karasaen Posted July 15, 2013 ID:702785 Share Posted July 15, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer:Run by Jun at 16:58:54 on 2013-07-14Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7600.0.1252.1.1033.18.4060.2403 [GMT -7:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEC:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Spyrix Free Keylogger\spkl.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -BHO: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [searchProtect] C:\Users\Jun\AppData\Roaming\SearchProtect\bin\cltmng.exemRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [kbdsprt] <no file>dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStartmExplorerRun: [localSPM] C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:2mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: SynchronousMachineGroupPolicy = dword:0mPolicies-System: SynchronousUserGroupPolicy = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 68.190.192.35 71.9.127.107 24.205.224.36TCP: Interfaces\{5C9B5B5D-F72A-4E51-AF18-4B1BEF45438D} : DHCPNameServer = 68.190.192.35 71.9.127.107 24.205.224.36Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllAppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dllSSODL: WebCheck - <orphaned>SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dllx64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dllx64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllHosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 ad-emea.doubleclick.net.Hosts: 93.115.241.27 www.statcounter.com.Hosts: 108.163.215.51 www.google-analytics.com.Hosts: 108.163.215.51 ad-emea.doubleclick.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - about:homeFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dllFF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dllFF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dllFF - plugin: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\bkh5rl90.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.============= SERVICES / DRIVERS ===============.R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-12-1 18784]R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2009-12-1 25752]R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-10 21544]R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-5-11 131072]R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-4-10 68136]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-8 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-8 701512]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-10 76912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-8 25928]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-1 225280]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-1 44032]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-11-24 98616]S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 70424]S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2009-12-1 93472]S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2009-12-1 43416]S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2009-12-1 51096]S3 ioatdma;Intel® QuickData Technology device;C:\Windows\System32\drivers\qd260x64.sys [2009-12-1 41096]S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-12-1 40144]S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-12-1 41680]S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2009-12-1 175328]S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2009-12-1 461320]S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2009-12-1 28192]S3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-12-1 56664]S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2009-12-1 56096]S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2009-12-1 80424]S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-1 60416]S3 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2009-12-1 80896]S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-1 55808]S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2009-12-1 164656]S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2009-12-1 99120]S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2009-12-1 113456]S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2009-12-1 334640]S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2009-12-1 330544]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-11-24 203320]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2009-12-1 136192]S3 ViBusX64;ViBusX64;C:\Windows\System32\drivers\ViBusX64.sys [2009-12-1 25240]S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2009-12-1 15000]S3 ViPrtX64;ViPrtX64;C:\Windows\System32\drivers\ViPrtX64.sys [2009-12-1 67224]S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2009-11-29 86576]S3 vmmouse;VMware Pointing Device;C:\Windows\System32\drivers\vmmouse.sys [2009-11-29 13872].=============== Created Last 30 ================.2013-07-14 16:24:16 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1620FE7-2B89-4C28-9C82-DB7AE649BE8F}\offreg.dll2013-07-14 10:01:00 -------- d-----w- C:\1c26708a11df8e3a10405ad4172013-07-12 22:39:43 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1620FE7-2B89-4C28-9C82-DB7AE649BE8F}\mpengine.dll2013-07-10 10:00:32 -------- d-----w- C:\e7621cc4e42e776a3578559109d703b12013-07-09 10:00:51 -------- d-----w- C:\8e8bbb76f9d26e7a8e449ffcdb3bc22013-07-09 05:30:20 -------- d-----w- C:\Users\Jun\AppData\Roaming\Malwarebytes2013-07-09 05:29:51 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-09 05:29:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-09 05:29:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-08 10:00:45 -------- d-----w- C:\d48a7e359718ecf2545882c8b72013-07-07 10:01:00 -------- d-----w- C:\78eda3a155324849b82013-07-07 00:13:21 -------- d-----w- C:\168359b670ecc876ef805dbe1acabe2013-07-06 23:01:48 -------- d-----w- C:\dd62c456efe75a1350c7c1651d002013-07-06 18:33:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-06 18:33:43 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-06 10:00:32 -------- d-----w- C:\f11e5929c871f4c29f122013-07-05 10:00:39 -------- d-----w- C:\866a3333f181ab2e4604e14714234d2013-07-04 19:51:21 -------- d-----w- C:\862f987f977101de778bbf2a30cb032013-07-04 10:00:44 -------- d-----w- C:\ac6fa2177432c795ef60f48b8c2013-07-03 10:00:48 -------- d-----w- C:\e87f216d813b40f7fe2013-07-02 10:00:58 -------- d-----w- C:\b7cb2649e4c2afa63270554d97809b402013-07-01 10:00:30 -------- d-----w- C:\1ba84f0bd1da1872be3fc3892013-06-30 10:01:43 -------- d-----w- C:\89f5871ab74baabf20152013-06-29 10:00:34 -------- d-----w- C:\377f6a6b8ab27843c286434200b0c8ad2013-06-28 10:00:31 -------- d-----w- C:\c1e353b2859e481e0b372013-06-27 10:00:34 -------- d-----w- C:\b43282260bc554119104c52db02013-06-26 10:00:30 -------- d-----w- C:\256c3a1ee557f9f8764c61509ec82013-06-25 10:00:29 -------- d-----w- C:\f07ce1089424644cb52013-06-24 10:00:30 -------- d-----w- C:\015c77757a871213e2e62013-06-23 10:00:45 -------- d-----w- C:\0525fd2afbd2bedcb4fc2dd92e062013-06-21 10:00:49 -------- d-----w- C:\047786af786040d1fe9281d2ef2013-06-20 10:00:50 -------- d-----w- C:\4faf6ad4bb203417abcc5ab1c3aa5d672013-06-19 10:01:33 -------- d-----w- C:\9f70a6d7d46e50f8895cb4914d287e532013-06-18 10:00:33 -------- d-----w- C:\f76469baae257cbeb3b54a84b4aa7d532013-06-17 10:00:31 -------- d-----w- C:\a2d2a6e87fbe6626881af62013-06-16 10:00:58 -------- d-----w- C:\b83685572fa587b40c.==================== Find3M ====================.2013-07-14 23:51:47 25640 ----a-w- C:\Windows\gdrv.sys2013-05-23 00:21:59 773712 ----a-w- C:\Windows\SysWow64\msvcr100.dll2013-05-23 00:21:59 420944 ----a-w- C:\Windows\SysWow64\msvcp100.dll2013-05-11 19:54:14 83968 ----a-w- C:\Windows\System32\E_YD4BHEA.DLL2013-05-11 19:54:14 120320 ----a-w- C:\Windows\System32\E_YLMHEA.DLL2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 16:59:24.20 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Extreme Edition R1 - x64Boot Device: \Device\HarddiskVolume1Install Date: 4/10/2011 9:36:40 AMSystem Uptime: 7/14/2013 4:51:21 PM (0 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | G41M-ComboProcessor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2333/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1838 GiB total, 1677.319 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP482: 7/6/2013 5:12:31 PM - Windows UpdateRP483: 7/7/2013 3:00:38 AM - Windows UpdateRP484: 7/7/2013 2:13:03 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacksRP485: 7/7/2013 3:59:58 PM - Removed Microsoft .NET Framework 4 ExtendedRP486: 7/8/2013 3:00:29 AM - Windows UpdateRP487: 7/9/2013 3:00:32 AM - Windows UpdateRP488: 7/9/2013 8:44:55 PM - Removed Microsoft SilverlightRP489: 7/10/2013 3:00:11 AM - Windows UpdateRP490: 7/11/2013 3:00:25 AM - Windows UpdateRP491: 7/13/2013 2:53:56 PM - Removed Epson Customer ParticipationRP492: 7/14/2013 3:00:40 AM - Windows Update.==== Hosts File Hijack ======================.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 ad-emea.doubleclick.net.Hosts: 93.115.241.27 www.statcounter.com.Hosts: 108.163.215.51 www.google-analytics.com.Hosts: 108.163.215.51 ad-emea.doubleclick.net.Hosts: 108.163.215.51 www.statcounter.com..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe Digital Editions 2.0Adobe Flash Player 11 PluginAdobe Reader 9.5.3Advertising CenterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAVG 2012Citrix Authentication ManagerCitrix ReceiverCitrix Receiver (HDX Flash Redirection)Citrix Receiver InsideCitrix Receiver(Aero)Citrix Receiver(DV)Citrix Receiver(USB)CPU-ZDMUninstallerDolbyFilesDomaIQEasySaver B9.0904.1EPSON WF-7010 Series Printer UninstallEpsonNet PrintFile Type AssistantFiles OpenedGPU-ZHDTuneHWMonitorIconPackagerImagXpressIntel® Control CenterIntel® Graphics Media Accelerator DriverJava 6 Update 17Java 6 Update 17 (64-bit)LockHunter version 1.0 beta 3, 64 bit editionMalwarebytes Anti-Malware version 1.75.0.1300Menu Templates - Starter KitMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2008 Service Pack 1 RedistributableMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 10.0.2 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NEC Electronics USB 3.0 Host Controller DriverNero 9 TrialNero BurnRightsNero ControlCenterNero DiscSpeedNero DriveSpeedNero InfoToolNero InstallerNero Rescue AgentNeroBurningROMNeroExpressON_OFF Charge B10.0427.1Online Plug-inPC WizardPlayReady PC Runtime amd64Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSelf-service Plug-inUltraISO Premium V9.35Universal Extractor 1.6Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live Communications PlatformWindows Live MessengerYahoo! Messenger.==== Event Viewer Messages From Past Week ========.7/14/2013 4:51:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom7/14/2013 4:51:49 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.7/14/2013 4:51:49 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.7/14/2013 4:51:47 PM, Error: Service Control Manager [7000] - The Search Protect by Conduit Updater service failed to start due to the following error: The system cannot find the file specified.7/14/2013 3:02:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932)..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2013 ID:702792 Share Posted July 15, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703424 Share Posted July 16, 2013 Are you still with us? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703683 Share Posted July 16, 2013 This topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Microsoft Windows 7 Extreme Edition R1 - x64 Link to post Share on other sites More sharing options...
Recommended Posts