Jump to content

Asana

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by Asana

  1. Thank you for your great help, you really made my day!

  2. Hello once again, and thanks for your help, I've done everything just like you said and it seems that the virus are gone. Thanks a lot
  3. Here's the adwCleaner log: # AdwCleaner v2.306 - Logfile created 07/30/2013 at 21:21:35# Updated 19/07/2013 by Xplode# Operating system : Windows 8 Pro (64 bits)# User : Luís - LUIS-PC# Boot Mode : Normal# Running from : C:\Users\Luís\Downloads\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIPKey Deleted : HKLM\Software\PIP ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\Luís\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [825 octets] - [30/07/2013 20:51:06]AdwCleaner[R2].txt - [884 octets] - [30/07/2013 21:21:26]AdwCleaner[s1].txt - [820 octets] - [30/07/2013 21:21:35] ########## EOF - C:\AdwCleaner[s1].txt - [879 octets] ########## And here's the Security Check log: Results of screen317's Security Check version 0.99.71 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Visual Studio Extensions for Windows Library for JavaScript Java version out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  4. Thanks for your quick answer once again. Below is the log provided by adwcleaner. Best Regards,Asana # AdwCleaner v2.306 - Logfile created 07/30/2013 at 20:51:06# Updated 19/07/2013 by Xplode# Operating system : Windows 8 Pro (64 bits)# User : Luís - LUIS-PC# Boot Mode : Normal# Running from : C:\Users\Luís\Downloads\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\APN PIPKey Found : HKLM\Software\PIP ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\Luís\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [698 octets] - [30/07/2013 20:51:06] ########## EOF - C:\AdwCleaner[R1].txt - [757 octets] ##########
  5. I've done as you said, fixed the hosts and then run antiRootkit, but in the latest, it said I didn't need any cleanup since nothing abnormal was found. I still didn't see any other popup since I fixed the hosts, should I do anything else? Regards, Asana
  6. Hello, thanks for your quick answer, here's the report from roguekiller: RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Luís [Admin rights]Mode : Scan -- Date : 07/30/2013 18:52:54| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost212.59.16.245 www.google-analytics.com.212.59.16.245 connect.facebook.net.212.59.16.245 platform.twitter.com.93.115.241.27 www.google-analytics.com.93.115.241.27 connect.facebook.net.93.115.241.27 platform.twitter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] c364d1579c369da891318e7cb153a0e5[bSP] 54e0c2bf37e4694b739b3447d7e00610 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 455802 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 933892096 | Size: 20834 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07302013_185254.txt >>
  7. Hi everyone, I'm here to solve (try at least) a problem in my laptop. I installed kmplayer yesterday, but today when I tried to access almost any website my screen was full of advertisement, so I started trying to solve it. Windows defender didn't find anything, so I downloaded your product, malwarebytes (trial version). I ran a quick and full scan, and several were found, and after deleting them, all the advertisement was gone, but I had 2 problems remaining. 2 ip's were continuously blocked from being accessed: 111.111.111.111 and 93.115.241.17 After searching a little on the web, I discovered that the first ip could be due to the installation of kmplayer, which also installs pandora.tv. After uninstalling pandora.tv, I got rid of the first popup, but the 2nd is still popping up sometimes. I read the pinned topics, and it was asked to paste here the result of the DDS text files, so I downloaded and ran it. Can anyone help me? Attach.txt : .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume1Install Date: 28/06/2013 14:33:55System Uptime: 30/07/2013 14:50:01 (3 hours ago).Motherboard: Hewlett-Packard | | 183EProcessor: Intel® Core i7-3612QM CPU @ 2.10GHz | U3E1 | 2101/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 445 GiB total, 384,428 GiB free.D: is FIXED (NTFS) - 20 GiB total, 2,122 GiB free.E: is FIXED (FAT32) - 0 GiB total, 0,08 GiB free.F: is CDROM ()I: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_04F2&PID_B2F4&MI_00\7&304CA500&0&0000Manufacturer: MicrosoftName: HP Webcam-50PNP Device ID: USB\VID_04F2&PID_B2F4&MI_00\7&304CA500&0&0000Service: usbvideo.==== System Restore Points ===================.RP4: 15/07/2013 13:09:21 - Windows UpdateRP5: 24/07/2013 22:36:28 - Scheduled Checkpoint.==== Hosts File Hijack ======================.Hosts: 212.59.16.245 www.google-analytics.com.Hosts: 212.59.16.245 connect.facebook.net.Hosts: 212.59.16.245 platform.twitter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 connect.facebook.net.Hosts: 93.115.241.27 platform.twitter.com..==== Installed Programs ======================. Tools for .Net 3.5AMD APP SDK RuntimeAMD Catalyst Install ManagerCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Profiles Mobileccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishDAEMON Tools LiteDefinition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDotfuscator and Analytics Community EditionDropboxEntity Framework Designer for Visual Studio 2012 - enuGibbo 2DGoogle ChromeGoogle Update HelperHP 3D DriveGuardHP CoolSenseHP Wireless Button DriverIDT AudioIIS 8.0 ExpressIIS Express Application Compatibility Database for x64IIS Express Application Compatibility Database for x86Intel® Control CenterIntel® Display Audio DriverIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Trusted Connect Service ClientKanguruLeague of LegendsLocalESPCLocalESPCui for en-usMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft ASP.NET MVC 3Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools UpdateMicrosoft ASP.NET MVC 4 - Visual Studio 2012 ToolsMicrosoft ASP.NET MVC 4 RuntimeMicrosoft ASP.NET Web PagesMicrosoft ASP.NET Web Pages - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 RuntimeMicrosoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Expression Blend 3 SDKMicrosoft Expression Blend 4Microsoft Expression Blend SDK for .NET 4Microsoft Expression Blend SDK for Silverlight 4Microsoft Expression Encoder 4 Screen Capture CodecMicrosoft Expression Studio 4Microsoft Groove MUI (English) 2013Microsoft Help Viewer 2.0Microsoft InfoPath MUI (English) 2013Microsoft LightSwitch for Visual Studio 2012 CoreMicrosoft LightSwitch for Visual Studio 2012 CoreRes - ENUMicrosoft Lync MUI (English) 2013Microsoft NuGet - Visual Studio 2012Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft Portable Library Multi-Targeting PackMicrosoft Portable Library Multi-Targeting Pack Language Pack - enuMicrosoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Report Viewer Add-On for Visual Studio 2012Microsoft SilverlightMicrosoft Silverlight 3 SDKMicrosoft Silverlight 4 SDKMicrosoft Silverlight 5 SDKMicrosoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (11.1.20627.00)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727Microsoft Visual C++ 2012 CompilersMicrosoft Visual C++ 2012 Compilers - ENU ResourcesMicrosoft Visual C++ 2012 Core LibrariesMicrosoft Visual C++ 2012 Extended LibrariesMicrosoft Visual C++ 2012 Microsoft Foundation Class LibrariesMicrosoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2012 DevenvMicrosoft Visual Studio 2012 Devenv ResourcesMicrosoft Visual Studio 2012 Performance Collection ToolsMicrosoft Visual Studio 2012 Performance Collection Tools - ENUMicrosoft Visual Studio 2012 PreparationMicrosoft Visual Studio 2012 SharePoint Developer ToolsMicrosoft Visual Studio 2012 SharePoint Developer Tools ENU Language PackMicrosoft Visual Studio 2012 Shell (Minimum)Microsoft Visual Studio 2012 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio 2012 Shell (Minimum) ResourcesMicrosoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENUMicrosoft Visual Studio Professional 2012Microsoft Visual Studio Professional 2012 - ENUMicrosoft Visual Studio Team Foundation Server 2012 Object ModelMicrosoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 Team ExplorerMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENUMicrosoft Visual Studio Ultimate 2012 XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2012 XAML UI Designer enu ResourcesMicrosoft Web Deploy 3.0Microsoft Web Deploy dbSqlPackage Provider - enuMicrosoft Web Developer Tools - Visual Studio 2012Microsoft Web Platform Installer 4.0Microsoft Word MUI (English) 2013MonoGameOpenALOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPreEmptive Analytics Visual Studio ComponentsPrerequisites for SSDT PX Profile UpdateRalink RT5390R 802.11b/g/n Wi-Fi AdapterRealtek Ethernet Controller DriverRealtek PCIE Card ReaderSecurity Update for Microsoft Lync 2013 (KB2817465) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2817491) 64-Bit EditionSoftPaqSynaptics Pointing Device DriverTeamSpeak 3 ClientTeamViewer 8The KMPlayer (remove only)Update for (KB2504637)Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817482) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817489) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817492) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2817468) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817469) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Visual Studio 2012 (KB2781514)Update for Microsoft Word 2013 (KB2767863) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2810086) 64-Bit EditionVisual Studio 2012 PrerequisitesVisual Studio 2012 Prerequisites - ENU Language PackVisual Studio Extensions for Windows Library for JavaScriptWCF Data Services 5.0 (for OData v3) Primary ComponentsWCF Data Services Tools for Microsoft Visual Studio 2012WCF RIA Services V1.0 SP2Windows App Certification Kit Native ComponentsWindows App Certification Kit x64Windows Runtime Intellisense Content - en-usWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store AppsWindows Software Development Kit for Windows Store Apps DirectX x64 RemoteWindows Software Development Kit for Windows Store Apps DirectX x86 RemoteWinRAR 4.20 (32-bit)WPF Toolkit February 2010 (Version 3.5.50211.1).==== Event Viewer Messages From Past Week ========.29/07/2013 18:34:53, Error: Service Control Manager [7030] - The PandoraService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.28/07/2013 15:08:15, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service..==== End Of File =========================== dds.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by Luís at 17:56:25 on 2013-07-30Microsoft Windows 8 Pro 6.2.9200.0.1252.351.1033.18.6042.4249 [GMT 1:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkc:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhostex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\wwahost.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Luís\Downloads\dds.comC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyStartupFolder: C:\Users\LUS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXEIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.2.1TCP: Interfaces\{3B7EDC88-C28E-49DD-870D-F9042F9C5F84} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{3B7EDC88-C28E-49DD-870D-F9042F9C5F84}\358414B4542523 : DHCPNameServer = 192.168.1.254 8.8.8.8TCP: Interfaces\{BD6940B3-5449-42DA-9D74-ABEF8F8290E4} : DHCPNameServer = 192.168.1.254Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>Hosts: 212.59.16.245 www.google-analytics.com.Hosts: 212.59.16.245 connect.facebook.net.Hosts: 212.59.16.245 platform.twitter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 connect.facebook.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-6-28 283200]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-4 239616]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-28 14904]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-6-28 2451456]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-28 128896]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-28 165760]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-30 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-30 701512]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-28 4150112]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-28 364416]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-9-4 9004384]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-7-30 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-6-28 690832]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-24 43832]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-6-28 269968]S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2013-07-30 16:56:26 -------- d-----w- C:\Users\LuÝs\AppData\Local\Microsoft2013-07-30 16:27:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{182192DF-5027-469D-AE4D-74CD0B1727EB}\mpengine.dll2013-07-30 12:56:21 9460976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-07-30 12:35:55 -------- d-----w- C:\Users\Luís\AppData\Roaming\Malwarebytes2013-07-30 12:35:34 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-30 12:35:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-30 12:35:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-29 17:34:23 -------- d-----w- C:\Program Files (x86)\The KMPlayer2013-07-28 16:55:18 466456 ----a-w- C:\Windows\System32\wrap_oal.dll2013-07-28 16:55:18 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2013-07-28 16:55:18 122904 ----a-w- C:\Windows\System32\OpenAL32.dll2013-07-28 16:55:18 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2013-07-28 16:55:18 -------- d-----w- C:\Program Files (x86)\OpenAL2013-07-27 10:57:16 -------- d-----w- C:\Windows\System32\MRT2013-07-27 09:54:50 289968 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10211.bin2013-07-26 16:52:17 -------- d-----w- C:\Users\Luís\AppData\Roaming\TS3Client2013-07-25 19:55:10 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client2013-07-16 22:25:01 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-07-10 12:34:53 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-10 12:34:52 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 12:34:52 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 12:34:52 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 12:34:51 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 12:34:50 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-10 12:34:49 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-10 12:34:05 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 12:33:31 595968 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 12:33:31 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 12:33:30 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-07-10 12:33:30 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-07-03 21:07:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-07-01 19:52:59 9728 ----a-w- C:\Windows\SysWow64\wlanhlp.dll2013-07-01 19:51:59 793200 ----a-w- C:\Windows\System32\mfplat.dll2013-07-01 19:50:56 2367528 ----a-w- C:\Windows\System32\WSService.dll2013-07-01 19:49:59 509952 ----a-w- C:\Windows\SysWow64\twinapi.dll2013-07-01 13:17:24 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-01 13:17:24 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-01 13:14:16 -------- d-----r- C:\Windows\BrowserChoice.==================== Find3M ====================.2013-06-28 15:40:38 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-06-28 13:56:25 0 ----a-w- C:\Windows\ativpsrm.bin2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll2013-05-04 06:59:21 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-05-04 04:57:58 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll.============= FINISH: 17:57:09,85 ===============
  8. Hey there, I installed kmplayer yesterday, but today when i opened almost every site on the internet, i had lot of advertisement all over the screen. Since windows defender didn't find anything when I ran a scan, I downloaded malwarebytes (trial version - I got the pro one for now I guess) and it immediately started blocking access to sites, etc. After running a quick and also a full scan, I got rid of the advertisement, but I still had popups, from malwarebytes, about blocking access to some ip's: 111.111.111.111 93.115.241.17 After searching a little bit, there was a thread saying that the first one was because of pandora service (installed along with kmplayer) I got rid of that popup by uninstalling pandora.tv but I keep being popped up by the 2nd ip, even though I can't find any more virus. I downloaded DDS and ran it. Can anyone help me? Below are the results I got from running DDS: Attach.txt : .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume1Install Date: 28/06/2013 14:33:55System Uptime: 30/07/2013 14:50:01 (3 hours ago).Motherboard: Hewlett-Packard | | 183EProcessor: Intel® Core i7-3612QM CPU @ 2.10GHz | U3E1 | 2101/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 445 GiB total, 384,428 GiB free.D: is FIXED (NTFS) - 20 GiB total, 2,122 GiB free.E: is FIXED (FAT32) - 0 GiB total, 0,08 GiB free.F: is CDROM ()I: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_04F2&PID_B2F4&MI_00\7&304CA500&0&0000Manufacturer: MicrosoftName: HP Webcam-50PNP Device ID: USB\VID_04F2&PID_B2F4&MI_00\7&304CA500&0&0000Service: usbvideo.==== System Restore Points ===================.RP4: 15/07/2013 13:09:21 - Windows UpdateRP5: 24/07/2013 22:36:28 - Scheduled Checkpoint.==== Hosts File Hijack ======================.Hosts: 212.59.16.245 www.google-analytics.com.Hosts: 212.59.16.245 connect.facebook.net.Hosts: 212.59.16.245 platform.twitter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 connect.facebook.net.Hosts: 93.115.241.27 platform.twitter.com..==== Installed Programs ======================. Tools for .Net 3.5AMD APP SDK RuntimeAMD Catalyst Install ManagerCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Profiles Mobileccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishDAEMON Tools LiteDefinition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDotfuscator and Analytics Community EditionDropboxEntity Framework Designer for Visual Studio 2012 - enuGibbo 2DGoogle ChromeGoogle Update HelperHP 3D DriveGuardHP CoolSenseHP Wireless Button DriverIDT AudioIIS 8.0 ExpressIIS Express Application Compatibility Database for x64IIS Express Application Compatibility Database for x86Intel® Control CenterIntel® Display Audio DriverIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Trusted Connect Service ClientKanguruLeague of LegendsLocalESPCLocalESPCui for en-usMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft ASP.NET MVC 3Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools UpdateMicrosoft ASP.NET MVC 4 - Visual Studio 2012 ToolsMicrosoft ASP.NET MVC 4 RuntimeMicrosoft ASP.NET Web PagesMicrosoft ASP.NET Web Pages - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 RuntimeMicrosoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Expression Blend 3 SDKMicrosoft Expression Blend 4Microsoft Expression Blend SDK for .NET 4Microsoft Expression Blend SDK for Silverlight 4Microsoft Expression Encoder 4 Screen Capture CodecMicrosoft Expression Studio 4Microsoft Groove MUI (English) 2013Microsoft Help Viewer 2.0Microsoft InfoPath MUI (English) 2013Microsoft LightSwitch for Visual Studio 2012 CoreMicrosoft LightSwitch for Visual Studio 2012 CoreRes - ENUMicrosoft Lync MUI (English) 2013Microsoft NuGet - Visual Studio 2012Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft Portable Library Multi-Targeting PackMicrosoft Portable Library Multi-Targeting Pack Language Pack - enuMicrosoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Report Viewer Add-On for Visual Studio 2012Microsoft SilverlightMicrosoft Silverlight 3 SDKMicrosoft Silverlight 4 SDKMicrosoft Silverlight 5 SDKMicrosoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (11.1.20627.00)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727Microsoft Visual C++ 2012 CompilersMicrosoft Visual C++ 2012 Compilers - ENU ResourcesMicrosoft Visual C++ 2012 Core LibrariesMicrosoft Visual C++ 2012 Extended LibrariesMicrosoft Visual C++ 2012 Microsoft Foundation Class LibrariesMicrosoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2012 DevenvMicrosoft Visual Studio 2012 Devenv ResourcesMicrosoft Visual Studio 2012 Performance Collection ToolsMicrosoft Visual Studio 2012 Performance Collection Tools - ENUMicrosoft Visual Studio 2012 PreparationMicrosoft Visual Studio 2012 SharePoint Developer ToolsMicrosoft Visual Studio 2012 SharePoint Developer Tools ENU Language PackMicrosoft Visual Studio 2012 Shell (Minimum)Microsoft Visual Studio 2012 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio 2012 Shell (Minimum) ResourcesMicrosoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENUMicrosoft Visual Studio Professional 2012Microsoft Visual Studio Professional 2012 - ENUMicrosoft Visual Studio Team Foundation Server 2012 Object ModelMicrosoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 Team ExplorerMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENUMicrosoft Visual Studio Ultimate 2012 XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2012 XAML UI Designer enu ResourcesMicrosoft Web Deploy 3.0Microsoft Web Deploy dbSqlPackage Provider - enuMicrosoft Web Developer Tools - Visual Studio 2012Microsoft Web Platform Installer 4.0Microsoft Word MUI (English) 2013MonoGameOpenALOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPreEmptive Analytics Visual Studio ComponentsPrerequisites for SSDT PX Profile UpdateRalink RT5390R 802.11b/g/n Wi-Fi AdapterRealtek Ethernet Controller DriverRealtek PCIE Card ReaderSecurity Update for Microsoft Lync 2013 (KB2817465) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2817491) 64-Bit EditionSoftPaqSynaptics Pointing Device DriverTeamSpeak 3 ClientTeamViewer 8The KMPlayer (remove only)Update for (KB2504637)Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817482) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817489) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817492) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2817468) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817469) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Visual Studio 2012 (KB2781514)Update for Microsoft Word 2013 (KB2767863) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2810086) 64-Bit EditionVisual Studio 2012 PrerequisitesVisual Studio 2012 Prerequisites - ENU Language PackVisual Studio Extensions for Windows Library for JavaScriptWCF Data Services 5.0 (for OData v3) Primary ComponentsWCF Data Services Tools for Microsoft Visual Studio 2012WCF RIA Services V1.0 SP2Windows App Certification Kit Native ComponentsWindows App Certification Kit x64Windows Runtime Intellisense Content - en-usWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store AppsWindows Software Development Kit for Windows Store Apps DirectX x64 RemoteWindows Software Development Kit for Windows Store Apps DirectX x86 RemoteWinRAR 4.20 (32-bit)WPF Toolkit February 2010 (Version 3.5.50211.1).==== Event Viewer Messages From Past Week ========.29/07/2013 18:34:53, Error: Service Control Manager [7030] - The PandoraService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.28/07/2013 15:08:15, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service..==== End Of File =========================== dds.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by Luís at 17:56:25 on 2013-07-30Microsoft Windows 8 Pro 6.2.9200.0.1252.351.1033.18.6042.4249 [GMT 1:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkc:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhostex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\wwahost.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Luís\Downloads\dds.comC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyStartupFolder: C:\Users\LUS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXEIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.2.1TCP: Interfaces\{3B7EDC88-C28E-49DD-870D-F9042F9C5F84} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{3B7EDC88-C28E-49DD-870D-F9042F9C5F84}\358414B4542523 : DHCPNameServer = 192.168.1.254 8.8.8.8TCP: Interfaces\{BD6940B3-5449-42DA-9D74-ABEF8F8290E4} : DHCPNameServer = 192.168.1.254Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>Hosts: 212.59.16.245 www.google-analytics.com.Hosts: 212.59.16.245 connect.facebook.net.Hosts: 212.59.16.245 platform.twitter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 connect.facebook.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-6-28 283200]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-4 239616]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-28 14904]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-6-28 2451456]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-28 128896]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-28 165760]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-30 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-30 701512]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-28 4150112]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-28 364416]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-9-4 9004384]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-7-30 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-6-28 690832]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-24 43832]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-6-28 269968]S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2013-07-30 16:56:26 -------- d-----w- C:\Users\LuÝs\AppData\Local\Microsoft2013-07-30 16:27:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{182192DF-5027-469D-AE4D-74CD0B1727EB}\mpengine.dll2013-07-30 12:56:21 9460976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-07-30 12:35:55 -------- d-----w- C:\Users\Luís\AppData\Roaming\Malwarebytes2013-07-30 12:35:34 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-30 12:35:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-30 12:35:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-29 17:34:23 -------- d-----w- C:\Program Files (x86)\The KMPlayer2013-07-28 16:55:18 466456 ----a-w- C:\Windows\System32\wrap_oal.dll2013-07-28 16:55:18 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2013-07-28 16:55:18 122904 ----a-w- C:\Windows\System32\OpenAL32.dll2013-07-28 16:55:18 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2013-07-28 16:55:18 -------- d-----w- C:\Program Files (x86)\OpenAL2013-07-27 10:57:16 -------- d-----w- C:\Windows\System32\MRT2013-07-27 09:54:50 289968 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10211.bin2013-07-26 16:52:17 -------- d-----w- C:\Users\Luís\AppData\Roaming\TS3Client2013-07-25 19:55:10 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client2013-07-16 22:25:01 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-07-10 12:34:53 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-10 12:34:52 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 12:34:52 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 12:34:52 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 12:34:51 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 12:34:50 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-10 12:34:49 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-10 12:34:05 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 12:33:31 595968 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 12:33:31 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 12:33:30 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-07-10 12:33:30 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-07-03 21:07:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-07-01 19:52:59 9728 ----a-w- C:\Windows\SysWow64\wlanhlp.dll2013-07-01 19:51:59 793200 ----a-w- C:\Windows\System32\mfplat.dll2013-07-01 19:50:56 2367528 ----a-w- C:\Windows\System32\WSService.dll2013-07-01 19:49:59 509952 ----a-w- C:\Windows\SysWow64\twinapi.dll2013-07-01 13:17:24 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-01 13:17:24 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-01 13:14:16 -------- d-----r- C:\Windows\BrowserChoice.==================== Find3M ====================.2013-06-28 15:40:38 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-06-28 13:56:25 0 ----a-w- C:\Windows\ativpsrm.bin2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll2013-05-04 06:59:21 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-05-04 04:57:58 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll.============= FINISH: 17:57:09,85 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.