Jump to content

shakarkar

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by shakarkar

  1. No threats were found at all. system-log.txt mbar-log-2013-06-13 (16-05-49).txt
  2. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 32 bits version Started in : Normal mode User : Karim [Admin rights] Mode : Scan -- Date : 06/12/2013 20:05:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] Karim : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Karim\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Karim.nji" [-] -> FOUND [TASK][sUSP PATH] Karim Merge : "C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Karim\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Karim Merge.nji" [-] -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] a10ebe0757d86168ab8d17091bb364d0 [bSP] 6ef792276b8fabd8f4f2a2e5151c10d8 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14998 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 50445 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 134030296 | Size: 239798 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: WDC WD50 00AAKS-00V1A SCSI Disk Device +++++ --- User --- [MBR] 5d4e5f68f53c4aabbc75c21bf859634b [bSP] 8ac0ddcd87bf9d56643ad2f76052bf7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_S_06122013_02d2005.txt >> RKreport[1]_S_06122013_02d2003.txt ; RKreport[2]_H_06122013_02d2003.txt ; RKreport[3]_S_06122013_02d2005.txt
  3. I noticed that it is something concerned with Adobe, however, I could not find it in the 'Programs & Features' nor could I uninstall it using the Adobe Creative Suite Removal Tool, so I manually deleted the folders of the applications and I can no longer run them.
  4. If you can tell me the name of the program, I will uninstall it immediately.
  5. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 32 bits version Started in : Normal mode User : Karim [Admin rights] Mode : Scan -- Date : 06/11/2013 22:49:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] Karim : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Karim\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Karim.nji" [-] -> FOUND [TASK][sUSP PATH] Karim Merge : "C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Karim\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Karim Merge.nji" [-] -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] a10ebe0757d86168ab8d17091bb364d0 [bSP] 6ef792276b8fabd8f4f2a2e5151c10d8 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14998 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 50445 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 134030296 | Size: 239798 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: WDC WD50 00AAKS-00V1A SCSI Disk Device +++++ --- User --- [MBR] 5d4e5f68f53c4aabbc75c21bf859634b [bSP] 8ac0ddcd87bf9d56643ad2f76052bf7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_06112013_02d2249.txt >> RKreport[1]_S_06112013_02d2249.txt
  6. I have suspected that I might be infected with a virus or malware that is affecting my services.exe file in system32 as I am seeing irregular actibvities in my Task Manager under "Service and Controller app" As instructed, I have attached the required scans and disabled uTorrent. I am also currently running a scan, but so far, it has detected nothing. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Karim at 21:36:57 on 2013-06-11 Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3071.598 [GMT 2:00] . AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\atiesrxx.exe C:\WINDOWS\system32\dwm.exe C:\WINDOWS\system32\atieclxx.exe C:\WINDOWS\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dashost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe C:\WINDOWS\system32\taskhostex.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe C:\Users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\DllHost.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\wwahost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Users\Karim\AppData\Local\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wwahost.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\svchost.exe -k apphost C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k iissvcs C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Internet Explorer, optimized for Bing and MSN mStart Page = about:blank BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - d:\program files\microsoft office\office15\OCHelper.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\microsoft office\office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - d:\program files\microsoft office\office15\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Google Update] "c:\users\karim\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [Facebook Update] "c:\users\karim\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [bCSSync] "d:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [TappInAgentUtility] c:\program files\tappin\tappin agent\TappIn.AgentUtility.exe -logintime mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [FlyMonitor] "c:\program files\leapfrog\flyworld\bin\FlyMonitor.exe" mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\karim\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\karim\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\karim\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe StartupFolder: c:\users\karim\appdata\roaming\micros~1\windows\startm~1\programs\startup\sendto~1.lnk - d:\program files\microsoft office\office15\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 IE: &????? ??? Microsoft Excel - <no file> IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4 IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3 IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1 IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0 IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office15\EXCEL.EXE/3000 IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html IE: Se&nd to OneNote - d:\progra~1\micros~2\office15\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - d:\program files\microsoft office\office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0F6C2DBE-C88B-4D96-94C3-56FD1071A062} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{3498B4B9-90D6-4A2F-9E52-DC570179724F} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - d:\program files\microsoft office\office15\MSOSB.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 MpKslc98eb144;MpKslc98eb144;c:\programdata\microsoft\windows defender\definition updates\{0e96ad58-9d86-4f3b-aa17-26b45d2a747e}\MpKslc98eb144.sys [2013-6-11 29904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-11-24 47640] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-20 242240] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-11 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-11 40776] R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [2013-6-7 1383568] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-26 155136] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-8-24 13624] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-5-13 19456] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784] . =============== Created Last 30 ================ . 2013-06-11 19:23:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-06-11 19:23:46 -------- d-----w- c:\users\karim\appdata\roaming\Malwarebytes 2013-06-11 19:23:21 -------- d-----w- c:\programdata\Malwarebytes 2013-06-11 19:23:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-11 19:23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-11 19:16:57 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e96ad58-9d86-4f3b-aa17-26b45d2a747e}\offreg.dll 2013-06-11 19:16:57 29904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e96ad58-9d86-4f3b-aa17-26b45d2a747e}\MpKslc98eb144.sys 2013-06-11 01:44:57 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e96ad58-9d86-4f3b-aa17-26b45d2a747e}\mpengine.dll 2013-06-11 01:00:39 7016152 ------w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-06-08 10:14:46 -------- d-----w- c:\program files\iPod 2013-06-08 10:14:45 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-06-08 10:14:45 -------- d-----w- c:\program files\iTunes 2013-06-07 19:19:14 -------- d-----w- c:\users\karim\appdata\roaming\TP-LINK 2013-06-07 19:18:58 -------- d-----w- c:\program files\TP-LINK 2013-06-07 19:18:46 1383568 ----a-w- c:\windows\system32\rtwlanu.sys 2013-06-07 19:18:46 1383568 ----a-w- c:\windows\system32\drivers\RTWlanU.sys 2013-06-06 14:22:10 -------- d-----w- c:\programdata\TP-LINK 2013-06-01 15:13:49 -------- d-----w- c:\users\karim\appdata\local\ElevatedDiagnostics 2013-05-31 19:55:10 -------- d-----w- c:\users\karim\appdata\local\BookletCreator.com 2013-05-31 19:54:56 -------- d-----w- c:\programdata\IsolatedStorage 2013-05-28 19:37:15 -------- d-----w- c:\program files\PDF Technologies 2013-05-27 16:46:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-05-27 16:46:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-05-27 16:46:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-05-27 16:46:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-05-27 16:46:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-05-26 17:58:27 56615 ----a-w- c:\programdata\1369590467.bdinstall.bin 2013-05-26 16:17:49 234074 ----a-w- c:\programdata\1369584853.bdinstall.bin 2013-05-26 15:53:27 3166010 ----a-w- c:\programdata\1369577069.bdinstall.bin 2013-05-26 14:18:19 511328 ----a-w- c:\windows\capicom.dll 2013-05-26 14:06:01 -------- d-----w- c:\users\karim\appdata\roaming\QuickScan 2013-05-26 14:04:55 -------- d-----w- c:\program files\Bitdefender 2013-05-18 09:26:59 494592 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-05-16 14:26:50 78200 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-16 14:26:50 693112 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 20:03:26 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-05-15 20:03:25 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-05-15 20:03:25 1767424 ----a-w- c:\windows\system32\wininet.dll 2013-05-15 19:49:52 52224 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 19:49:52 104680 ----a-w- c:\windows\system32\consent.exe 2013-05-15 19:35:04 1229576 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 19:22:07 5586184 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-15 17:38:08 2382336 ----a-w- c:\windows\system32\esent.dll 2013-05-15 09:51:57 640000 ----a-w- c:\windows\system32\drivers\http.sys . ==================== Find3M ==================== . 2013-06-08 20:53:09 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2013-06-08 20:53:05 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2013-06-08 20:52:53 31560 ----a-w- c:\windows\system32\LMIport.dll 2013-06-08 20:52:50 92488 ----a-w- c:\windows\system32\LMIinit.dll 2013-05-23 15:50:20 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll 2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-02 07:52:04 2210992 ----a-w- c:\windows\system32\coin94.dll 2013-05-01 01:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-13 05:56:35 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-08 23:44:25 123880 ----a-w- c:\windows\system32\wscapi.dll 2013-04-08 23:39:14 1476024 ----a-w- c:\windows\system32\ntdll.dll 2013-04-08 23:38:27 248576 ----a-w- c:\windows\system32\kd_02_10ec.dll 2013-04-08 23:38:20 238336 ----a-w- c:\windows\system32\drivers\spaceport.sys 2013-04-08 23:37:29 426024 ----a-w- c:\windows\system32\AudioEng.dll 2013-04-08 23:37:29 324368 ----a-w- c:\windows\system32\AudioSes.dll 2013-04-08 23:37:29 207576 ----a-w- c:\windows\system32\audiodg.exe 2013-04-08 21:52:16 670208 ----a-w- c:\windows\system32\SearchIndexer.exe 2013-04-08 21:52:16 614912 ----a-w- c:\windows\system32\RecoveryDrive.exe 2013-04-08 21:52:16 302592 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2013-04-08 21:52:16 171008 ----a-w- c:\windows\system32\SearchFilterHost.exe 2013-04-08 21:52:16 106496 ----a-w- c:\windows\system32\Robocopy.exe 2013-04-08 21:52:09 300032 ----a-w- c:\windows\system32\conhost.exe 2013-04-08 21:52:06 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-08 21:52:03 77312 ----a-w- c:\windows\system32\wscsvc.dll 2013-04-08 21:52:03 393216 ----a-w- c:\windows\system32\wpncore.dll 2013-04-08 21:40:13 3390464 ----a-w- c:\windows\system32\win32k.sys 2013-04-06 04:59:37 61440 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-04-06 04:59:30 19456 ----a-w- c:\windows\system32\drivers\hidusb.sys 2013-04-06 04:59:15 81920 ----a-w- c:\windows\system32\drivers\hidbth.sys 2013-04-06 04:58:12 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-04-06 04:56:49 709632 ----a-w- c:\windows\system32\drivers\PEAuth.sys 2013-04-06 04:55:42 196096 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-04-06 04:55:28 70656 ----a-w- c:\windows\system32\drivers\wanarp.sys 2013-04-04 22:07:40 457624 ----a-w- c:\windows\system32\ci.dll 2013-04-04 03:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-30 18:13:17 1166720 ----a-w- c:\windows\system32\winload.efi 2013-03-30 18:13:17 1063936 ----a-w- c:\windows\system32\winload.exe 2013-03-28 22:07:26 939424 ----a-w- c:\windows\system32\winresume.exe 2013-03-28 22:07:25 1034976 ----a-w- c:\windows\system32\winresume.efi 2013-03-15 22:05:16 252928 ----a-w- c:\windows\system32\rsaenh.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.2.9200 Disk: Hitachi_ rev.ST2O -> Harddisk0\DR0 -> \Device\00002806 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys tcpip.sys NETIO.SYS c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver 1 nt!IofCallDriver[0x823C847C] -> \Device\Harddisk0\DR0[0x85FA5A80] 3 CLASSPNP[0x82AEA300] -> nt!IofCallDriver[0x823C847C] -> [0x85D65680] 5 ACPI[0x8B2B349A] -> nt!IofCallDriver[0x823C847C] -> \Device\00000032[0x85DF2B48] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! error: Read The parameter is incorrect. . ============= FINISH: 21:44:33.56 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.