[Closed] Request for help with continuous Trojan horse problem on Win7

By mirekkazek
May 11, 2012
Topic Status:
Not open for further replies.
  1. Hello. I have an urgent problem with my windows 7. I know someone had a similar one, but it is not the only thing that goes wrong.
    My AVG continuously finds on my computer Trojan Horse Crypt.AQLW.
    It shows every feew minuts the monit, that some .dll file in C:\windows\system32 (each time it is a different file (e.g. now it is comhost.dll)

    The monit also says that it concerns process \\.\globalroot\SyStemRoot\system32\svchost.exe

    It seems that AVG finds and deletes/puts to Quarantine each of those files, but it is really disturbing as it pops up very often. Also, I'm afraid if it is something really serious or not that bad?

    Moreover, my windows has just lost its wallpaper - it went black and as it cannot see picture files.

    I am quite green at that stuff, could you, please walk me through this log stuff - I haven't done it before.
    Could you help me, please?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll be glad to help with the malware.

    You can go ahead and run this first:
    Download Unhide.exeand save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
    Note 2: It is important that you do not delete any files from your Temp folder or use any temp file cleaners

    The malware may cause other "cosmetic" problems- they can be fixed. But they may recur until we remove all of the malware:
    Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =================================================
    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ===============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    Please leave the logs in your next reply: 2 from DDS, 1 from Malwarebytes and 1 from GMER-if there is one.
  3. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    unfortunately, as for the wallpaper it is not the matter of the scheme - it changed, but background is still black. (also, folders with graphic files and graphic files don't have any icon at all).
    As for logs - here is the first one - from Malwarebytes. It didn't find anything, but even during the scan AVG stopped some trojans.
    Her is the log - next one coming as soon as they are ready:


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.12.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    MIRO :: MIRO-KOMPUTER [administrator]

    Protection: Enabled

    2012-05-12 14:37:13
    mbam-log-2012-05-12 (14-37-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216275
    Time elapsed: 8 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    1st DDS log:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by MIRO at 14:50:59 on 2012-05-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3037.1389 [GMT 2:00]
    .
    AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\nvvsvc.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Lenovo\Energy Management\utility.exe
    C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\windows\system32\conhost.exe
    C:\Program Files\Opera\opera.exe
    C:\windows\system32\svchost.exe -k apphost
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k hpdevmgmt
    C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgcfgex.exe
    C:\windows\explorer.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\notepad.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
    mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
    IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://87.116.199.52/camclictrl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} - hxxp://217.96.52.154:82/iqweb.ocx
    DPF: {F9F6A5CD-76C1-4BE7-8F49-5D4183F9FAC5} - hxxps://www.otineo.com/resources/com.otineo.survey.ui.personal.softphone.SoftphonePanel/OtineoSoftphone.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{2D61E27A-22F2-42C0-8781-88B7B0FACBC4} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{2D61E27A-22F2-42C0-8781-88B7B0FACBC4}\4656661657C647 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{2D61E27A-22F2-42C0-8781-88B7B0FACBC4}\A41425341425F537B6C65607F523231363336333 : DhcpNameServer = 82.168.1.1 192.168.0.1
    TCP: Interfaces\{2D61E27A-22F2-42C0-8781-88B7B0FACBC4}\A41636B637022556374716572716E64702D202A51607271637A716D697 : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-5-21 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-21 52872]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-5-21 24856]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29712]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 243152]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-19 218688]
    R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-11-20 54800]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-12 654408]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-5-21 122448]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-5-21 30288]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-5-21 20560]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-12 22344]
    R3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-20 66080]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 AMService;AMService;c:\windows\temp\mjsvag\setup.exe run --> c:\windows\temp\mjsvag\setup.exe run [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2009-12-18 56088]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-12 8192]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-20 29472]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-28 36640]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-20 4231680]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-15 171520]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-4-27 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-4-27 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-4-27 123648]
    S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2011-4-27 100224]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
    S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
    S3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-11-20 11792]
    S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
    .
    =============== Created Last 30 ================
    .
    2012-05-12 12:36:16 -------- d-----w- c:\users\miro\appdata\roaming\Malwarebytes
    2012-05-12 12:36:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-12 12:36:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-12 12:36:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-11 21:11:20 -------- d-s---w- C:\ComboFix
    2012-05-10 05:03:32 -------- d-----w- C:\fbb5b84d456018be4690d2f6
    2012-05-10 05:00:29 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-10 05:00:26 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2012-05-10 05:00:20 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-10 05:00:20 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-10 05:00:19 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-05-10 04:59:14 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-10 04:59:11 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-09 20:55:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-05-06 17:58:15 1772544 ----a-w- c:\windows\system32\dsetup32.dll
    2012-05-06 17:57:26 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
    2012-05-06 17:54:36 127488 ----a-w- c:\windows\system32\DSETUP.DLL
    2012-05-06 17:50:34 -------- d-----w- c:\program files\Worms
    2012-05-06 17:06:11 -------- d-----w- c:\program files\TryMedia
    2012-05-04 20:44:12 -------- d-----w- c:\program files\Rockstar games
    2012-04-27 10:06:24 -------- d-----w- c:\users\miro\appdata\local\{7C97460C-2299-41E5-AECF-C686D2347039}
    2012-04-27 10:06:22 -------- d-----w- c:\users\miro\appdata\local\{4C0F6A9A-AC49-490B-BD56-E16D7891D0E0}
    2012-04-27 10:03:31 -------- d-----w- c:\windows\pl
    2012-04-27 10:00:25 89944 ----a-w- c:\program files\common files\windows live\.cache\91379c9e1cd245c02\DSETUP.dll
    2012-04-27 10:00:25 537432 ----a-w- c:\program files\common files\windows live\.cache\91379c9e1cd245c02\DXSETUP.exe
    2012-04-27 10:00:25 1801048 ----a-w- c:\program files\common files\windows live\.cache\91379c9e1cd245c02\dsetup32.dll
    2012-04-27 09:54:44 -------- d-----w- c:\users\miro\appdata\local\{140818D8-FDB9-4B42-802F-FADAC818BBCB}
    2012-04-12 19:50:41 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 19:50:41 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 19:50:41 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 19:50:41 159232 ----a-w- c:\windows\system32\imagehlp.dll
    .
    ==================== Find3M ====================
    .
    2012-05-09 20:55:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-09 20:55:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-23 19:19:58 761152 ----a-w- c:\windows\system32\msvcr100.dll
    2012-03-08 16:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2012-03-08 16:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 10:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2010-08-03 09:11:16 819200 --sha-w- c:\windows\system32\xvidcore.dll
    2010-08-03 09:11:16 180224 --sha-w- c:\windows\system32\xvidvfw.dll
    .
    ============= FINISH: 14:52:24,55 ===============
  5. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    2nd DDS log:




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2009-12-18 10:52:59
    System Uptime: 2012-05-12 13:22:51 (1 hours ago)
    .
    Motherboard: LENOVO | | NITU1
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 253 GiB total, 90,503 GiB free.
    D: is FIXED (NTFS) - 30 GiB total, 1,193 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Deskjet F4500 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: BCM2046 Bluetooth Module
    Device ID: USB\VID_0A5C&PID_2150\0C6076B87F81
    Manufacturer: Broadcom
    Name: BCM2046 Bluetooth Module
    PNP Device ID: USB\VID_0A5C&PID_2150\0C6076B87F81
    Service: BTHUSB
    .
    ==== System Restore Points ===================
    .
    RP540: 2012-04-23 15:22:20 - Zaplanowany punkt kontrolny
    RP542: 2012-04-25 15:35:23 - Avg Update
    RP544: 2012-04-27 12:00:34 - Windows Live Essentials
    RP546: 2012-04-27 12:01:15 - Zainstalowany program DirectX
    RP548: 2012-04-27 12:01:40 - Zainstalowany program DirectX
    RP549: 2012-04-27 12:02:12 - WLSetup
    RP551: 2012-05-06 19:43:30 - Revo Uninstaller's restore point - Worms 2
    RP552: 2012-05-10 06:49:47 - Windows Update
    RP553: 2012-05-10 06:58:12 - Windows Update
    RP554: 2012-05-10 18:50:04 - Windows Update
    .
    ==== Installed Programs ======================
    .
    1-abc.net Password Organizer (Remove only)
    32 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1 - Polish
    Adobe Shockwave Player 11.5
    ALPS Touch Pad Driver
    Anki
    Archiwizator WinRAR
    Ashampoo Burning Studio 2010 Advanced
    Audacity 1.2.6
    AVG 9.0
    Broadcom Gigabit Integrated Controller
    BufferChm
    Conexant HD Audio
    Cool Edit Pro 2.1
    Copy
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DivX Setup
    DJ_AIO_06_F4500_SW_MIN
    Dropbox
    EasyCapture
    Energy Management
    F4500
    FileZilla Client 3.3.3
    Gadu-Gadu 10
    Galeria fotografii usługi Windows Live
    GIMP 2.6.9
    GOM Player
    GPBaseService2
    GSM 1.1.4.2
    GST 2.3.8.4
    Guitar Pro 5.2
    Hiszpański - Mówisz I rozumiesz
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
    HP Imaging Device Functions 14.0
    HP Solution Center 14.0
    HPPhotoGadget
    HPProductAssistant
    Intel® Matrix Storage Manager
    InterVideo DeviceService
    Java Auto Updater
    Java(TM) 6 Update 29
    LAME v3.98.2 for Audacity
    Lenovo Bluetooth with Enhanced Data Rate Software
    Lenovo EasyCamera
    Lenovo OneKey Recovery
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile PLK Language Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Polish) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Polish) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Polish) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Polish) 2010
    Microsoft Office Language Pack 2010 - Polish/Polski
    Microsoft Office O MUI (Polish) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Polish) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Polish) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Polish) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Polish) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Polish) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Polish) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Polish) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer MUI (Polish) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (Polish) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Polish) 2010
    Microsoft Office X MUI (Polish) 2010
    Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Professional 2002 [English]
    Microsoft Visio Professional 2010
    Microsoft Visio Viewer 2002
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    NokiaFREE Unlock Codes Calculator
    NVIDIA Drivers
    Opera 11.62
    Pajączek 5 NxG PRO - Deinstalacja
    Podstawowe programy Windows Live
    Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
    QT Lite 4.1.0
    Real Alternative 2.0.2
    Realtek USB 2.0 Card Reader
    Revo Uninstaller 1.85
    SAGEM F@st 800-840
    Samsung Kies
    Samsung Mobile phone USB driver Drive Software
    SAMSUNG USB Driver for Mobile Phones
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)
    Składniki łączności pakietu Microsoft Office Small Business
    Skype™ 5.5
    SolutionCenter
    Status
    Super Mario 3 : Mario Forever
    SuperMemo UX - Hiszpański. No hay problema!+ 1
    SuperMemo UX - Hiszpański. No hay problema!+ 2
    SuperMemo UX - Hiszpański. No hay problema!+ 3
    System Requirements Lab CYRI
    Toolbox
    Total Commander (Remove or Repair)
    TrayApp
    Ubuntu
    Ulead VideoStudio 11
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.4053
    VideoStudio
    Vividas Player Plugin v4.1
    WebReg
    Windows Live Communications Platform
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WorldUnlock Codes Calculator
    Worms 2
    .
    ==== End Of File ===========================
  6. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    GMER log:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-12 15:09:55
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: gmer.exe; Driver: C:\Users\MIRO\AppData\Local\Temp\aftciaod.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [8BCBA360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BCBA360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BCBA360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device 85D611F8
    Device Ntfs.sys (Sterownik systemu plików NT/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
  7. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    Thanks a lot for your interest and willingness to help. It starts to making me nervous as residential schield keeps telling me about new trojans. I also need my comp as I am finishing my thesis - I have a backup on dropbox, but don't really have other machine to do it.
    Well, thanks again and I am waiting for some instructions. Have a nice day!
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Once we find and remove the malware, hopefully we can get the setting back to normal.

    Can you translate or tell me what these are please:
    ===============================================
    I see you have Combofix on the system: 2012-05-11 21:11:20 -------- d-s---w- C:\ComboFix
    IF you uninstalled AVG first, then ran a scan, update, run a new scan and leave the new log
    IF you did NOT uninstall AVG first and turn any other security off for the scan, please follow directions below:

    To uninstall Combofix, then reinstall to run, do this:
    • Click START> then RUN
    Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    You will need to temporarily uninstall AVG as Combofix will not run with it and we cannot disable AVG for the scan, please do as follows:

    Download AppRemoverand save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus


    ============================================

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    Please leave both logs in your next reply.
  9. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    those frases are:
    Hiszpański - Mówisz I rozumiesz -> Spanish learnign program
    Pajączek 5 NxG PRO - Deinstalacja -> Deinstalator of a program for making web pages in HTML
    Podstawowe programy Windows Live -> Basic Windows Live Programs
    Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile -> Polish language package for Microsoft .NET Framework 4 Client Profile


    About the AV - do I have to delete it and then install e.g. Ms Sec. Essentials? or delete AVG, run combofix and then install Ms SE? I have to be offline doing it, right?
  10. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    Also, Combofix /Uninstall in the Run doesn't work - it says it cannot find it. I have a Combofix folder in C, but when I attempt to enter it, it brings me back to My Computer.
    Combofix isn't also in the Uninstall list of Windows (I'm not sure if it should be there normally)
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, I'll delete the old Combofix Directory from the Registry. You may have partly uninstalled it when you had previously.

    As for handling the AV.

    Step 1: Download the AppRemover and save it to the desktop> don't run yet.
    Step 2: Download whichever temporary AV you want to use while AVG is off the system> don't run yet
    Step 3: Download Combofix and save to the desktop> don't run yet

    Step 4: Go to File> Click on Work Offline> Double click to run the AppRmover and remove AVG
    Step 5: Then double click on the new AV to run>>Note: it will not update since you are off line
    Step 6: Go to File> Uncheck Work Offline

    Step 7: Double click on Combofix to install. Before you run the scan itself, disable the AV.
     
  12. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    Combofix finished its work. It took him veeery long, but it repared the wallpaper problem. This is the log:

    ComboFix 12-05-12.01 - MIRO 2012-05-12 23:18:49.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3037.2294 [GMT 2:00]
    Uruchomiony z: c:\users\MIRO\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB36054$\3154194647\@
    c:\windows\$NtUninstallKB36054$\3154194647\cfg.ini
    c:\windows\$NtUninstallKB36054$\3154194647\Desktop.ini
    c:\windows\$NtUninstallKB36054$\3154194647\L\xadqgnnk
    c:\windows\$NtUninstallKB36054$\3154194647\twl.dll
    c:\windows\$NtUninstallKB36054$\3154194647\U\00000001.@
    c:\windows\$NtUninstallKB36054$\3154194647\U\00000002.@
    c:\windows\$NtUninstallKB36054$\3154194647\U\00000004.@
    c:\windows\$NtUninstallKB36054$\3154194647\U\80000000.@
    c:\windows\$NtUninstallKB36054$\3154194647\U\80000004.@
    c:\windows\$NtUninstallKB36054$\3154194647\U\80000032.@
    c:\windows\$NtUninstallKB36054$\3154194647\version
    c:\windows\$NtUninstallKB36054$\3363730420
    c:\windows\IsUn0415.exe
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\system32\6to4.dll
    c:\windows\system32\aavmker4.dll
    c:\windows\system32\anbmservice.dll
    c:\windows\system32\appnnode.dll
    c:\windows\system32\automate6.dll
    c:\windows\system32\bdfsfltr.dll
    c:\windows\system32\BlueSoleilCS.dll
    c:\windows\system32\bthidenum.dll
    c:\windows\system32\citrixwmiservice.dll
    c:\windows\system32\comhost.dll
    c:\windows\system32\ctxcpuusync.dll
    c:\windows\system32\DC21x4.dll
    c:\windows\system32\DCamUSBMke.dll
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\emu10k.dll
    c:\windows\system32\hidusb.dll
    c:\windows\system32\hkmsvc.dll
    c:\windows\system32\httpfilter.dll
    c:\windows\system32\https-nassry.dll
    c:\windows\system32\iam.dll
    c:\windows\system32\id2scaps.dll
    c:\windows\system32\idechndr.dll
    c:\windows\system32\inetaccs.dll
    c:\windows\system32\ipassconnectengine.dll
    c:\windows\system32\irbus.dll
    c:\windows\system32\lxbt_device.dll
    c:\windows\system32\MASPINT.dll
    c:\windows\system32\mbmiodrvr.dll
    c:\windows\system32\megamonitorsrv.dll
    c:\windows\system32\msdtc.dll
    c:\windows\system32\mssql$sony_mediamgr.dll
    c:\windows\system32\mstdc.dll
    c:\windows\system32\muzapp.exe
    c:\windows\system32\ndiscm.dll
    c:\windows\system32\Ndisipo.dll
    c:\windows\system32\NETw3v32.dll
    c:\windows\system32\NETw5x32.dll
    c:\windows\system32\NVENET.dll
    c:\windows\system32\osanbm.dll
    c:\windows\system32\ossrv.dll
    c:\windows\system32\ownershipprotocol.dll
    c:\windows\system32\proxyhostmirrordisplay.dll
    c:\windows\system32\qbreminderflash.dll
    c:\windows\system32\roxupnprenderer.dll
    c:\windows\system32\savscan.dll
    c:\windows\system32\scarddrv.dll
    c:\windows\system32\smtpd32.dll
    c:\windows\system32\ssisvr32.dll
    c:\windows\system32\sthda.dll
    c:\windows\system32\StkAMini.dll
    c:\windows\system32\symappcore.dll
    c:\windows\system32\sympxsvc.dll
    c:\windows\system32\tapeware.dll
    c:\windows\system32\teefer2.dll
    c:\windows\system32\toscosrv.dll
    c:\windows\system32\trayman.dll
    c:\windows\system32\tvalz.dll
    c:\windows\system32\VC6SecS.dll
    c:\windows\system32\vcsw.dll
    c:\windows\system32\W55U01.dll
    c:\windows\system32\WacomVKHid.dll
    c:\windows\system32\windrvNT.dll
    c:\windows\system32\wlancig.dll
    c:\windows\system32\wmpnetworksvc.dll
    c:\windows\system32\ZSMC211.dll
    c:\windows\system32\ZuneWlanCfgSvc.dll
    c:\windows\UA000088.DLL
    .
    Zainfekowana kopia c:\windows\system32\drivers\netbt.sys została znaleziona. Problem naprawiono
    Plik odzyskano z - The cat found it :)
    c:\windows\system32\drivers\tdx.sys - brakowało pliku
    Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_aclient
    -------\Service_admservice
    -------\Service_ageresoftmodem
    -------\Service_akshhl
    -------\Service_AmeLanPc
    -------\Service_AMService
    -------\Service_ARPolicy
    -------\Service_atitool
    -------\Service_bt
    -------\Service_btwmodem
    -------\Service_cdudf_xp
    -------\Service_cfosspeed
    -------\Service_delldmi
    -------\Service_dlaudf_m
    -------\Service_EhttpSrv
    -------\Service_elnkservice
    -------\Service_Epiusb
    -------\Service_epsonbidirectionalservice
    -------\Service_F700imd
    -------\Service_genregistrar
    -------\Service_grmnusb
    -------\Service_gv3
    -------\Service_GVCplDrv
    -------\Service_imagesrv
    -------\Service_Intels51
    -------\Service_iteatapi
    -------\Service_ixiaendpoint
    -------\Service_L8042Kbd
    -------\Service_M3AD
    -------\Service_modemcsa
    -------\Service_mssql$sqlexpress
    -------\Service_MXOFX
    -------\Service_nbservice
    -------\Service_nisvcloc
    -------\Service_nsm1mdfl
    -------\Service_OEM02Vfx
    -------\Service_olregcap
    -------\Service_oracleorahome811cman
    -------\Service_osaio
    -------\Service_ownershipprotocol
    -------\Service_PAR1284
    -------\Service_PCDCODEC
    -------\Service_Pctspk
    -------\Service_prevxdriver
    -------\Service_psadd
    -------\Service_regsrvc
    -------\Service_rvsinst
    -------\Service_sagefserver
    -------\Service_SaiU040B
    -------\Service_savrtpel
    -------\Service_SE2Dmdm
    -------\Service_se45obex
    -------\Service_SNC
    -------\Service_spsslm
    -------\Service_steamdvr
    -------\Service_tpkd
    -------\Service_usbcm
    -------\Service_wg5n
    -------\Service_WLAN_USB
    -------\Service_xusb21
    -------\Service_yukonwlh
    -------\Service_z800mdfl
    -------\Service_ZSMC211
    -------\Service_OVT511Plus
    -------\Service_WINFLASH
    .
    .
    ((((((((((((((((((((((((( Pliki utworzone od 2012-04-12 do 2012-05-12 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-09 20:55 . 2012-04-01 20:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-09 20:55 . 2011-06-17 05:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-27 10:02 . 2010-06-24 10:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-03-23 19:19 . 2012-04-11 19:17 761152 ----a-w- c:\windows\system32\msvcr100.dll
    2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-01 05:46 . 2012-04-12 19:50 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 05:37 . 2012-04-12 19:50 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 05:33 . 2012-04-12 19:50 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 05:29 . 2012-04-12 19:50 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-28 01:18 . 2012-04-12 19:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11 . 2012-04-12 19:55 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-12 19:55 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03 . 2012-04-12 19:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-17 05:34 . 2012-03-13 18:53 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 04:14 . 2012-03-13 18:53 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13 . 2012-03-13 18:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    .
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\MIRO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\MIRO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\MIRO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^MIRO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bitcoin.lnk]
    path=c:\users\MIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk
    backup=c:\windows\pss\Bitcoin.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^MIRO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\MIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^MIRO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\MIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^MIRO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pajączek NxG Updater.exe]
    path=c:\users\MIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pajączek NxG Updater.exe
    backup=c:\windows\pss\Pajączek NxG Updater.exe.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
    2010-11-19 11:02 2590208 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-01-29 21:11 888120 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-04-27 13:02 13824 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-01-29 21:11 3372856 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
    2011-07-21 22:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    2007-09-12 11:17 340136 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2007-02-07 56088]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-11 8192]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 100224]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 691696]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-19 218688]
    S1 funfrm;funfrm; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    OVT511Plus
    WINFLASH
    .
    .
    ------- Skan uzupełniający -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
    DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
    DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://87.116.199.52/camclictrl.cab
    DPF: {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} - hxxp://217.96.52.154:82/iqweb.ocx
    DPF: {F9F6A5CD-76C1-4BE7-8F49-5D4183F9FAC5} - hxxps://www.otineo.com/resources/com.otineo.survey.ui.personal.softphone.SoftphonePanel/OtineoSoftphone.cab
    .
    - - - - USUNIĘTO PUSTE WPISY - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-MCODS
    MSConfigStartUp-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe
    MSConfigStartUp-cacaoweb - c:\users\MIRO\AppData\Roaming\cacaoweb\cacaoweb.exe
    MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
    AddRemove-SuperMemo UX - Hiszpański. No hay problema!+ 1 - c:\windows\IsUn0415.exe
    AddRemove-SuperMemo UX - Hiszpański. No hay problema!+ 2 - c:\windows\IsUn0415.exe
    AddRemove-SuperMemo UX - Hiszpański. No hay problema!+ 3 - c:\windows\IsUn0415.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
    .
    - - - - - - - > 'Explorer.EXE'(3728)
    c:\users\MIRO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Czas ukończenia: 2012-05-13 00:59:02 - komputer został uruchomiony ponownie
    .
    Przed: 112 608 178 176 bajtów wolnych
    Po: 112 514 482 176 bajtów wolnych
    .
  13. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    As for on-line scanning, I'm performing it now, but it's gonna take some time and it is quite late, but I'll try to put is asap.
  14. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    ESET ONLINE SCAN log is as follows:

    C:\Qoobox\Quarantine\C\Windows\system32\anbmservice.dll.vir Win32/Sirefef.ER trojan
    C:\Qoobox\Quarantine\C\Windows\system32\idechndr.dll.vir Win32/Sirefef.ER trojan
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir Win32/Sirefef.DA trojan
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir_ Win32/Sirefef.DA trojan
    C:\Users\MIRO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2357adf2-4a6d6358 a variant of OSX/Exploit.Smid.D trojan
    C:\Users\MIRO\Documents\instalki\Microsoft.Office.2010.ProfessionalPlus.Final.VL.Edition.x86-ZWTiSO\activator.rar a variant of Win32/HackKMS.A application
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys Win32/Sirefef.DA trojan
    C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys a variant of Win32/Sirefef.DA trojan
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There are quite a few irregularities on this system in addition to the ZeroAccess Rootkit. Additionally,Microsoft .Office 2010 ProfessionalPlus Final.VL Edition has been pirated. There are entries for professional surveillance cameras.

    Please run the following:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =======================================================
    Please download WVCheck from one of the following Links:
    Latest EXE download
    Latest ZIP Download
    • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
      [​IMG]
    • As indicated by the prompt, This program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file as a reply.
    =====================================================

    Follow with
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
  16. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    CKScanner log:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\cream software\pajaczek 5 nxg\docs\php\function.crack-check.html
    c:\program files\cream software\pajaczek 5 nxg\docs\php\function.crack-closedict.html
    c:\program files\cream software\pajaczek 5 nxg\docs\php\function.crack-getlastmessage.html
    c:\program files\cream software\pajaczek 5 nxg\docs\php\function.crack-opendict.html
    c:\program files\cream software\pajaczek 5 nxg\docs\php\function.mhash-keygen-s2k.html
    c:\program files\cream software\pajaczek 5 nxg\docs\php\ref.crack.html
    c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
    c:\program files\rockstar games\gta sa\data\decision\craig\crack1.ped
    c:\users\miro\appdata\local\opera\opera\icons\crackedscripts.com.idx
    c:\users\miro\appdata\local\opera\opera\icons\http%3a%2f%2fwww.cracked.com%2ffavicon.ico
    c:\users\miro\appdata\local\opera\opera\icons\www.cracked.com.idx
    c:\users\miro\appdata\roaming\cream software\pajaczek-crack.exe
    c:\users\miro\appdata\roaming\cream software\pajaczek 5 nxg\settings\pajaczek-crack.exe
    c:\users\miro\appdata\roaming\cream software\pajaczek_pro_full\pajaczek-crack.exe
    c:\users\miro\desktop\cool.edit.pro.v2.1.winall.with.user.manual.incl.crack-ror.zip
    c:\users\miro\documents\instalki\pajaczek_pro_full\pajaczek-crack.exe
    scanner sequence 3.HH.11.WIAPBT
    ----- EOF -----


    WVCheck log


    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 2251_15-05-2012
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows 7 Service Pack 1
    Windows Mode: Normal
    Systemroot Path: C:\windows

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2012-05-14 19:38:58
    Last Success Time for Update Download: 2012-05-10 05:01:49
    Last Success Time for Update Installation: 2012-05-10 16:56:37


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    C:\Windows\System32\slwga.dll
    Size: 14336 bytes
    Creation; 8/7/2011 19:44:25
    Modification; 20/11/2010 13:21:24
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
    Size: 13824 bytes
    Creation; 14/7/2009 1:36:22
    Modification; 14/7/2009 3:16:15
    MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
    Size: 14336 bytes
    Creation; 9/2/2011 18:55:26
    Modification; 21/12/2010 6:38:16
    MD5; 2008845b41d561fb77b77bbe0045099e
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
    Size: 14336 bytes
    Creation; 9/2/2011 18:55:26
    Modification; 21/12/2010 6:29:6
    MD5; 2332de32759ebcc691850e092b2564a6
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
    Size: 14336 bytes
    Creation; 8/7/2011 19:44:25
    Modification; 20/11/2010 13:21:24
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


    -------- End of File, program close at 2253_15-05-2012 --------
  17. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    MGA log


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-JKHXW-D9W83-FJQKD
    Windows Product Key Hash: AYaBykmfTHUVW5whGaYMeVJn0/U=
    Windows Product ID: 00359-OEM-8992687-00249
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {6B12883C-82E8-4A63-B530-F729706C2593}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Visio Professional 2002 [English] - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{6B12883C-82E8-4A63-B530-F729706C2593}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-FJQKD</PKey><PID>00359-OEM-8992687-00249</PID><PIDType>2</PIDType><SID>S-1-5-21-1180046307-1035285381-2495186085</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20023 </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>18CN37WW(V2.10) </Version><SMBIOSVersion major="2" minor="5"/><Date>20090918000000.000000+000</Date></BIOS><HWID>EB153507018400F8</HWID><UserLCID>0415</UserLCID><SystemLCID>0415</SystemLCID><TimeZone>Środkowoeuropejski czas stand.(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90510409-6D54-11D4-BEE3-00C04F990354}"><LegitResult>100</LegitResult><Name>Microsoft Visio Professional 2002 [English]</Name><Ver>10</Ver><Val>B07727A4C4B404C</Val><Hash>g7TU5cpk8XGUieJuay8QbOa4AXk=</Hash><Pid>54079-640-0000383-16445</Pid><PidType>14</PidType></Product></Products><Applications><App Id="51" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Wersja usługi licencjonowania oprogramowania: 6.1.7601.17514

    Nazwa: Windows(R) 7, HomePremium edition
    Opis: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Identyfikator aktywacji: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Identyfikator aplikacji: 55c92734-d682-4d71-983e-d6ec3f16059f
    Rozszerzony identyfikator PID: 00359-00178-926-800249-02-1045-7600.0000-2582009
    Identyfikator instalacji: 022193832035626185230643119294231852743854881741827090
    Adres URL certyfikatu procesora: http://go.microsoft.com/fwlink/?LinkID=88338
    Adres URL certyfikatu komputera: http://go.microsoft.com/fwlink/?LinkID=88339
    Adres URL licencji użytkowania: http://go.microsoft.com/fwlink/?LinkID=88341
    Adres URL certyfikatu klucza produktu: http://go.microsoft.com/fwlink/?LinkID=88340
    Częściowy klucz produktu: FJQKD
    Stan licencji: licencjonowano
    Licznik pozostałych operacji przywrócenia pierwotnego stanu licencjonowania systemu Windows: 2
    Godzina zaufana: 2012-05-15 22:56:28

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 4:1:2012 20:39
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAIAAQABAAEAAAACAAAAAwABAAEAeqi2H3cWNobmofaaoAz8aA7RjsHwOnT2Rso=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC PTLTD APIC
    FACP LENOVO CB-01
    DBGP LENOVO CB-01
    HPET LENOVO CB-01
    BOOT PTLTD $SBFTBL$
    MCFG LENOVO CB-01
    SLIC LENOVO CB-01
    SSDT PmRef CpuPm
    SSDT PmRef CpuPm
    SSDT PmRef CpuPm
  18. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    One more thing - I took my laptop to univ and when I came back, it doesn't want to go online. The icon in the tray sais it is connected, but that there is "Identifying in progress" (not sure how it is exactly in english version of Win, that's polish translation)
    Is it the matter of AVAST or sth else? I tried to de-activate Avast for a sec and it didn't help.
     
  19. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    I found out that the DNS Client (and DHCP, if it is important) is turned off and I cannot turn it on (error 1068).
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The Windows OS has not been validated.

    All of the software in the CK Scanner show pirated software.

    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66>>>
    The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems.

    The use of the function.crack in the piracy is also experimental.
    -------------------------------------------
    I do not support piracy. To continue, you will have to remove all pirated content from the system.

    -----------------------
  21. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    I don't know exactly what this part means
    <quote>WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66>>>
    The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems.

    The use of the function.crack in the piracy is also experimental.</quote>


    I will delete pirated software. only I cannot do it with Office, as I;m in the middle of my final project and have to do it. is it ok?
  22. mirekkazek

    mirekkazek Newcomer, in training Topic Starter Posts: 17

    and do you think internet problem is related to my problem or is it sth else? Luckily I have a linux as well (this is some version for which I didn't have to do partition, but it installed as a program in Win) and on Linux net works, but it is really disturbing, as I'm not used to it and I cannot write my project as it is in .docx and it isn't the same in free office.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Let me know when all of the pirated software has been removed> if you want support.

    I'm going to close the tread since you can't do it now and will reopen if after you have removed it.

    I don't know the cause of the problem. When you pirate software with cracks and keygens, you open your system to malware.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.