Solved Windows 7 rootkit/malware problem 888 casino popup on Google Chrome

Status
Not open for further replies.

Izdeb

Posts: 6   +0
Hello i recently have this popup problem with google chrome. I have nod32 antyvirus installed and working non stop, i've scanned with Malwarebytes' Anti-Malware in didn't show anything. I've deleted the cookies and still nothing changes. I'm pasting logs from asMBR and combofix below. Pls help.


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 13:14:54
-----------------------------
13:14:54.747 OS Version: Windows x64 6.1.7600
13:14:54.747 Number of processors: 4 586 0x403
13:14:54.748 ComputerName: IZDEB-PC UserName: Izdeb
13:14:57.331 Initialize success
13:15:17.873 AVAST engine defs: 12022801
13:15:23.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:15:23.961 Disk 0 Vendor: ST31000528AS CC38 Size: 953868MB BusType: 3
13:15:23.969 Disk 0 MBR read successfully
13:15:23.971 Disk 0 MBR scan
13:15:23.975 Disk 0 Windows 7 default MBR code
13:15:23.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:15:23.997 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
13:15:24.016 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 400000 MB offset 204800000
13:15:24.039 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 453867 MB offset 1024000000
13:15:24.072 Disk 0 scanning C:\Windows\system32\drivers
13:15:36.281 Service scanning
13:15:55.735 Modules scanning
13:15:55.753 Disk 0 trace - called modules:
13:15:55.778 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046f32c0]<<spmp.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:15:55.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a70060]
13:15:55.800 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800494c9b0]
13:15:55.811 5 ACPI.sys[fffff880011b3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a5c060]
13:15:55.816 \Driver\atapi[0xfffffa8004788e70] -> IRP_MJ_CREATE -> 0xfffffa80046f32c0
13:15:56.645 AVAST engine scan C:\Windows
13:15:59.108 AVAST engine scan C:\Windows\system32
13:20:03.638 AVAST engine scan C:\Windows\system32\drivers
13:20:33.021 AVAST engine scan C:\Users\Izdeb
13:22:39.598 AVAST engine scan C:\ProgramData
13:24:37.522 Scan finished successfully
13:27:48.616 Disk 0 MBR has been saved successfully to "C:\Users\Izdeb\Desktop\MBR.dat"
13:27:48.621 The log file has been saved successfully to "C:\Users\Izdeb\Desktop\aswMBR.txt"



ComboFix 12-02-27.02 - Izdeb 2012-02-28 13:39:27.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.4095.2720 [GMT 1:00]
Uruchomiony z: c:\users\Izdeb\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-01-28 do 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:42 . 2012-02-28 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 08:24 . 2012-02-28 08:24 -------- d-----w- c:\users\Izdeb\AppData\Roaming\Malwarebytes
2012-02-25 18:52 . 2012-02-25 18:52 -------- d-----w- c:\windows\Sun
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-15 20:13 . 2012-02-15 20:13 -------- d-----w- c:\users\Izdeb\AppData\Roaming\U3
2012-02-15 15:14 . 2012-02-19 18:47 -------- d-----w- c:\programdata\EA Logs
2012-02-15 15:08 . 2012-02-15 15:08 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-02-15 15:08 . 2012-02-15 15:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-04 16:09 . 2012-02-04 16:09 -------- d-----w- c:\users\Izdeb\AppData\Roaming\BigHugeEngine
2012-02-03 15:25 . 2012-02-03 15:25 -------- d-----w- c:\windows\system32\appmgmt
2012-02-02 18:32 . 2012-02-02 18:32 -------- d-----w- c:\users\Izdeb\AppData\Local\ESET
2012-02-01 16:59 . 2012-02-01 16:59 -------- d-----w- c:\programdata\LightScribe
2012-02-01 16:59 . 2012-02-01 17:09 -------- d-----w- c:\users\Izdeb\AppData\Roaming\Nero
2012-02-01 16:58 . 2012-02-01 16:58 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-02-01 16:58 . 2012-02-01 16:58 -------- d-----w- c:\program files (x86)\Nero
2012-02-01 16:58 . 2012-02-01 16:58 -------- d-----w- c:\programdata\Nero
2012-01-31 18:51 . 2012-01-31 18:51 -------- d-----w- c:\users\Izdeb\AppData\Roaming\LolClient
2012-01-31 18:37 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-31 18:37 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-31 18:37 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-31 16:55 . 2012-01-31 16:55 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 19:24 . 2011-12-28 19:40 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-27 19:24 . 2011-12-28 18:57 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-27 19:23 . 2011-12-28 18:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-19 16:49 . 2011-12-28 18:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-05 15:24 . 2011-12-29 15:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-29 16:04 . 2011-12-29 16:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-13 20:02 . 2011-12-14 15:37 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-12-13 20:02 . 2011-12-14 15:37 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-13 20:02 . 2011-12-14 15:37 40448 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-13 20:02 . 2011-12-14 15:37 3631104 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-13 20:02 . 2011-12-14 15:37 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-13 20:02 . 2011-12-14 15:37 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-13 20:02 . 2011-12-14 15:37 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-13 20:02 . 2011-12-14 15:37 4246016 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-13 20:02 . 2011-12-14 15:37 3420672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-13 20:02 . 2011-12-14 15:37 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-13 20:02 . 2011-12-14 15:37 5395968 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-13 20:02 . 2011-12-14 15:37 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-13 20:02 . 2011-12-14 15:37 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-13 20:02 . 2011-12-14 15:37 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-13 20:02 . 2011-12-14 15:37 17469952 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-13 20:02 . 2011-12-14 15:37 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-12-13 20:02 . 2011-12-14 15:37 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-12-13 20:02 . 2011-12-14 15:37 22623232 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-13 20:02 . 2011-12-14 15:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-13 20:02 . 2011-12-14 15:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-13 20:02 . 2011-12-14 15:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-13 20:02 . 2011-12-14 15:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-13 20:02 . 2011-12-14 15:37 303616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-13 20:02 . 2011-12-14 15:37 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-13 20:02 . 2011-12-14 15:37 9319424 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-13 20:02 . 2011-12-14 15:37 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-13 20:02 . 2011-12-14 15:37 5080576 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-13 20:02 . 2011-12-14 15:37 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-13 20:02 . 2011-12-14 15:37 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 788480 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-13 20:02 . 2011-12-14 15:37 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-13 20:02 . 2011-12-14 15:37 4304896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-13 20:02 . 2011-12-14 15:37 7467008 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-13 20:02 . 2011-12-14 15:37 671744 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-13 20:02 . 2011-12-14 15:37 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-13 20:02 . 2011-12-14 15:37 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-13 20:02 . 2011-12-14 15:37 6098432 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-13 20:02 . 2011-12-14 15:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-13 20:02 . 2011-12-14 15:37 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-13 20:02 . 2011-12-14 15:37 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-13 20:02 . 2011-12-14 15:37 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 361984 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-13 20:02 . 2011-12-14 15:37 147456 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 118784 ----a-w- c:\windows\system32\atibtmon.exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-22 740216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Spik"="c:\program files (x86)\Spik\Spik.exe" [2011-06-07 109424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 365568]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-12-28 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1 153.13.250.100
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files (x86)\Spik\url_wpmsg.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="0003BE6E4EFB470D"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
"ei2"=hex(b):33,fd,47,8e,0f,39,39,ed
"ei1"=hex(b):20,cf,30,f5,53,cc,00,00
"ei3"=hex(b):da,48,fb,4e,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Czas ukończenia: 2012-02-28 13:47:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-02-28 12:47
.
Przed: 48*501*235*712 bajtów wolnych
Po: 57*781*932*032 bajtów wolnych
.
- - End Of File - - 3DCD4AFE05009654E40AB506AFF3BFC6
 
Looks like you followed someone else' directions!

I'm not sure what this is:
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"........it continues with what appears to be log from Eset scan


But the Eset entry in in Combofix. Please Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
==================================
If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
==================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
    *****************************************************
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
****************************************************
If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
Log from instructions

Ok so i did everything in the instruction. Here are the logs:
P.S. ESET NOD32 4 is my antivirus software.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Wersja bazy: v2012.02.28.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Izdeb :: IZDEB-PC [administrator]

2012-02-28 18:39:45
mbam-log-2012-02-28 (18-39-45).txt

Typ skanowania: Szybkie skanowanie
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 191868
Upłynęło: 3 minut(y), 37 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 0
(Nie znaleziono zagrożeń)

(zakończone)

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-28 20:24:37
Windows 6.1.7600
Running: c83wzzyj.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0xC4 0x7E 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDA 0x84 0x0B 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0x17 0x3E 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0xC4 0x7E 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDA 0x84 0x0B 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0x17 0x3E 0xAF ...

---- EOF - GMER 1.0.15 ----


DDS



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Izdeb at 20:25:19 on 2012-02-28
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.4095.2765 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Spik] C:\Program Files (x86)\Spik\Spik.exe -autostart
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1 153.13.250.100
TCP: Interfaces\{699F4EE6-2420-43BF-A274-6F0EA38FB4EE} : DhcpNameServer = 10.1.1.1 153.13.250.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files (x86)\Spik\url_wpmsg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Spik] C:\Program Files (x86)\Spik\Spik.exe -autostart
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-27 365568]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
.
=============== Created Last 30 ================
.
2012-02-28 17:38:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 17:38:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-28 17:38:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-28 17:24:06 -------- d-s---w- C:\ComboFix
2012-02-28 12:53:02 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-28 08:24:10 -------- d-----w- C:\Users\Izdeb\AppData\Roaming\Malwarebytes
2012-02-22 19:40:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-02-15 15:14:45 -------- d-----w- C:\ProgramData\EA Logs
2012-02-15 15:08:37 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-02-15 15:08:32 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-02-04 16:09:13 -------- d-----w- C:\Users\Izdeb\AppData\Roaming\BigHugeEngine
2012-02-03 15:25:55 -------- d-----w- C:\Windows\System32\appmgmt
2012-02-02 18:32:52 -------- d-----w- C:\Users\Izdeb\AppData\Local\ESET
2012-02-01 16:59:14 -------- d-----w- C:\ProgramData\LightScribe
2012-02-01 16:58:19 -------- d-----w- C:\Program Files (x86)\Nero
2012-02-01 16:58:12 -------- d-----w- C:\ProgramData\Nero
2012-01-31 18:51:52 -------- d-----w- C:\Users\Izdeb\AppData\Roaming\LolClient
2012-01-31 18:37:25 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-01-31 18:37:25 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-01-31 18:37:20 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
.
==================== Find3M ====================
.
2012-02-28 14:24:31 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-28 14:24:31 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-28 14:24:15 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-19 16:49:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-05 15:24:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-29 16:04:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-28 16:39:02 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 20:25:33,51 ===============




ATTACH.txt




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-12-14 17:31:22
System Uptime: 2012-02-28 15:06:25 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 2080/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 57,101 GiB free.
D: is FIXED (NTFS) - 391 GiB total, 53,417 GiB free.
E: is FIXED (NTFS) - 443 GiB total, 302,989 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\C9000000684CE00000
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\C9000000684CE00000
Service: RTL8167
.
==== System Restore Points ===================
.
RP37: 2012-02-28 18:24:19 - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AMD VISION Engine Control Center
µTorrent
Battlefield 3™
Battlelog Web Plugins
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ESN Sonar
Google Chrome
GPU Boost Driver
HD Tune Pro 5.00
HydraVision
Java Auto Updater
Java(TM) 6 Update 30
Kingdoms of Amalur Reckoning
League of Legends
Malwarebytes Anti-Malware wersja 1.60.1.1000
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NapiProjekt 1.0.6.9
NEC DISPLAY SOLUTIONS: Desktop Monitor Installer
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
NVIDIA PhysX
Origin
PunkBuster Services
Razer DeathAdder(TM) Mouse
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Skype™ 5.5
Spik
TeamSpeak 3 Client
VLC media player 1.1.11
Winamp
.
==== End Of File ===========================
 
Sorry for delay- some email feedback for replies didn't get through. I thought I had found them all.

Can you tell me what this is> Spik.
There is another language on the system and I can't identify it.

Malwarebytes was run entirely in a language. Fortunately I see 0 for malware entry sections so it's okay even though I can't read it. But please make the scans in English
===================================
We need to stop Daemon Tools:
To disable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Double-click on the DeFogger icon to start the tool.
  3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
  4. . At prompt to continue> click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
---------------------------
The following can be done when we're finished:
To enable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Once downloaded, double-click on the DeFogger icon to start the tool.
  3. . The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. . When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. . If CD Emulation programs are present and have been enabled,

DeFogger will now ask you to reboot the machine. Please allow it to do so
by clicking on the OK button.
=======================================

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
====================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Follow with Eset scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=================================
Please leave logs for Combofix, CK Scan and Eset scn in your next reply.
 
Hello, sory for the polish language logs. The combofix doesn't have a choose language option but You can google translate the parts you want or ask me to explain.

SPIK is my polish communicator, had it for meny years no problems.

So the first log from combofix:


ComboFix 12-03-02.01 - Izdeb 2012-03-03 12:44:51.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1033.18.4095.2918 [GMT 1:00]
Uruchomiony z: c:\users\Izdeb\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-03 do 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 11:48 . 2012-03-03 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 17:38 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 08:24 . 2012-02-28 08:24 -------- d-----w- c:\users\Izdeb\AppData\Roaming\Malwarebytes
2012-02-25 18:52 . 2012-02-25 18:52 -------- d-----w- c:\windows\Sun
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-15 20:13 . 2012-02-15 20:13 -------- d-----w- c:\users\Izdeb\AppData\Roaming\U3
2012-02-15 15:14 . 2012-02-19 18:47 -------- d-----w- c:\programdata\EA Logs
2012-02-15 15:08 . 2012-02-15 15:08 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-02-15 15:08 . 2012-02-15 15:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-04 16:09 . 2012-02-04 16:09 -------- d-----w- c:\users\Izdeb\AppData\Roaming\BigHugeEngine
2012-02-03 15:25 . 2012-02-03 15:25 -------- d-----w- c:\windows\system32\appmgmt
2012-02-02 18:32 . 2012-02-02 18:32 -------- d-----w- c:\users\Izdeb\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 20:53 . 2011-12-28 19:40 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-01 20:53 . 2011-12-28 18:57 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-01 20:52 . 2011-12-28 18:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-19 16:49 . 2011-12-28 18:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-05 15:24 . 2011-12-29 15:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-29 16:04 . 2011-12-29 16:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-28 16:49 . 2011-12-28 16:49 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-13 20:02 . 2011-12-14 15:37 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-12-13 20:02 . 2011-12-14 15:37 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-13 20:02 . 2011-12-14 15:37 40448 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-13 20:02 . 2011-12-14 15:37 3631104 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-13 20:02 . 2011-12-14 15:37 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-13 20:02 . 2011-12-14 15:37 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-13 20:02 . 2011-12-14 15:37 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-13 20:02 . 2011-12-14 15:37 4246016 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-13 20:02 . 2011-12-14 15:37 3420672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-13 20:02 . 2011-12-14 15:37 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-13 20:02 . 2011-12-14 15:37 5395968 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-13 20:02 . 2011-12-14 15:37 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-13 20:02 . 2011-12-14 15:37 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-13 20:02 . 2011-12-14 15:37 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-13 20:02 . 2011-12-14 15:37 17469952 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-13 20:02 . 2011-12-14 15:37 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-12-13 20:02 . 2011-12-14 15:37 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-12-13 20:02 . 2011-12-14 15:37 22623232 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-13 20:02 . 2011-12-14 15:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-13 20:02 . 2011-12-14 15:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-13 20:02 . 2011-12-14 15:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-13 20:02 . 2011-12-14 15:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-13 20:02 . 2011-12-14 15:37 303616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-13 20:02 . 2011-12-14 15:37 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-13 20:02 . 2011-12-14 15:37 9319424 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-13 20:02 . 2011-12-14 15:37 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-13 20:02 . 2011-12-14 15:37 5080576 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-13 20:02 . 2011-12-14 15:37 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-13 20:02 . 2011-12-14 15:37 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 788480 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-13 20:02 . 2011-12-14 15:37 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-13 20:02 . 2011-12-14 15:37 4304896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-13 20:02 . 2011-12-14 15:37 7467008 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-13 20:02 . 2011-12-14 15:37 671744 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-13 20:02 . 2011-12-14 15:37 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-13 20:02 . 2011-12-14 15:37 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-13 20:02 . 2011-12-14 15:37 6098432 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-13 20:02 . 2011-12-14 15:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-13 20:02 . 2011-12-14 15:37 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-13 20:02 . 2011-12-14 15:37 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-13 20:02 . 2011-12-14 15:37 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 361984 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-13 20:02 . 2011-12-14 15:37 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-13 20:02 . 2011-12-14 15:37 147456 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-13 20:02 . 2011-12-14 15:37 118784 ----a-w- c:\windows\system32\atibtmon.exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-22 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Spik"="c:\program files (x86)\Spik\Spik.exe" [2011-06-07 109424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 365568]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-12-28 2918656]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1 153.13.250.100
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files (x86)\Spik\url_wpmsg.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="0003BE6E4EFB470D"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
"ei2"=hex(b):33,fd,47,8e,0f,39,39,ed
"ei1"=hex(b):20,cf,30,f5,53,cc,00,00
"ei3"=hex(b):da,48,fb,4e,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-03 12:52:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-03-03 11:52
.
Przed: 60*313*587*712 bajtów wolnych
Po: 60*163*665*920 bajtów wolnych
.
- - End Of File - - D78D549E13C53FBE55EAF80505EABA81

=================================================================

CK:


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.DWAPUX
----- EOF -----


===============================

The eset scan didn't show any threats.


I'm using google chrome with some extentions maybe one of them is causing this??...
Again to show exactly whats is happening:
Some times when i click new page or link a new google chrome window appears with this addres " Edit: HijackSite URL deleted by Bobbye

List of extentions:

AdBlock2.5.20

Adblock Plus (Beta)1.2

Auto HD For YouTube2.0

P.S. i have two adlockers because one of them didn't block youtube ads.
 
Unfortunately, there is no information from Chrome in these logs. Is this redirect or browser hijack to with the site the only problem you're having now? (BTW- Please don't leave any questionable site URL as a hyperlink. Either just leave the domain name or chenge the http to hxxp- this will stop other from clicking on the site and possibly loading it)

It is possible that if you ever visited this site and don't have 3rd party Cookies blocked, that it is causing the site to reload
===============================
1. You need to block a Domain.
For Internet Explorer: Control Panel (or Tools) > Internet Options> Security tab> Trusted Sites> Sites> highlight and block the following:
media.888.com
*.888.com
888.*


Fox Firefox and Chrome: Please see the information to block Domains>
http://userscripts.org/scripts/show/95205
====================================
2. You will need to delete the temporary internet files and Cookies
=====================================
3. You should Reset Cookies
For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)

Suggest Add Easy List . It is an additional filter block for ADP.

I have both AdBlockPlus and Easy List on my Firefox, You should be able to add Easy List to Chrome.
------------------------
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: forFirefox v33.5, after Privacy click on 'use custom settings for History.')
=======================================
4. Find and remove Tracking Cookies
  • Please downloadSuperAntiSpyware from HERE
  • LaunchSuperAntiSpywaree and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain theSuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
 
Sory for the web adress. Yes this popup page is the only problem i have, very strange the popup pops once a day maybe twice. I know it's not a major problem but still...

This script to block domains didnt work with chrome, so i found a domain blocker in the chrome://settings/content popups and blocked 888.com and media.888.com. Couldn't use the *888.com it didn't recognized it.
It still doesn't block the popup:(.

Also deleted the cookies and temp again. Blocked third party cookies as you told me.

Scaned with superantispyware, log below:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/10/2012 at 11:52 AM

Application Version : 5.0.1146

Core Rules Database Version : 8324
Trace Rules Database Version: 6136

Scan type : Complete Scan
Total Scan Time : 00:41:21

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 733
Memory threats detected : 0
Registry items scanned : 65630
Registry threats detected : 0
File items scanned : 72652
File threats detected : 117

Adware.Tracking Cookie
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\2R22VPMY.txt [ /zanox.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\COYQG14V.txt [ /tradedoubler.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\GAC6J30O.txt [ /tracking.novem.pl ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\V34FWMNF.txt [ /atdmt.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\IUA89USZ.txt [ /ads.idg.pl ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\PQPCEWY2.txt [ /c.atdmt.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\5SLOHK50.txt [ /doubleclick.net ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\VIPDPEF5.txt [ /media6degrees.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\CAEKGU7P.txt [ /adxpose.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\6I0AMNLV.txt [ /advertising.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\2MZSCIJ5.txt [ /at.atwola.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\D215FHE0.txt [ /serving-sys.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\6TNUD427.txt [ /tacoda.at.atwola.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\UF7OO2WN.txt [ /ar.atwola.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\P5IPPO1F.txt [ /ad.zanox.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\WHHBR063.txt [ /invitemedia.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\3MQSJ0UO.txt [ /revsci.net ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\OT52GJ2D.txt [ /ad.yieldmanager.com ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\EM4EXQSO.txt [ /yieldmanager.net ]
C:\Users\Izdeb\AppData\Roaming\Microsoft\Windows\Cookies\FXHB7E2P.txt [ /atwola.com ]
C:\USERS\IZDEB\AppData\Roaming\Microsoft\Windows\Cookies\C3QQYL0W.txt [ Cookie:izdeb@adsonar.com/adserving ]
C:\USERS\IZDEB\Cookies\2R22VPMY.txt [ Cookie:izdeb@zanox.com/ ]
C:\USERS\IZDEB\Cookies\COYQG14V.txt [ Cookie:izdeb@tradedoubler.com/ ]
C:\USERS\IZDEB\Cookies\GAC6J30O.txt [ Cookie:izdeb@tracking.novem.pl/ ]
C:\USERS\IZDEB\Cookies\V34FWMNF.txt [ Cookie:izdeb@atdmt.com/ ]
C:\USERS\IZDEB\Cookies\5SLOHK50.txt [ Cookie:izdeb@doubleclick.net/ ]
C:\USERS\IZDEB\Cookies\C3QQYL0W.txt [ Cookie:izdeb@adsonar.com/adserving ]
C:\USERS\IZDEB\Cookies\VIPDPEF5.txt [ Cookie:izdeb@media6degrees.com/ ]
C:\USERS\IZDEB\Cookies\CAEKGU7P.txt [ Cookie:izdeb@adxpose.com/ ]
C:\USERS\IZDEB\Cookies\6I0AMNLV.txt [ Cookie:izdeb@advertising.com/ ]
C:\USERS\IZDEB\Cookies\2MZSCIJ5.txt [ Cookie:izdeb@at.atwola.com/ ]
C:\USERS\IZDEB\Cookies\D215FHE0.txt [ Cookie:izdeb@serving-sys.com/ ]
C:\USERS\IZDEB\Cookies\UF7OO2WN.txt [ Cookie:izdeb@ar.atwola.com/ ]
C:\USERS\IZDEB\Cookies\WHHBR063.txt [ Cookie:izdeb@invitemedia.com/ ]
C:\USERS\IZDEB\Cookies\3MQSJ0UO.txt [ Cookie:izdeb@revsci.net/ ]
C:\USERS\IZDEB\Cookies\OT52GJ2D.txt [ Cookie:izdeb@ad.yieldmanager.com/ ]
C:\USERS\IZDEB\Cookies\EM4EXQSO.txt [ Cookie:izdeb@yieldmanager.net/ ]
C:\USERS\IZDEB\Cookies\FXHB7E2P.txt [ Cookie:izdeb@atwola.com/ ]
fr.sitestat.com [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
fr.sitestat.com [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
.imrworldwide.com [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
.imrworldwide.com [ C:\USERS\IZDEB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\COOKIES ]
ia.media-imdb.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HQE2M382 ]
secure-us.imrworldwide.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HQE2M382 ]
statse.webtrendslive.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXA62RWG.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
banners.moreniche.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
counter.top.ge [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
counter.top.ge [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
counter.top.ge [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
counter.top.ge [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.neccorp.112.2o7.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
tracking.metalyzer.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
tracking.novem.pl [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
tracking.novem.pl [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
aleseriale.pl [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
.aleseriale.pl [ C:\USERS\IZDEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOZ68A2K.DEFAULT\COOKIES.SQLITE ]
secure-us.imrworldwide.com [ C:\WINDOWS.OLD\USERS\IZDEB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K6ER9HF8 ]
C:\WINDOWS.OLD\USERS\IZDEB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\IZDEB@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

Trojan.Agent/Gen-Autorun[Swisyn]
D:\KOMP\IMPPAN\KONFERENCJE\PRAGA 2002\KATALIZATOR\CON123-2.EXE

Trojan.Agent/Gen-Frauder
E:\GRY\KINGDOMS OF AMALUR RECKONING\LAUNCHER.EXE

==========================================================


The Trojans are false positive as far as I know.
Oh and theese cookies from mozilla are because i was using firefox before chrome. Now only using chrome.
And still having popups :(

I'm thinking of formating... But will it even help?
 
No, I don't think they are False Positives:

Trojan.Agent/Gen-Autorun[Swisyn]>>> keygen
D:\KOMP\IMPPAN\KONFERENCJE\PRAGA 2002\KATALIZATOR\CON123-2.EXE
D: \ COMP \ IMP PAN \ Conferences \ PRAGUE 2002 \ CATALYST \ CON123-2.exe> Eng.

Trojan.Agent/Gen-Frauder
E:\GRY\KINGDOMS OF AMALUR RECKONING\LAUNCHER.EXE

There is a concern that these Trojans are on Drive D and Drive E. What are those drives?

Please run the following again:
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Why did you think an occasional popup like this was a rootkit? You have been on some sites that brought Warnings as having poor reputations per my Site Advisor. The best was to remove the source is to delete all of the temporary internet files and Cookies.

Additionally, you should use a Use a Site Advisor/WOT.

You should also use a Popup Blocker. If Chrome has one, please be sure it's activated.
There is also a popup blocker in the Google Toolbar, but they are removing it in the near future.
 
D and E drives are partitions of my hdd for movies and games, C drive has the windows 7 on it. 100Gb so its easy to format when needed. Just a habit from the old days i think.

The trojan on D drive i've never clicked on i'm sure. And its deleted now.
The trojan on E drive is a crack for a game, they usually are false positives (i download from reliable source). Anyway deleted also.

Log from ckskanner

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.UNCPVT
----- EOF -----


I deleted the cookies and temp many times now as i was saying in previous posts.
I activated the popup blocker in chrome but it doesnt work. I have never had any problems with popups and i always use the internet responsibly and very coucious. As i'm using for 20 years now. And manage to resolve every problem i had since. So that's why i'm posting here. I don't know if this is a rootkit but what i read from other threads that is usually the case.

Ofcourse there is a possibility that the this popups are only triggered by opening thepiratebay.se site. But this is just come to my mind i have to check it, because the popups are rare. And i have the site in my tabs open all the time.
 
The trojan on E drive is a crack for a game, they usually are false positives (i download from reliable source). Anyway deleted also.

To clarify:A crack or a keygen is not a False Positive. It means you pirated the program. If you mean a FP in terms of a virus or Trojan, the in that context it isn't. However, we don't support piracy.

If you are frequenting the piratebay site for the purpose of pirating, leaving it on the tab open always, then expect to get malware- and no support.
 
As it seems, this popup only comes from thepiratebay site. Sory for all the trouble. I just wont go there anymore.
Thanks for all the help. I think i'm safe now. I need to find a better popup blocker, or switch browsers in the future.
 
Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Status
Not open for further replies.
Back