Jump to content

djj

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

 Content Type 

Everything posted by djj

  1. djj
    thanks
  2. djj
    all is well so far
  3. djj
    ComboFix 13-08-12.01 - Joseph 12/08/2013 2:39.1.2 - x64 NETWORK Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.3673.2576 [GMT -4:00] Running from: c:\users\Joseph\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-07-12 to 2013-08-12 ))))))))))))))))))))))))))))))) . . 2013-08-11 12:03 . 2013-08-11 12:03 -------- d-----w- c:\program files\WinRAR 2013-08-11 11:58 . 2013-08-11 11:58 -------- d-----w- c:\program files\7-Zip 2013-08-10 12:39 . 2013-08-10 12:39 -------- d-----w- c:\program files\CCleaner 2013-08-10 09:54 . 2013-08-10 09:54 -------- d-----w- c:\programdata\Kaspersky Lab 2013-08-08 18:15 . 2013-08-08 18:15 -------- d-----w- c:\program files (x86)\ESET 2013-08-07 22:40 . 2013-08-07 22:40 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin 2013-08-06 23:18 . 2013-08-06 23:18 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-08-06 23:13 . 2013-08-06 23:13 -------- d-----w- c:\program files\HitmanPro 2013-08-06 23:13 . 2013-08-06 23:19 -------- d-----w- c:\programdata\HitmanPro 2013-07-24 01:42 . 2013-07-24 01:42 -------- d-----w- c:\programdata\APN 2013-07-24 01:41 . 2013-07-24 01:41 -------- d-----w- c:\program files (x86)\oovoo 2013-07-24 01:34 . 2013-07-24 01:36 -------- d-----w- c:\windows\system32\appmgmt 2013-07-19 15:43 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-07-14 03:09 . 2013-07-21 19:04 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-13 14:32 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-07-08 20:59 . 2013-06-18 15:16 713776 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2013-06-28 21:00 . 2013-06-28 21:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-06-28 21:00 . 2013-06-28 21:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-06-28 11:15 . 2013-06-28 11:14 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-28 11:15 . 2013-06-28 11:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-28 11:15 . 2013-06-28 11:14 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 22:04 . 2013-06-29 15:08 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-06-29 15:08 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-24 04:57 . 2013-06-29 13:40 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-18 15:16 . 2013-06-18 15:16 37560 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-06-18 15:16 . 2013-06-18 15:16 118400 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-06-18 15:16 . 2013-06-18 15:16 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-06-18 15:15 . 2013-06-18 15:15 43216 ----a-w- c:\windows\system32\cmdcsr.dll 2013-06-18 15:15 . 2013-06-18 15:15 437688 ----a-w- c:\windows\system32\guard64.dll 2013-06-18 15:15 . 2013-06-18 15:15 348584 ----a-w- c:\windows\SysWow64\guard32.dll 2013-06-18 15:15 . 2013-06-18 15:15 45784 ----a-w- c:\windows\system32\cmdkbd64.dll 2013-06-18 15:15 . 2013-06-18 15:15 344792 ----a-w- c:\windows\system32\cmdvrt64.dll 2013-06-18 15:15 . 2013-06-18 15:15 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll 2013-06-18 15:15 . 2013-06-18 15:15 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll 2013-06-11 23:43 . 2013-07-09 11:02 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-09 11:02 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:26 . 2013-07-09 11:02 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-09 11:02 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-09 11:02 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-09 11:03 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-09 11:02 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-09 11:02 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-09 11:02 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-09 11:02 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 23:25 . 2013-07-09 11:02 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-04 13:15 . 2013-06-04 13:15 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-06-04 13:15 . 2013-06-04 13:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2013-06-01 09:25 . 2013-07-09 11:03 496640 ----a-w- c:\windows\SysWow64\qedit.dll 2013-06-01 09:21 . 2013-07-09 11:03 595968 ----a-w- c:\windows\system32\qedit.dll 2013-05-30 23:24 . 2013-06-29 10:35 1257472 ----a-w- c:\windows\system32\kernel32.dll 2013-05-30 23:14 . 2013-07-09 11:03 4036096 ----a-w- c:\windows\system32\win32k.sys 2013-05-23 23:01 . 2013-06-29 10:35 1300992 ----a-w- c:\windows\system32\gdi32.dll 2013-05-23 22:27 . 2013-06-29 10:35 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-05-15 22:37 . 2013-06-29 10:04 44032 ----a-w- c:\windows\SysWow64\UXInit.dll 2013-05-15 22:35 . 2013-06-29 10:04 53760 ----a-w- c:\windows\system32\UXInit.dll 2013-05-15 22:35 . 2013-06-29 15:26 144384 ----a-w- c:\windows\system32\tssdisai.dll 2013-05-15 02:25 . 2013-06-29 10:35 888320 ----a-w- c:\windows\system32\autochk.exe 2013-05-15 02:25 . 2013-06-29 10:35 542208 ----a-w- c:\windows\system32\untfs.dll 2013-05-15 02:24 . 2013-06-29 10:35 793088 ----a-w- c:\windows\SysWow64\autochk.exe 2013-05-15 02:24 . 2013-06-29 10:35 482816 ----a-w- c:\windows\SysWow64\untfs.dll 2013-05-14 13:14 . 2013-06-29 10:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-14 09:23 . 2013-06-29 10:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-04-15 337432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R0 aswRvrt;aswRvrt; [x] R0 aswVmm;aswVmm; [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x] S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-29 03:00 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 10:40] . 2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 10:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm . - - - - ORPHANS REMOVED - - - - . c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk - c:\users\Joseph\AppData\Local\Temp\_uninst_.bat . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-08-12 02:48:19 ComboFix-quarantined-files.txt 2013-08-12 06:48 . Pre-Run: 323,394,924,544 bytes free Post-Run: 323,507,474,432 bytes free . - - End Of File - - ACF09A578D6DE3B5E4D29D18FD42234F A36C5E4F47E84449FF07ED3517B43A31
  4. djj
    Its stuck at installation even after disabling ALL PROGRAMS
  5. djj
    @echo off if exist "C:\Users\Joseph\AppData\Local\Temp\8685277\1277229.exe" goto restart Rmdir /S /Q "C:\Users\Joseph\AppData\Local\Temp\RarSFX0\" del /F /Q "C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" del /F /Q %0 exit 0 :restart start /d"C:\Users\Joseph\AppData\Local\Temp\RarSFX0" 1277229.exe exit 0
  6. djj
  7. djj
    i have this on my pc http://www.computerhope.com/cgi-bin/process.pl?p=uninst.bat its enabled at startup i just disabled it its located in avast temporary and according to comodo HIP it tries to access my disk do you guys want a sample? as malwarebytes does not detect it
  8. djj
    pc still a bit slow
  9. djj
    no threat detected
  10. djj
    i get this error even after restart
  11. djj
    C:\Users\Joseph\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Joseph\AppData\Local\Temp\offercast.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined C:\Users\Joseph\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined C:\Users\Joseph\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Windows.old.000\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application deleted - quarantined C:\Windows.old.000\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
  12. djj
    yes , on other pc's roguekiller does have this much result for registry( only 2 hjdesk which is known as a false positive),also the log has suspicious word like proxy and ntreport
  13. djj
    Attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume1Install Date: 28/06/2013 05:36:21System Uptime: 07/08/2013 12:38:20 (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | X55UProcessor: AMD E2-1800 APU with Radeon HD Graphics | P0 | 1360/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 458 GiB total, 322.047 GiB free.D: is FIXED (NTFS) - 7 GiB total, 7.262 GiB free.E: is CDROM ()F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ACPI\ATK4001\2&DABA3FF&1Manufacturer: Name: PNP Device ID: ACPI\ATK4001\2&DABA3FF&1Service: .==== System Restore Points ===================.RP5: 21/07/2013 14:59:38 - Windows UpdateRP6: 23/07/2013 21:33:19 - Removed ooVooRP7: 03/08/2013 11:38:07 - Scheduled Checkpoint.==== Installed Programs ======================.µTorrentavast! Free AntivirusCOMODO FirewallGoogle ChromeGoogle Update HelperHitmanPro 3.7Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161ooVooPowerISOSkype Click to CallSkype™ 6.6VLC media player 2.0.7Yahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.07/08/2013 12:38:27, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.06/08/2013 01:28:22, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.03/08/2013 16:07:40, Error: Microsoft-Windows-Ntfs [98] - Volume H: (\Device\HarddiskVolume8) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.01/08/2013 10:55:28, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by 133242 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.01/08/2013 06:21:40, Error: Microsoft-Windows-Ntfs [98] - Volume H: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.01/08/2013 01:59:36, Error: Microsoft-Windows-Ntfs [98] - Volume H: (\Device\HarddiskVolume6) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell..==== End Of File =========================== utorrent has been disabled
  14. djj
    DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by Joseph at 12:47:22 on 2013-08-07Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.3673.2260 [GMT -4:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\system32\dwm.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\taskhostex.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Explorer.EXEC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dlluRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietuRun: [uTorrent] "C:\Users\Joseph\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZEDmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startupIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{279C384C-E1E7-49C5-B855-79447CB0B379} : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-28 65336]R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-28 189936]R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-28 1030952]R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-28 378944]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-6-18 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-6-18 713776]R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-6-18 37560]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-28 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-28 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-28 46808]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2013-08-06 23:18:46 12872 ----a-w- C:\Windows\System32\bootdelete.exe2013-08-06 23:13:21 -------- d-----w- C:\Program Files\HitmanPro2013-08-06 23:13:12 -------- d-----w- C:\ProgramData\HitmanPro2013-07-30 18:19:07 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin2013-07-24 01:42:08 -------- d-----w- C:\ProgramData\APN2013-07-24 01:41:57 -------- d-----w- C:\Program Files (x86)\oovoo2013-07-24 01:34:42 -------- d-----w- C:\Windows\System32\appmgmt2013-07-19 15:43:10 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-07-14 03:09:23 -------- d-----w- C:\Windows\System32\MRT2013-07-11 11:48:09 -------- d-----w- C:\Users\Joseph\AppData\Local\ElevatedDiagnostics2013-07-11 11:34:52 -------- d-----w- C:\Users\Joseph\AppData\Local\Diagnostics2013-07-09 11:05:39 1838080 ----a-w- C:\Windows\System32\DWrite.dll2013-07-09 11:05:38 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-07-09 11:05:34 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-09 11:05:33 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-09 11:05:31 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-09 11:05:30 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-09 11:05:30 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-09 11:05:29 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-09 11:05:28 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-09 11:03:46 595968 ----a-w- C:\Windows\System32\qedit.dll2013-07-09 11:03:45 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-09 11:03:43 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-07-09 11:03:36 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-07-09 11:03:34 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll.==================== Find3M ====================.2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-06-28 11:15:24 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-06-28 11:15:24 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-06-28 09:22:59 0 ----a-w- C:\Windows\ativpsrm.bin2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-18 15:16:18 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-06-18 15:16:16 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-06-18 15:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-06-18 15:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll2013-06-18 15:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll2013-06-18 15:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-06-18 15:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-06-18 15:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-06-18 15:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-04 13:15:04 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-06-04 13:15:00 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 12:50:29.13 ===============
  15. djj
    bump
  16. djj
    Hello guys in using windows 8 and ran roguekiller and this is what i found RogueKiller V8.6.5 [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Joseph [Admin rights]Mode : Scan -- Date : 08/06/2013 17:24:13| ARK || FAK || MBR | ¤¤¤ Bad processes : 13 ¤¤¤[sUSP PATH] atiesrxx.exe -- C:\Windows\System32\atiesrxx.exe [x] -> ERROR [5][sUSP PATH] atieclxx.exe -- C:\Windows\System32\atieclxx.exe [x] -> ERROR [5][sUSP PATH] AvastSvc.exe -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [7] -> ERROR [5][sUSP PATH] cmdagent.exe -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7] -> ERROR [5][sUSP PATH] YahooAUService.exe -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [7] -> ERROR [5][sUSP PATH] taskhostex.exe -- C:\Windows\System32\taskhostex.exe [x] -> ERROR [5][sUSP PATH] cistray.exe -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [7] -> ERROR [5][sUSP PATH] cavwp.exe -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [7] -> ERROR [5][sUSP PATH] cis.exe -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe [7] -> ERROR [5][sUSP PATH] AvastUI.exe -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7] -> ERROR [5][sUSP PATH] PWRISOVM.EXE -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [7] -> ERROR [5][sUSP PATH] ooVoo.exe -- C:\Program Files (x86)\oovoo\ooVoo.exe [7] -> ERROR [5][sUSP PATH] taskhost.exe -- C:\Windows\System32\taskhost.exe [x] -> ERROR [5] ¤¤¤ Registry Entries : 17 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Messenger (Yahoo!) ("C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-947751678-2075467474-1289336377-1001\[...]\Run : Messenger (Yahoo!) ("C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [7]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : avast ("C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [7]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : PWRISOVM.EXE (C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [7]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (%systemroot%\system32\wbem\wbemess.dll [x]) -> FOUND[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (%SystemRoot%\system32\shell32.dll [-]) -> FOUND[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (%SystemRoot%\system32\shell32.dll [-]) -> FOUND[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (%systemroot%\system32\wbem\fastprox.dll [-]) -> FOUND[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 : (%systemroot%\system32\wbem\wbemess.dll [x]) -> FOUND[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 : (%SystemRoot%\system32\shell32.dll [-]) -> FOUND[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 : (%SystemRoot%\system32\shell32.dll [-]) -> FOUND[HJ INPROC][sUSP PATH] HKLM\[...]\InprocServer32 : (%systemroot%\system32\wbem\fastprox.dll [-]) -> FOUND[HJ DLL][sUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (%SystemRoot%\system32\wbem\WMIsvc.dll [x]) -> FOUND[HJ DLL][sUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (%SystemRoot%\system32\wbem\WMIsvc.dll [x]) -> FOUND[HJ BROWSR][sUSP PATH] HKLM\[...]\command : (C:\Program Files\Internet Explorer\iexplore.exe [-]) -> FOUND ¤¤¤ Scheduled tasks : 29 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskMachineCore.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V2][sUSP PATH] {31DDBD37-5DB7-4030-8064-10B0CAA806C3} : C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [7] -> FOUND[V2][sUSP PATH] COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} : "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" - --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85} [7][x] -> FOUND[V2][sUSP PATH] COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} : "C:\Program Files\COMODO\COMODO Internet Security\cis.exe" - --welcomeUI [7] -> FOUND[V2][sUSP PATH] VerifiedPublisherCertStoreCheck : %windir%\system32\appidcertstorecheck.exe [x] -> FOUND[V2][sUSP PATH] ProgramDataUpdater : %windir%\system32\rundll32.exe - aepdu.dll,AePduRunUpdate [x][x][x] -> FOUND[V2][sUSP PATH] StartupAppTask : %windir%\system32\rundll32.exe - Startupscan.dll,SusRunTask [x][x][x] -> FOUND[V2][sUSP PATH] CleanupTemporaryState : %windir%\system32\rundll32.exe - Windows.Storage.ApplicationData.dll,CleanupTemporaryState [x][x][x] -> FOUND[V2][sUSP PATH] Proxy : %windir%\system32\rundll32.exe - /d acproxy.dll,PerformAutochkOperations [x][x][x] -> FOUND[V2][sUSP PATH] Consolidator : %SystemRoot%\System32\wsqmcons.exe [x] -> FOUND[V2][sUSP PATH] Uploader : %windir%\system32\WSqmCons.exe - -u [x] -> FOUND[V2][sUSP PATH] ScheduledDefrag : %windir%\system32\defrag.exe - -c -h -o -$ [x] -> FOUND[V2][sUSP PATH] Notifications : %windir%\System32\LocationNotifications.exe [x] -> FOUND[V2][sUSP PATH] MNO Metadata Parser : %SystemRoot%\System32\MbaeParserTask.exe [x] -> FOUND[V2][sUSP PATH] LPRemove : %windir%\system32\lpremove.exe [x] -> FOUND[V2][sUSP PATH] GatherNetworkInfo : %windir%\system32\gatherNetworkInfo.vbs [x] -> FOUND[V2][sUSP PATH] Sysprep Generalize Drivers : %SystemRoot%\System32\drvinst.exe - 6 [x] -> FOUND[V2][sUSP PATH] FamilySafetyMonitor : %windir%\System32\wpcmon.exe [x] -> FOUND[V2][sUSP PATH] SpaceAgentTask : %windir%\system32\SpaceAgent.exe [x] -> FOUND[V2][sUSP PATH] WsSwapAssessmentTask : %windir%\system32\rundll32.exe - sysmain.dll,PfSvWsSwapAssessmentTask [x][x][x] -> FOUND[V2][sUSP PATH] SR : %windir%\system32\srtasks.exe - ExecuteScheduledSPPCreation [x][x] -> FOUND[V2][sUSP PATH] SynchronizeTime : %windir%\system32\sc.exe - start w32time task_started [x][x][x] -> FOUND[V2][sUSP PATH] QueueReporting : %windir%\system32\wermgr.exe - -queuereporting [x] -> FOUND[V2][sUSP PATH] UpdateLibrary : "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [x] -> FOUND[V2][sUSP PATH] ConfigNotification : %systemroot%\System32\sdclt.exe - /CONFIGNOTIFICATION [x] -> FOUND[V2][sUSP PATH] Scheduled Start : C:\Windows\system32\sc.exe - start wuauserv [-][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++--- User ---[MBR] d7e8291885bc312dea9ce82f5d40f079[bSP] a9d7dd8a8a2817001a4a44d10284e3f4 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 469067 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 961370049 | Size: 7518 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08062013_172413.txt >>RKreport[0]_S_08062013_171540.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.