Inactive Sluggish computer...Virus and Malware checkup

beedu

Posts: 48   +0
Hello,
It's my second malware checkup request (the first one is still in progress ). While I'am waiting for the results of the first one , I would like to ask for another one. My second computer has become somehow sluggish and unresponsive without any particular reason. There's nothing unnecessary installed, and I believe the specs are sufficient enough.

Malwarebytes Anti-Malware (Okres testowy) 1.75.0.1300
www.malwarebytes.org

Wersja bazy: v2013.10.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Beata :: BEATA-KOMPUTER [administrator]

Ochrona: Włączona

2013-10-05 13:22:28
mbam-log-2013-10-05 (13-22-28).txt

Typ skanowania: Szybkie skanowanie
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 199154
Upłynęło: 7 minut(y), 36 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 0
(Nie znaleziono zagrożeń)

(zakończone)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-11-12 12:33:44
System Uptime: 2013-10-05 11:54:33 (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SAMSUNG_NP1234567890
Processor: AMD A6-4455M APU with Radeon(tm) HD Graphics | P0 | 1281/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 356,069 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP116: 2013-08-15 14:02:28 - Windows Update
RP117: 2013-08-18 17:05:13 - Windows Update
RP118: 2013-08-22 22:28:14 - Windows Update
RP119: 2013-08-23 06:25:52 - Windows Update
RP120: 2013-08-24 21:51:50 - Windows Update
RP121: 2013-08-30 23:08:03 - Windows Update
RP122: 2013-09-06 16:58:13 - Windows Update
RP123: 2013-09-17 18:16:04 - Windows Update
RP124: 2013-09-17 18:25:19 - Windows Update
RP125: 2013-09-21 19:45:08 - Windows Update
RP126: 2013-09-25 14:12:46 - Windows Update
RP127: 2013-09-25 15:52:14 - Revo Uninstaller's restore point - Kalydo Player 4.11.01
RP128: 2013-10-01 19:43:44 - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ??????????? ??? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Atheros Bluetooth Suite (64)
Atheros Client Installation Program
avast! Free Antivirus
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink YouCam
D3DX10
E-POP
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center
ESET Online Scanner v3
ETDWare PS/2-X64 10.7.13.1_WHQL
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii usługi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware wersja 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PLK Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Starter 2010 - Polski
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Moduł Szybka instalacja pakietu Microsoft Office 2010
Mozilla Firefox 22.0 (x86 pl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Multimedia POP
OpenOffice.org 2.4
Poczta usługi Windows Live
Podstawowe programy Windows Live
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Rysunek 3
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype™ 6.3
Software Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
User Guide
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.20 (64-bitowy)
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2
Run by Beata at 13:37:49 on 2013-10-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.3548.2348 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\lpksetup.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pl/
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.200.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A93EFB65-B55A-4BE2-BC7E-AF2B3629A448} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A93EFB65-B55A-4BE2-BC7E-AF2B3629A448}\3456C6C605960756F583246323 : DHCPNameServer = 194.204.152.34 194.204.159.1
TCP: Interfaces\{A93EFB65-B55A-4BE2-BC7E-AF2B3629A448}\E2A3A305279667164756A3A3E2 : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\6s23pvng.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-5-4 82048]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-5-4 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-5-8 32896]
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-27 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-27 189936]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-4-29 22600]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-3-27 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-3-27 378944]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-6-14 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-5-4 235520]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-3-27 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-3-27 80816]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-19 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-14 31624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2012-5-4 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2012-5-4 219776]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-2-10 95248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-9 551552]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-3-30 242512]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-14 648808]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-6-14 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2013-3-16 14448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-5-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-5-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-5-26 30208]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-17 1255736]
S3 zte_cdc_acm;ZTE All CDC-ACM driver;C:\windows\System32\drivers\zte_cdc_acm.sys [2012-11-12 79872]
S3 zte_cpo;ZTE All Install;C:\windows\System32\drivers\zte_cpo.sys [2012-11-12 14336]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-05 11:19:5525928----a-w-C:\windows\System32\drivers\mbam.sys
2013-10-05 11:19:55--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-04 16:59:329694160----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D781A51-BE75-4C6C-B89B-8C4B5BB84202}\mpengine.dll
2013-10-02 18:09:17--------d-----w-C:\Users\Beata\TMOP2BackUp_Z
2013-09-26 20:05:06--------d-----w-C:\Autosave
2013-09-26 20:04:47--------d-----w-C:\LibFillBmp
2013-09-26 20:02:3453248----a-w-C:\windows\SysWow64\mfc42loc.dll
2013-09-26 20:02:34--------d-----w-C:\Rysunki
2013-09-26 20:02:25151552----a-w-C:\ExpDxf.dll
2013-09-26 20:02:25118784----a-w-C:\impdxf.dll
2013-09-26 20:02:25--------d-----w-C:\LibObj
2013-09-26 20:02:25--------d-----w-C:\LibFillObj
2013-09-26 20:02:25--------d-----w-C:\LibFillLine
2013-09-26 20:02:2490112----a-w-C:\md5gen32.dll
2013-09-26 20:02:24310272----a-w-C:\czytajto.exe
2013-09-26 20:02:241511424----a-w-C:\rysgrid.dll
2013-09-26 20:02:241507328----a-w-C:\Rysunek.exe
2013-09-26 20:02:241331200----a-w-C:\rysgridas.dll
2013-09-26 20:01:2995484----a-w-C:\windows\SysWow64\drivers\KMM4XNT.SYS
2013-09-26 20:01:2924576----a-w-C:\windows\SysWow64\KMM4XNTD.DLL
2013-09-26 20:01:29225280------w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-09-26 20:01:2877824----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-09-26 20:01:2832768------w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-09-26 20:01:28176128------w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-09-26 20:01:26614532----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-09-25 13:50:32--------d-----w-C:\Program Files (x86)\VS Revo Group
2013-09-25 13:04:41--------d-----w-C:\AdwCleaner
2013-09-25 12:27:20--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-25 12:11:12--------d-----w-C:\Users\Beata\AppData\Local\{2DFF2F05-4930-4B76-B480-C6FB3C6B8EB8}
2013-09-21 17:51:57148992----a-w-C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-09-17 16:28:50155584----a-w-C:\windows\System32\drivers\ataport.sys
.
==================== Find3M ====================
.
2013-09-20 17:35:3671048----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 17:35:36692616----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:182241024----a-w-C:\windows\System32\wininet.dll
2013-08-10 05:20:593959296----a-w-C:\windows\System32\jscript9.dll
2013-08-10 05:20:5567072----a-w-C:\windows\System32\iesetup.dll
2013-08-10 05:20:55136704----a-w-C:\windows\System32\iesysprep.dll
2013-08-10 03:59:101767936----a-w-C:\windows\SysWow64\wininet.dll
2013-08-10 03:58:092876928----a-w-C:\windows\SysWow64\jscript9.dll
2013-08-10 03:58:0661440----a-w-C:\windows\SysWow64\iesetup.dll
2013-08-10 03:58:06109056----a-w-C:\windows\SysWow64\iesysprep.dll
2013-08-10 03:17:382706432----a-w-C:\windows\System32\mshtml.tlb
2013-08-10 03:07:502706432----a-w-C:\windows\SysWow64\mshtml.tlb
2013-08-10 02:27:5989600----a-w-C:\windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:1971680----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:433155456----a-w-C:\windows\System32\win32k.sys
2013-08-07 02:22:02278800------w-C:\windows\System32\MpSigStub.exe
2013-08-02 02:23:535550528----a-w-C:\windows\System32\ntoskrnl.exe
2013-08-02 02:15:441732032----a-w-C:\windows\System32\ntdll.dll
2013-08-02 02:15:03362496----a-w-C:\windows\System32\wow64win.dll
2013-08-02 02:15:03243712----a-w-C:\windows\System32\wow64.dll
2013-08-02 02:15:0313312----a-w-C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57215040----a-w-C:\windows\System32\winsrv.dll
2013-08-02 02:14:1116384----a-w-C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34424448----a-w-C:\windows\System32\KernelBase.dll
2013-08-02 01:59:303968960----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:303913664----a-w-C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:231292192----a-w-C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:425120----a-w-C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42274944----a-w-C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17338432----a-w-C:\windows\System32\conhost.exe
2013-08-02 00:59:09112640----a-w-C:\windows\System32\smss.exe
2013-08-02 00:45:3725600----a-w-C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:3614336----a-w-C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:357680----a-w-C:\windows\SysWow64\instnm.exe
2013-08-02 00:45:342048----a-w-C:\windows\SysWow64\user.exe
2013-08-02 00:43:056144---ha-w-C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:054608---ha-w-C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:053584---ha-w-C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:053072---ha-w-C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:541888768----a-w-C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:271620992----a-w-C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:422048----a-w-C:\windows\System32\tzres.dll
2013-07-19 01:41:012048----a-w-C:\windows\SysWow64\tzres.dll
2013-07-09 05:52:52224256----a-w-C:\windows\System32\wintrust.dll
2013-07-09 05:51:161217024----a-w-C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20184320----a-w-C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:201472512----a-w-C:\windows\System32\crypt32.dll
2013-07-09 05:46:20139776----a-w-C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33663552----a-w-C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10175104----a-w-C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31140288----a-w-C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:311166848----a-w-C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31103936----a-w-C:\windows\SysWow64\cryptnet.dll
.
============= FINISH: 13:39:03,51 ===============
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.7.1 _x64_ [Oct 3 2013] od Tigzy
mail : tigzyRK<at>gmail<dot>com
Dodaj opinię : http://www.adlice.com/forum/
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Beata [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 10/06/2013 10:30:35
| ARK || FAK || MBR |

¤¤¤ Szkodliwe procesy : 0 ¤¤¤

¤¤¤ Wpisy w Rejestrze : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 1 ¤¤¤
[V2][SUSP PATH] {A9943D29-A15B-4DC5-9244-F2D27F8EB88A} : C:\Users\Beata\Desktop\POWERPOINT 2003 PL.exe [x] -> ZNALEZIONO

¤¤¤ Wpisy startowe : 0 ¤¤¤

¤¤¤ przeglądarki internetowe : 0 ¤¤¤

¤¤¤ Pliki / Foldery: ¤¤¤

¤¤¤ Sterownik : [NIEZAŁADOWANY 0x0] ¤¤¤

¤¤¤ Gałąź rejestru (offline): ¤¤¤

¤¤¤ Infekcja : ¤¤¤

¤¤¤ Plik HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Sprawdzenie MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardowe stacje dysków) - Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 85bfc8eee6660b009dbea30ede4234cc
[BSP] 5429c277f76b134a5389754f655eb137 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 454364 Mo
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 930744320 | Size: 22475 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Zakończono : << RKreport[0]_S_10062013_103035.txt >>
 
RogueKiller V8.7.1 _x64_ [Oct 3 2013] od Tigzy
mail : tigzyRK<at>gmail<dot>com
Dodaj opinię : http://www.adlice.com/forum/
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Beata [Uprawnienia Administratora]
Tryb : Usuń -- Data : 10/06/2013 10:33:33
| ARK || FAK || MBR |

¤¤¤ Szkodliwe procesy : 0 ¤¤¤

¤¤¤ Wpisy w Rejestrze : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> PODMIENIONO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> PODMIENIONO (0)

¤¤¤ Zaplanowane zadania : 1 ¤¤¤
[V2][SUSP PATH] {A9943D29-A15B-4DC5-9244-F2D27F8EB88A} : C:\Users\Beata\Desktop\POWERPOINT 2003 PL.exe [x] -> USUNIĘTO

¤¤¤ Wpisy startowe : 0 ¤¤¤

¤¤¤ przeglądarki internetowe : 0 ¤¤¤

¤¤¤ Pliki / Foldery: ¤¤¤

¤¤¤ Sterownik : [NIEZAŁADOWANY 0x0] ¤¤¤

¤¤¤ Gałąź rejestru (offline): ¤¤¤

¤¤¤ Infekcja : ¤¤¤

¤¤¤ Plik HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Sprawdzenie MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardowe stacje dysków) - Hitachi HTS545050A7E380 SATA Disk Device +++++
--- User ---
[MBR] 85bfc8eee6660b009dbea30ede4234cc
[BSP] 5429c277f76b134a5389754f655eb137 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 454364 Mo
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 930744320 | Size: 22475 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Zakończono : << RKreport[0]_D_10062013_103333.txt >>
RKreport[0]_S_10062013_103035.txt
 
I've also noticed that the CPU usage is over 50 % almost all the time. I can hear some sounds which sound like a HDD which is constantly doing...something. What is more, it never stops doing those strange clicks(like it's constantly writing/reading ,even when I don't use it). I'm not sure if it's connected to the issue itself ,but I thought it might be important to mention it.
 
Hard drive clicking is not good news.

Run hard drive diagnostics: http://www.bleepingcomputer.com/forums/topic28744.html/page__view__findpost__p__160520
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps here
 
I'll run the diagnostics tomorrow but after listening to the sound samples listed at the website I only expect the worst :/
 
This computer doesn't have a CD/DVD drive so could you tell me how am I supposed do it? Via USB ?
 
It doesn't make sense to continue until we know your hard drive is sound.
I'll keep this topic open for you.
 
Sorry for a delay but I still hadn't sorted things with HDD out. I guess you can close the topic for now and we can reactivate it soon, right?
 
Back