Jump to content

Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16750

Run by Dominik at 20:29:23 on 2014-02-01

Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.1015.368 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe

C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe

C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Dominik\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.


uRun: [systemBoot] c:\windows\Setupp.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [uTorrent] "c:\users\dominik\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 62.129.50.20 85.135.32.100

TCP: Interfaces\{2AE6F610-87C5-428D-B74C-D752E4004380} : DHCPNameServer = 62.129.50.20 85.135.32.100

TCP: Interfaces\{2AE6F610-87C5-428D-B74C-D752E4004380}\450502C494E4B4 : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\dominik\appdata\roaming\mozilla\firefox\profiles\jyd7fy4i.default\

FF - component: c:\users\dominik\appdata\roaming\mozilla\firefox\profiles\jyd7fy4i.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com

.

============= SERVICES / DRIVERS ===============

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-1-29 2301216]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-1-29 52224]

S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2014-1-29 1343400]

.

=============== Created Last 30 ================

.

2014-02-01 19:17:02 -------- d-----w- c:\program files\ESET

2014-02-01 11:06:44 -------- d-----w- c:\program files\VideoLAN

2014-02-01 08:50:41 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2014-02-01 08:50:39 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2014-02-01 07:52:54 49152 ----a-w- c:\windows\system32\taskhost.exe

2014-02-01 07:49:06 1505280 ----a-w- c:\windows\system32\d3d11.dll

2014-01-31 18:03:12 -------- d-----w- c:\users\dominik\appdata\roaming\TeamViewer

2014-01-31 14:15:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2014-01-31 14:15:20 -------- d-----w- c:\program files\iPod

2014-01-31 14:15:19 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-01-31 14:15:19 -------- d-----w- c:\program files\iTunes

2014-01-31 14:11:31 -------- d-----w- c:\program files\Bonjour

2014-01-31 14:09:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2014-01-31 14:09:53 231424 ----a-w- c:\windows\system32\mswsock.dll

2014-01-31 14:09:52 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2014-01-31 14:09:51 530432 ----a-w- c:\windows\system32\comctl32.dll

2014-01-31 14:09:50 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2014-01-31 14:09:50 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2014-01-31 14:09:49 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2014-01-31 14:09:49 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2014-01-31 14:09:47 175104 ----a-w- c:\windows\system32\wintrust.dll

2014-01-31 14:07:37 1796096 ----a-w- c:\windows\system32\authui.dll

2014-01-31 14:07:37 168960 ----a-w- c:\windows\system32\credui.dll

2014-01-31 14:07:37 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2014-01-31 14:07:11 301568 ----a-w- c:\windows\system32\msieftp.dll

2014-01-31 14:06:27 369848 ----a-w- c:\windows\system32\drivers\cng.sys

2014-01-31 14:06:27 247808 ----a-w- c:\windows\system32\schannel.dll

2014-01-31 14:06:27 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-01-31 14:06:26 99840 ----a-w- c:\windows\system32\sspicli.dll

2014-01-31 14:06:26 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2014-01-31 14:06:26 220160 ----a-w- c:\windows\system32\ncrypt.dll

2014-01-31 14:06:26 22016 ----a-w- c:\windows\system32\secur32.dll

2014-01-31 14:06:26 22016 ----a-w- c:\windows\system32\lsass.exe

2014-01-31 14:06:26 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2014-01-31 14:06:25 15872 ----a-w- c:\windows\system32\sspisrv.dll

2014-01-31 14:05:10 159232 ----a-w- c:\windows\system32\imagehlp.dll

2014-01-31 14:05:07 163840 ----a-w- c:\windows\system32\scrrun.dll

2014-01-31 14:05:07 141824 ----a-w- c:\windows\system32\wscript.exe

2014-01-31 14:05:07 126976 ----a-w- c:\windows\system32\cscript.exe

2014-01-31 14:05:07 121856 ----a-w- c:\windows\system32\wshom.ocx

2014-01-31 14:05:03 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2014-01-31 14:03:52 903168 ----a-w- c:\windows\system32\certutil.exe

2014-01-31 14:03:51 43008 ----a-w- c:\windows\system32\certenc.dll

2014-01-31 14:03:20 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2014-01-31 14:03:20 175104 ----a-w- c:\windows\system32\netcorehc.dll

2014-01-31 14:03:20 156672 ----a-w- c:\windows\system32\ncsi.dll

2014-01-31 14:03:19 52224 ----a-w- c:\windows\system32\nlaapi.dll

2014-01-31 14:03:19 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2014-01-31 14:03:19 242176 ----a-w- c:\windows\system32\nlasvc.dll

2014-01-31 14:03:19 18944 ----a-w- c:\windows\system32\netevent.dll

2014-01-31 14:02:59 509440 ----a-w- c:\windows\system32\qedit.dll

2014-01-31 14:02:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2014-01-31 14:02:34 81408 ----a-w- c:\windows\system32\drivers\drmk.sys

2014-01-31 14:02:34 177152 ----a-w- c:\windows\system32\drivers\portcls.sys

2014-01-31 14:00:56 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2014-01-31 13:58:35 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2014-01-31 13:37:06 47104 ----a-w- c:\windows\system32\appinfo.dll

2014-01-31 13:37:06 101720 ----a-w- c:\windows\system32\consent.exe

2014-01-31 13:34:24 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed06f623-e48d-455b-8f0f-f276083c86a5}\mpengine.dll

2014-01-31 12:15:15 -------- d-----w- c:\users\dominik\appdata\local\Apple Computer

2014-01-31 12:14:25 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2014-01-31 12:13:55 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2014-01-31 12:10:48 -------- d-----w- c:\users\dominik\appdata\local\Apple

2014-01-31 12:01:46 19221504 ----a-w- C:\redsn0w.exe

2014-01-31 09:52:29 -------- d-----w- c:\users\dominik\appdata\local\Adobe

2014-01-30 13:39:39 -------- d-----w- c:\program files\CCleaner

2014-01-30 13:34:28 -------- d-----w- c:\windows\system32\SPReview

2014-01-30 13:32:53 -------- d-----w- c:\windows\system32\EventProviders

2014-01-29 21:49:13 1699328 ----a-w- c:\windows\system32\esent.dll

2014-01-29 21:49:13 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2014-01-29 21:49:12 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2014-01-29 21:49:12 74240 ----a-w- c:\windows\system32\fsutil.exe

2014-01-29 21:49:12 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2014-01-29 21:49:12 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2014-01-29 21:49:12 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2014-01-29 21:49:12 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2014-01-29 21:46:01 1130824 ----a-w- c:\windows\system32\dfshim.dll

2014-01-29 21:44:59 864256 ----a-w- c:\program files\common files\system\ole db\oledb32.dll

2014-01-29 21:43:59 21504 ----a-w- c:\windows\system32\TRAPI.dll

2014-01-29 21:23:21 -------- d-----w- c:\windows\system32\SearchProtect

2014-01-29 12:41:03 -------- d-----w- c:\windows\system32\Wat

2014-01-28 17:14:19 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2014-01-28 15:02:15 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2014-01-28 15:02:14 9728 ----a-w- c:\windows\system32\Wdfres.dll

2014-01-28 14:59:13 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2014-01-28 14:59:13 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2014-01-28 14:59:10 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2014-01-28 14:59:10 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2014-01-28 14:59:09 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2014-01-28 14:59:08 613888 ----a-w- c:\windows\system32\WUDFx.dll

2014-01-28 14:59:08 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2014-01-28 14:55:48 5120 ----a-w- c:\windows\system32\wmi.dll

2014-01-28 14:55:48 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2014-01-28 14:49:16 293376 ----a-w- c:\windows\system32\browserchoice.exe

2014-01-27 21:22:48 -------- d-----w- c:\windows\Migration

2014-01-27 19:30:25 -------- d-----w- c:\programdata\Caphyon

2014-01-27 19:28:01 -------- d-----w- c:\program files\QuadCoreM2

2014-01-27 19:21:46 -------- d-----w- c:\users\dominik\appdata\roaming\Quadcore Games

2014-01-27 15:46:48 -------- d-----w- c:\users\dominik\appdata\local\Adobe-BackupByPhotoshopCS6Portable

2014-01-27 15:46:48 -------- d-----w- c:\programdata\Adobe-BackupByPhotoshopCS6Portable

2014-01-27 15:46:48 -------- d-----w- c:\program files\common files\Adobe-BackupByPhotoshopCS6Portable

2014-01-27 15:46:43 -------- d-----w- c:\users\dominik\appdata\roaming\Adobe-BackupByPhotoshopCS6Portable

2014-01-27 15:35:40 -------- d--h--w- c:\windows\msdownld.tmp

2014-01-27 15:35:39 -------- d-----w- c:\windows\system32\directx

2014-01-27 15:35:30 -------- d-----w- c:\program files\Sacredware

2014-01-27 15:16:50 -------- d-----w- c:\users\dominik\appdata\local\SearchProtect

2014-01-27 15:16:50 -------- d-----w- c:\program files\SearchProtect

2014-01-27 15:15:14 -------- d-----w- c:\users\dominik\appdata\roaming\uTorrent

2014-01-27 04:39:11 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2014-01-27 04:39:09 626688 ----a-w- c:\windows\system32\usp10.dll

2014-01-27 04:39:08 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2014-01-27 04:39:08 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2014-01-27 04:39:08 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2014-01-27 04:39:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2014-01-27 04:38:45 376832 ----a-w- c:\windows\system32\dpnet.dll

2014-01-27 04:38:45 2560 ----a-w- c:\windows\system32\dpnaddr.dll

2014-01-27 04:38:44 31232 ----a-w- c:\windows\system32\prevhost.exe

2014-01-27 04:38:30 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2014-01-27 04:38:28 69632 ----a-w- c:\windows\system32\smss.exe

2014-01-27 04:38:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

2014-01-27 04:38:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2014-01-27 04:38:24 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2014-01-27 04:38:22 708608 ----a-w- c:\program files\common files\system\wab32.dll

2014-01-27 04:36:45 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2014-01-27 04:35:45 642048 ----a-w- c:\windows\system32\CPFilters.dll

2014-01-27 04:34:58 314880 ----a-w- c:\windows\system32\webio.dll

2014-01-27 04:20:04 107520 ----a-w- c:\windows\system32\cdd.dll

2014-01-26 21:58:59 -------- d-----w- c:\windows\PCHEALTH

2014-01-26 21:55:14 -------- d-----w- c:\users\dominik\appdata\roaming\PSpad

2014-01-26 21:42:19 -------- d-----w- c:\program files\DsNET Corp

2014-01-26 20:43:59 -------- d-----w- c:\programdata\Stardock

2014-01-26 20:36:53 -------- d-----w- c:\users\dominik\appdata\roaming\Stardock

2014-01-26 20:36:48 -------- d-----w- c:\users\dominik\appdata\local\Stardock

2014-01-26 20:36:38 -------- d-----w- c:\program files\Stardock

2014-01-26 20:29:04 -------- d-----w- c:\program files\TeamSpeak 3 Client

2014-01-26 20:28:27 -------- d-----w- c:\program files\PSPad editor

2014-01-26 20:28:14 -------- d-----w- c:\users\dominik\appdata\local\Programs

2014-01-26 20:24:58 -------- d-----w- c:\users\dominik\appdata\local\Skype

2014-01-26 20:24:28 -------- d-----r- c:\program files\Skype

2014-01-26 20:01:02 -------- d-----w- c:\programdata\TamoSoft

2014-01-26 20:00:11 -------- d-----w- c:\program files\FiSTiNG4FUN

2014-01-26 19:53:28 -------- d-----w- c:\program files\WinPcap

2014-01-26 19:39:09 -------- d-sh--w- c:\windows\Installer

2014-01-26 19:34:12 -------- d-----w- c:\users\dominik\appdata\local\Google

2014-01-26 18:39:07 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup

2014-01-26 18:39:03 2755072 ----a-w- c:\windows\system32\themeui.dll.backup

2014-01-26 18:38:59 37376 ----a-w- c:\windows\system32\themeservice.dll.backup

2014-01-26 18:32:10 398336 ----a-w- c:\windows\system32\TVWizudlg.exe

2014-01-26 18:32:10 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2014-01-26 18:29:44 -------- d-----w- c:\windows\system32\Lang

2014-01-26 18:29:32 -------- d-----w- C:\Intel

2014-01-26 18:26:53 -------- d-----w- c:\users\dominik\appdata\local\ElevatedDiagnostics

2014-01-26 17:55:33 231584 ------w- c:\windows\system32\MpSigStub.exe

2014-01-26 17:48:25 1002008 ----a-w- c:\windows\system32\igxpun.exe

2014-01-26 17:48:25 -------- d-----w- c:\windows\system32\x64

2014-01-26 17:47:25 826880 ----a-w- c:\windows\system32\rdpcore.dll

2014-01-26 17:47:24 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2014-01-26 17:47:24 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys

2014-01-26 17:44:18 -------- d-----w- c:\windows\system32\wbem\Performance

2014-01-26 17:42:25 2422272 ----a-w- c:\windows\system32\wucltux.dll

2014-01-26 17:42:11 88576 ----a-w- c:\windows\system32\wudriver.dll

2014-01-26 17:41:51 33792 ----a-w- c:\windows\system32\wuapp.exe

2014-01-26 17:41:51 171904 ----a-w- c:\windows\system32\wuwebv.dll

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Plocha

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Oblíbené položky

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Šablony

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Nabídka Start

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Dokumenty

2014-01-26 17:35:39 -------- d-sh--we c:\programdata\Data aplikací

2014-01-26 17:35:39 -------- d-sh--w- C:\Recovery

2014-01-26 17:27:01 -------- d-----w- c:\windows\Panther

2014-01-26 17:26:48 -------- d-sh--w- C:\Boot

.

==================== Find3M  ====================

.

2014-02-01 07:52:21 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-01-31 09:35:45 152576 ----a-w- c:\windows\system32\msclmd.dll

2014-01-26 18:39:07 249856 ----a-w- c:\windows\system32\uxtheme.dll

2014-01-26 18:38:59 37376 ----a-w- c:\windows\system32\themeservice.dll

2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-11-26 11:11:29 240576 ----a-w- c:\windows\system32\drivers\netio.sys

2013-11-26 10:10:21 2349056 ----a-w- c:\windows\system32\win32k.sys

2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 20:31:29,07 ===============

 

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Dominik [Admin rights]

Mode : Scan -- Date : 02/02/2014 11:31:40

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SystemBoot (C:\Windows\Setupp.exe [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1058858334-1708685167-184961356-1001\[...]\Run : SystemBoot (C:\Windows\Setupp.exe [x]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160827AS ATA Device +++++

--- User ---

[MBR] b63dab589e2d1b8fa6f33b91f66aaf31

[bSP] b72c7b8ee02a148af615bc30d05b0b1b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 245762370 | Size: 32616 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_02022014_113140.txt >>

 

 

 

 

Link to post
Share on other sites

What's your concerns with the computer???

---------------------------

Please uninstall Search Protect from your add/remove programs.

Then.......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.