CCleanerSkipUAC => C:\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)

Task: {4A279B5B-3EC5-499D-8E32-35C04E1932E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1512879373-3691502714-2910520631-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {6E948332-1D07-4A44-815E-5616C17182ED} - System32\Tasks\CommView for WiFi Update => D:\CommViewWiFi\Updater.exe [2014-04-15] (TamoSoft)

Task: {8BFF8F41-EA0B-4AEE-AEFE-4A7DD12CCB90} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1512879373-3691502714-2910520631-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {ACD377C1-6AD0-4B9E-B308-CC57DB5A74FF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1512879373-3691502714-2910520631-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {B2D6B6C2-44F4-4370-A98D-35B82A02CA6C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1512879373-3691502714-2910520631-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

Task: {C7329AF5-A04F-4964-9B35-A1E2E1111B36} - System32\Tasks\{F8089686-DF1C-40C6-926D-89C94E3EDE5F} => pcalua.exe -a E:\Install\setup.exe -d E:\Install

Task: {C9346CEC-559E-459A-8D7D-C86C28F57511} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1512879373-3691502714-2910520631-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2005-06-07 10:26 - 2005-06-07 10:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll

2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Notepad++\NppShell_06.dll

2011-12-05 21:15 - 2011-12-05 21:15 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2011-12-05 21:15 - 2011-12-05 21:15 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-11-09 08:55 - 2011-11-09 08:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

AlternateDataStreams: C:\ProgramData\TEMP:260575F1

AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA

AlternateDataStreams: C:\ProgramData\TEMP:70188419

AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: egGetSvc => 2

MSCONFIG\Services: ICM_UpdaterService => 2

MSCONFIG\Services: IDriverT => 3

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ALLUpdate => "C:\ALLPlayer\ALLUpdate.exe" "sleep"

MSCONFIG\startupreg: DU Meter => "C:\DU Meter\DUMeter.exe" /autostart

MSCONFIG\startupreg: KiesAirMessage => C:\Kies\KiesAirMessage.exe -startup

MSCONFIG\startupreg: KiesPreload => C:\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: S-Bar => %PROGRAMFILES%\S-Bar\S-Bar.exe

MSCONFIG\startupreg: TkBellExe => "C:\RealPlayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-1512879373-3691502714-2910520631-500 - Administrator - Disabled)

Gość (S-1-5-21-1512879373-3691502714-2910520631-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1512879373-3691502714-2910520631-1004 - Limited - Enabled)

user (S-1-5-21-1512879373-3691502714-2910520631-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/21/2015 10:44:11 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program ALLPlayer.exe w wersji 5.9.2.2 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: dc4

Godzina rozpoczęcia: 01d0355e45af03ef

Godzina zakończenia: 141

Ścieżka aplikacji: C:\ALLPlayer\ALLPlayer.exe

Identyfikator raportu: 07ac4b3a-a152-11e4-a6fe-94dbc9f6d0f8

Error: (01/21/2015 07:19:13 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program ALLPlayer.exe w wersji 5.9.2.2 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: e00

Godzina rozpoczęcia: 01d035412f0a3797

Godzina zakończenia: 80

Ścieżka aplikacji: C:\ALLPlayer\ALLPlayer.exe

Identyfikator raportu: 679cc97c-a135-11e4-a3a9-8c89a5048b21

Error: (01/21/2015 06:28:28 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program ALLPlayer.exe w wersji 5.9.2.2 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 39c

Godzina rozpoczęcia: 01d0353afc8de8e0

Godzina zakończenia: 175

Ścieżka aplikacji: C:\ALLPlayer\ALLPlayer.exe

Identyfikator raportu: 4da65bab-a12e-11e4-a3a9-8c89a5048b21

Error: (01/20/2015 07:48:07 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program install.exe w wersji 5.1.30514.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 89c

Godzina rozpoczęcia: 01d034e198ac3cef

Godzina zakończenia: 16

Ścieżka aplikacji: d:\abbd98ac0196df4f6f8c4f6c\install.exe

Identyfikator raportu: dd24e6a4-a0d4-11e4-ab9c-8c89a5048b21

Error: (01/20/2015 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.1.711, sygnatura czasowa: 0x542b53ec

Nazwa modułu powodującego błąd: mbamcore.dll, wersja: 1.1.20.0, sygnatura czasowa: 0x5425b0dd

Kod wyjątku: 0xc0000005

Przesunięcie błędu: 0x0003ec90

Identyfikator procesu powodującego błąd: 0xff4

Godzina uruchomienia aplikacji powodującej błąd: 0xmbam.exe0

Ścieżka aplikacji powodującej błąd: mbam.exe1

Ścieżka modułu powodującego błąd: mbam.exe2

Identyfikator raportu: mbam.exe3

Error: (01/20/2015 08:14:49 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.

Składniki powodujące konflikt:

Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/20/2015 07:40:33 AM) (Source: MsiInstaller) (EventID: 1013) (User: user-Komputer)

Description: Produkt: Renesas Electronics USB 3.0 Host Controller Driver -- Tej instalacji nie można uruchomić bezpośrednio poprzez otworzenie pakietu MSI; należy uruchomić plik setup.exe.

Error: (01/20/2015 07:04:50 AM) (Source: MsiInstaller) (EventID: 1013) (User: user-Komputer)

Description: Product: Samsung Kies -- This installation cannot be run by directly launching the MSI package. You must run setup.exe.

Error: (01/20/2015 07:04:45 AM) (Source: MsiInstaller) (EventID: 1013) (User: user-Komputer)

Description: Produkt: Samsung New PC Studio -- Tej instalacji nie można uruchomić bezpośrednio poprzez otworzenie pakietu MSI; należy uruchomić plik setup.exe.

Error: (01/20/2015 07:04:44 AM) (Source: MsiInstaller) (EventID: 1013) (User: user-Komputer)

Description: Produkt: Samsung New PC Studio -- Tej instalacji nie można uruchomić bezpośrednio poprzez otworzenie pakietu MSI; należy uruchomić plik setup.exe.

System errors:

=============

Error: (01/21/2015 00:05:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:

StarOpen

Error: (01/21/2015 00:04:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Nie można uruchomić usługi Update BrowseMark z powodu następującego błędu:

%%2

Error: (01/21/2015 00:04:34 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\StarOpen.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (01/21/2015 11:43:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:

StarOpen

Error: (01/21/2015 11:43:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Nie można uruchomić usługi Update BrowseMark z powodu następującego błędu:

%%2

Error: (01/21/2015 11:42:41 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\StarOpen.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (01/21/2015 09:51:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:

StarOpen

Error: (01/21/2015 09:51:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Nie można uruchomić usługi Update BrowseMark z powodu następującego błędu:

%%2

Error: (01/21/2015 09:51:20 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: Ładowanie sterownika \SystemRoot\SysWow64\Drivers\StarOpen.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (01/21/2015 06:03:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:

StarOpen

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

  Date: 2014-12-12 12:14:39.315

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-12 12:13:07.174

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon HD Graphics

Percentage of memory in use: 33%

Total physical RAM: 3563.75 MB

Available physical RAM: 2354.05 MB

Total Pagefile: 7125.68 MB

Available Pagefile: 5742.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:201.99 GB) (Free:158.87 GB) NTFS

Drive d: () (Fixed) (Total:263.67 GB) (Free:194.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 86C8CB7E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=202 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=263.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin....

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by user at 2015-01-21 15:07:22 Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1512879373-3691502714-2910520631-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
C:\Program Files (x86)\LiveSupport
S4 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [X]
S2 Update BrowseMark; "C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe" [X]
S3 DUMeterDrv; \??\C:\DU Meter\DUMETR64.SYS [X]
U3 NPF; No ImagePath
2014-04-23 00:12 - 2014-04-23 00:14 - 0000801 _____ () C:\Users\user\AppData\Roaming\LiveSupport.exe_log.txt
2014-04-23 00:12 - 2014-04-23 00:14 - 0000092 _____ () C:\Users\user\AppData\Roaming\regsvr32.exe_log.txt
2014-04-23 01:08 - 2014-12-19 13:06 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:70188419
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
Emptytemp:
end



*****************

HKU\S-1-5-21-1512879373-3691502714-2910520631-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LiveSupport => value deleted successfully.
"C:\Program Files (x86)\LiveSupport" => File/Directory not found.
ICM_UpdaterService => Service deleted successfully.
Update BrowseMark => Service deleted successfully.
DUMeterDrv => Service deleted successfully.
NPF => Service deleted successfully.
C:\Users\user\AppData\Roaming\LiveSupport.exe_log.txt => Moved successfully.
C:\Users\user\AppData\Roaming\regsvr32.exe_log.txt => Moved successfully.
C:\ProgramData\LauncherAccess.dt => Moved successfully.
C:\Windows => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
C:\ProgramData\TEMP => ":260575F1" ADS removed successfully.
C:\ProgramData\TEMP => ":4673E9EA" ADS removed successfully.
C:\ProgramData\TEMP => ":70188419" ADS removed successfully.
C:\ProgramData\TEMP => ":78E0DF72" ADS removed successfully.
EmptyTemp: => Removed 94.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:08:28 ====

Link to post
Share on other sites

 

Wait for the prompt to restart the computer to appear

nothing appeared, did it manually-is that wrong?

 

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2015/01/21 15:18:31 +0100</date><logfile>mbam-log-2015-01-21 (15-18-30).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.4.1028</version><malware-database>v2015.01.21.06</malware-database><rootkit-database>v2015.01.14.01</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>user</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>331796</objects><time>1819</time><processes>0</processes><modules>0</modules><keys>1</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKU\S-1-5-21-1512879373-3691502714-2910520631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>c8897780375239fde1254932ca39e818</hash></key></items>

</mbam-log>

Link to post
Share on other sites

Did 'adwcleaner', this is what it found

 

# AdwCleaner v4.108 - Log utworzony 21/01/2015 o 16:11:51
# Aktualizacja 17/01/2015 przez Xplode
# Database : 2015-01-18.1 [Live]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : user - USER-KOMPUTER
# Ścieżka : C:\Users\user\Desktop\AdwCleaner 4.1.0.8.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Zadania ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Znaleziono : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klucz Znaleziono : HKCU\Software\Myfree Codec
Klucz Znaleziono : [x64] HKCU\Software\Myfree Codec
Klucz Znaleziono : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klucz Znaleziono : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klucz Znaleziono : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Klucz Znaleziono : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Znaleziono : HKLM\SOFTWARE\Myfree Codec
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 pl)


*************************

AdwCleaner[R0].txt - [2083 octets] - [21/01/2015 16:11:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2143 octets] ##########

 

Now, it asks me What I want to delete. Everything, right? I am a little concerned about sth going wrong (asked in 1st reply to You), I think now I will wait for you to reply before I delete it.

Link to post
Share on other sites

ok, deleted those things, I'm little paranoid but it was from the "SOFTWARE" section so I 'risked' ;)

here's the log

 

AdwCleaner

 

# AdwCleaner v4.108 - Log utworzony 21/01/2015 o 16:32:39
# Aktualizacja 17/01/2015 przez Xplode
# Database : 2015-01-18.1 [Live]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : user - USER-KOMPUTER
# Ścieżka : C:\Users\user\Desktop\AdwCleaner 4.1.0.8.exe
# Opcja : Usuń

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Zadania ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Usunięto : HKCU\Software\Myfree Codec
Klucz Usunięto : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klucz Usunięto : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klucz Usunięto : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klucz Usunięto : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Klucz Usunięto : HKLM\SOFTWARE\Myfree Codec

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 pl)


*************************

AdwCleaner[R0].txt - [2235 octets] - [21/01/2015 16:11:51]
AdwCleaner[R1].txt - [2295 octets] - [21/01/2015 16:28:03]
AdwCleaner[s0].txt - [2116 octets] - [21/01/2015 16:32:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2176 octets] ##########
 

and

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on 2015-01-21 at 16:41:39,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\9xflo70z.default\minidumps [93 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-01-21 at 16:52:36,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Microsoft's " Malicious Software Removal Tool"

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Jan 21 17:11:05 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 21 17:21:15 2015


Return code: 0 (0x0)

Link to post
Share on other sites

OH NO NO NO NO NO NO NO NO................No!! My FireFox Bookmarks are gone....my life depends on them, I cannot lose it, I forgot to save them, I'm in BIG trouble

I must have them Back, if that means getting the virus/malware, whatever back too, I'm In

I cannot even think right now, screaming for help guys... somebody please say it's reversible

Link to post
Share on other sites

I do not understand why your bookmarks were missing, I do see anything in the logs to show that action??

 

Next,

 

Why this even happend? I knew I should've waited

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\9xflo70z.default\minidumps [93 files]

it's that, right?


Nothing to worry about, minidump folder contains crash information from Firefox..

Question about JRT

"click JRT.exe and select "Run as Administrator"

I did That, so why in log it says

"Ran by user on.."

shouldn't be "as Administrator" ???


yes user is your admin account

Look at where FRST was run from:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by user (administrator) on USER-KOMPUTER on 21-01-2015 12:05:42
Running from C:\Users\user\Desktop

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Let me see the log from Malwarebytes, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

I do not understand why your bookmarks were missing, I do see anything in the logs to show that action??

Well, it happened, thought that this"Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\9xflo70z.default\minidumps [93 files" is the information about cleared bookmarks.

and I was sure that after "Junkware Removaltool" they were there. and now, when you say it's sth else(the minidumps) I'm sure that it happened after running Microsoft's malware removal tool.

 

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

nothing was detected

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

I could't do that, that's why I've posted from .xml file that saved automatically. All i got was a list of actions, and I searched for "scan" there, but couldn't open. I will run malwarebytes scan now again and try again.

 

 

But, I'm not sure if everything's all right. I had (before doing what you said) a unknown account. I saw a folder that wasn't there previously, opened it, there was only "install" file, I clicked properties and saw that besides user and administrator account there was "not identified account"-that's the name and it started with S-1-0-5-5 sth like that, i wrote it down but I cannot find it so I'm not able to write rest of the numbers. I clicked on it and i unchecked 2 things and the account was gone. That's what worries me-not sure if there are more of these accounts. Then by accident I clicked on it and it showed "do you want to install microsoft silverlight........". So it looks to be microsoft's file. Previously (waiting for your first instructions) I had updated all plug-ins (flash, shockwave, microsoft silverlight) so maybe that's way the folder/file appeared. But don't understand why this weird account was there.

 

Another thing, in the tray icons, bottom right corner there's "mod_frst.exe" Don't know that.

Link to post
Share on other sites

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

 

it doesn't want a restart

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Let me see the log from Malwarebytes, also give an update on any remaining issues or concerns....

 

is that what you wanted?

Protection, 2015-01-23 08:05:10, SYSTEM, USER-KOMPUTER, Protection, Malware Protection, Starting,

Protection, 2015-01-23 08:05:10, SYSTEM, USER-KOMPUTER, Protection, Malware Protection, Started,

Protection, 2015-01-23 08:05:10, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Starting,

Protection, 2015-01-23 08:05:11, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Started,

Update, 2015-01-23 08:05:26, SYSTEM, USER-KOMPUTER, Manual, Malware Database, 2015.1.21.7, 2015.1.23.2,

Protection, 2015-01-23 08:05:26, SYSTEM, USER-KOMPUTER, Protection, Refresh, Starting,

Protection, 2015-01-23 08:05:26, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Stopping,

Protection, 2015-01-23 08:05:26, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Stopped,

Protection, 2015-01-23 08:05:40, SYSTEM, USER-KOMPUTER, Protection, Refresh, Success,

Protection, 2015-01-23 08:05:40, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Starting,

Protection, 2015-01-23 08:05:40, SYSTEM, USER-KOMPUTER, Protection, Malicious Website Protection, Started,

Scan, 2015-01-23 08:40:53, SYSTEM, USER-KOMPUTER, Manual, Start:2015-01-23 08:06:00, Duration:34 min 52 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

Link to post
Share on other sites

I would like to see the log from Malwarebytes scan,

 

Open Malwarebytes select > History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply. It will look similar to the following example

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/01/2015
Scan Time: 10:09:53
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.03
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: XXXXX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334050
Time Elapsed: 17 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Post that log, also let me know if there are any reaining issues or concerns..

 

Thank you,

 

Kevin

Link to post
Share on other sites

I would like to see the log from Malwarebytes scan,

 

Open Malwarebytes select > History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply. It will look similar to the following example- no it Won't, icannot do that, it only saves as a list I cannot open it, only can show automatically saved .xml file

 

 

 

also let me know if there are any reaining issues or concerns..-Yes, there are, all the ones you haven't answered

from quarantine(previous reply)-ScreenShot

and this

But, I'm not sure if everything's all right. I had (before doing what you said) a unknown account. I saw a folder that wasn't there previously, opened it, there was only "install" file, I clicked properties and saw that besides user and administrator account there was "not identified account"-that's the name and it started with S-1-0-5-5 sth like that, i wrote it down but I cannot find it so I'm not able to write rest of the numbers. I clicked on it and i unchecked 2 things and the account was gone. That's what worries me-not sure if there are more of these accounts. Then by accident I clicked on it and it showed "do you want to install microsoft silverlight........". So it looks to be microsoft's file. Previously (waiting for your first instructions) I had updated all plug-ins (flash, shockwave, microsoft silverlight) so maybe that's way the folder/file appeared. But don't understand why this weird account was there.

 

Another thing, in the tray icons, bottom right corner there's "mod_frst.exe" Don't know that.(also with printscreen)

Link to post
Share on other sites

The screenshot shows a potentially unwanted program (PUP) that has been removed and placed into "Quarantine" if you know and trust that software you can either "Restore" or "Delete" that depends on you.....

 

If you cannot produce a log from the latest scan with Malwarebytes you are not following the instructions correctly.... The log you did show was a protection log, not a scan log.

 

Look at the following two images, it shows how to follow steps 1 to 5 to produce a scan log, Open Malwarebytes then follow the steps....

 

When "Copy to Clipboard" has been selected open a reply to this message, right click into the text field and select "Paste" the log will be pasted to the reply.....

 

Or if you want to save that log, Open "Notepad" right click into the text field and select "Paste" the log will be copied to Notepad, save that as you would normally....

post-3601-0-88293000-1422021699_thumb.pn

post-3601-0-98573300-1422021712_thumb.pn

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-01-23
Scan Time: 15:11:40
Logfile: fgdfh.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.04
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331871
Time Elapsed: 28 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I forgot to mention: after doing everything with removing malware-as was in your instructions, I restared computer and it was ok but next day after booting this came up "do you want to open MarkAny" ->No. Looked for that on drives and found MarkAny/ContentSafer folder , I don't have it in add/remove list. I didn't install anything besides the stuff you told me too. Only removed Samsung Kies. and it appears to be from samsung-mark any/content safer folder. How can I make sure I delete everything associated with it. Why is that, that after using one after another malware removing tool I get mod_frst.exe now this and that unknown user account. Why after uninstalling Microsoft Silverlight a folder appeared with installer and unknown account attached to it. I think there is STILL something inside that none of these programs/scans has detected. What do You think?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.