Jump to content

myissue

karasaen
 Share

Recommended Posts

karasaen

karasaen

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Jun at 16:58:54 on 2013-07-14
Microsoft Windows 7 Extreme Edition R1 - x64   6.1.7600.0.1252.1.1033.18.4060.2403 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.





mURLSearchHooks: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [searchProtect] C:\Users\Jun\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [kbdsprt] <no file>
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mExplorerRun: [localSPM] C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:2
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}





TCP: NameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{5C9B5B5D-F72A-4E51-AF18-4B1BEF45438D} : DHCPNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe



x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\

FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-12-1 18784]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2009-12-1 25752]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-10 21544]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-5-11 131072]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-4-10 68136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-8 701512]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-10 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-8 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-1 225280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-1 44032]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-11-24 98616]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 70424]
S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2009-12-1 93472]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2009-12-1 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2009-12-1 51096]
S3 ioatdma;Intel® QuickData Technology device;C:\Windows\System32\drivers\qd260x64.sys [2009-12-1 41096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-12-1 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-12-1 41680]
S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2009-12-1 175328]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2009-12-1 461320]
S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2009-12-1 28192]
S3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-12-1 56664]
S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2009-12-1 56096]
S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2009-12-1 80424]
S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-1 60416]
S3 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2009-12-1 80896]
S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-1 55808]
S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2009-12-1 164656]
S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2009-12-1 99120]
S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2009-12-1 113456]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2009-12-1 334640]
S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2009-12-1 330544]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-11-24 203320]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2009-12-1 136192]
S3 ViBusX64;ViBusX64;C:\Windows\System32\drivers\ViBusX64.sys [2009-12-1 25240]
S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2009-12-1 15000]
S3 ViPrtX64;ViPrtX64;C:\Windows\System32\drivers\ViPrtX64.sys [2009-12-1 67224]
S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2009-11-29 86576]
S3 vmmouse;VMware Pointing Device;C:\Windows\System32\drivers\vmmouse.sys [2009-11-29 13872]
.
=============== Created Last 30 ================
.
2013-07-14 16:24:16    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1620FE7-2B89-4C28-9C82-DB7AE649BE8F}\offreg.dll
2013-07-14 10:01:00    --------    d-----w-    C:\1c26708a11df8e3a10405ad417
2013-07-12 22:39:43    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1620FE7-2B89-4C28-9C82-DB7AE649BE8F}\mpengine.dll
2013-07-10 10:00:32    --------    d-----w-    C:\e7621cc4e42e776a3578559109d703b1
2013-07-09 10:00:51    --------    d-----w-    C:\8e8bbb76f9d26e7a8e449ffcdb3bc2
2013-07-09 05:30:20    --------    d-----w-    C:\Users\Jun\AppData\Roaming\Malwarebytes
2013-07-09 05:29:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-07-09 05:29:50    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-09 05:29:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-08 10:00:45    --------    d-----w-    C:\d48a7e359718ecf2545882c8b7
2013-07-07 10:01:00    --------    d-----w-    C:\78eda3a155324849b8
2013-07-07 00:13:21    --------    d-----w-    C:\168359b670ecc876ef805dbe1acabe
2013-07-06 23:01:48    --------    d-----w-    C:\dd62c456efe75a1350c7c1651d00
2013-07-06 18:33:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 18:33:43    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-06 10:00:32    --------    d-----w-    C:\f11e5929c871f4c29f12
2013-07-05 10:00:39    --------    d-----w-    C:\866a3333f181ab2e4604e14714234d
2013-07-04 19:51:21    --------    d-----w-    C:\862f987f977101de778bbf2a30cb03
2013-07-04 10:00:44    --------    d-----w-    C:\ac6fa2177432c795ef60f48b8c
2013-07-03 10:00:48    --------    d-----w-    C:\e87f216d813b40f7fe
2013-07-02 10:00:58    --------    d-----w-    C:\b7cb2649e4c2afa63270554d97809b40
2013-07-01 10:00:30    --------    d-----w-    C:\1ba84f0bd1da1872be3fc389
2013-06-30 10:01:43    --------    d-----w-    C:\89f5871ab74baabf2015
2013-06-29 10:00:34    --------    d-----w-    C:\377f6a6b8ab27843c286434200b0c8ad
2013-06-28 10:00:31    --------    d-----w-    C:\c1e353b2859e481e0b37
2013-06-27 10:00:34    --------    d-----w-    C:\b43282260bc554119104c52db0
2013-06-26 10:00:30    --------    d-----w-    C:\256c3a1ee557f9f8764c61509ec8
2013-06-25 10:00:29    --------    d-----w-    C:\f07ce1089424644cb5
2013-06-24 10:00:30    --------    d-----w-    C:\015c77757a871213e2e6
2013-06-23 10:00:45    --------    d-----w-    C:\0525fd2afbd2bedcb4fc2dd92e06
2013-06-21 10:00:49    --------    d-----w-    C:\047786af786040d1fe9281d2ef
2013-06-20 10:00:50    --------    d-----w-    C:\4faf6ad4bb203417abcc5ab1c3aa5d67
2013-06-19 10:01:33    --------    d-----w-    C:\9f70a6d7d46e50f8895cb4914d287e53
2013-06-18 10:00:33    --------    d-----w-    C:\f76469baae257cbeb3b54a84b4aa7d53
2013-06-17 10:00:31    --------    d-----w-    C:\a2d2a6e87fbe6626881af6
2013-06-16 10:00:58    --------    d-----w-    C:\b83685572fa587b40c
.
==================== Find3M  ====================
.
2013-07-14 23:51:47    25640    ----a-w-    C:\Windows\gdrv.sys
2013-05-23 00:21:59    773712    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-05-23 00:21:59    420944    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-05-11 19:54:14    83968    ----a-w-    C:\Windows\System32\E_YD4BHEA.DLL
2013-05-11 19:54:14    120320    ----a-w-    C:\Windows\System32\E_YLMHEA.DLL
2013-05-02 09:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:59:24.20 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Extreme Edition R1 - x64
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2011 9:36:40 AM
System Uptime: 7/14/2013 4:51:21 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | G41M-Combo
Processor: Intel® Core2 Quad  CPU   Q8200  @ 2.33GHz | Socket 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1838 GiB total, 1677.319 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP482: 7/6/2013 5:12:31 PM - Windows Update
RP483: 7/7/2013 3:00:38 AM - Windows Update
RP484: 7/7/2013 2:13:03 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
RP485: 7/7/2013 3:59:58 PM - Removed Microsoft .NET Framework 4 Extended
RP486: 7/8/2013 3:00:29 AM - Windows Update
RP487: 7/9/2013 3:00:32 AM - Windows Update
RP488: 7/9/2013 8:44:55 PM - Removed Microsoft Silverlight
RP489: 7/10/2013 3:00:11 AM - Windows Update
RP490: 7/11/2013 3:00:25 AM - Windows Update
RP491: 7/13/2013 2:53:56 PM - Removed Epson Customer Participation
RP492: 7/14/2013 3:00:40 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Digital Editions 2.0
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Advertising Center
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVG 2012
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CPU-Z
DMUninstaller
DolbyFiles
DomaIQ
EasySaver B9.0904.1
EPSON WF-7010 Series Printer Uninstall
EpsonNet Print
File Type Assistant
Files Opened
GPU-Z
HDTune
HWMonitor
IconPackager
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Java 6 Update 17
Java 6 Update 17 (64-bit)
LockHunter version 1.0 beta 3, 64 bit edition
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Service Pack 1 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Rescue Agent
NeroBurningROM
NeroExpress
ON_OFF Charge B10.0427.1
Online Plug-in
PC Wizard
PlayReady PC Runtime amd64
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Self-service Plug-in
UltraISO Premium V9.35
Universal Extractor 1.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Messenger
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/14/2013 4:51:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
7/14/2013 4:51:49 PM, Error: Service Control Manager [7023]  - The IP Helper service terminated with the following error:  The specified module could not be found.
7/14/2013 4:51:49 PM, Error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
7/14/2013 4:51:47 PM, Error: Service Control Manager [7000]  - The Search Protect by Conduit Updater service failed to start due to the following error:  The system cannot find the file specified.
7/14/2013 3:02:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
.
==== End Of File ===========================
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.