Jump to content

Can't enable malicious website blocking


HMS10
 Share

Recommended Posts

Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 06-Jul-13 00:42:52
System Uptime: 30-Sep-13 23:13:01 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-78LMT-S2P
Processor: AMD Athlon II X2 250 Processor | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 9.908 GiB free.
D: is FIXED (NTFS) - 127 GiB total, 7.753 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 28.279 GiB free.
F: is FIXED (NTFS) - 142 GiB total, 9.093 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.023 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP80: 27-Sep-13 13:46:22 - Revo Uninstaller's restore point - Castle of Illusion
RP81: 28-Sep-13 03:11:28 - Revo Uninstaller's restore point - Dishonored The Brigmore Witches
RP82: 28-Sep-13 03:18:03 - Revo Uninstaller's restore point - Dishonored
RP83: 28-Sep-13 12:05:16 - Installed DirectX
RP84: 30-Sep-13 17:13:11 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP85: 30-Sep-13 17:23:33 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS6
Adobe Help Manager
Adobe Widget Browser
Amarok (remove only)
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
BioShock
Bonjour
Castlevania: Lords of Shadow - Ultimate Edition
CCleaner
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Disney's Donald Duck
Dota 2
Dropbox
DuckTales Remastered
FIFA 13
Google Chrome
Google Update Helper
Internet Download Manager
iTunes
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MpcStar 5.4
Notepad++
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Outils de vérification linguistique 2013 de Microsoft Office - Français
PCSX2 - Playstation 2 Emulator
PDF Settings CS6
PowerISO
PunkBuster Services
Revo Uninstaller 1.95
Security Update for Microsoft Excel 2013 (KB2768017) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Speccy
Steam
System Requirements Lab CYRI
The King Of Fighters XIII
Tom Clancy's Ghost Recon Future Soldier
Total War ROME II
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817630) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition
VLC media player 2.0.8
WinRAR 5.00 beta 5 (64-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
30-Sep-13 23:13:43, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  General access denied error
30-Sep-13 23:13:43, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  General access denied error
30-Sep-13 23:13:25, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.
30-Sep-13 23:13:23, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
30-Sep-13 18:14:16, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
29-Sep-13 14:42:16, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.31. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer.
28-Sep-13 01:36:16, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
26-Sep-13 14:42:18, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
25-Sep-13 11:25:52, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
24-Sep-13 21:35:45, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
24-Sep-13 20:36:09, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
24-Sep-13 20:36:09, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
 
DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by Hosam at 0:19:56 on 2013-10-01
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.4094.2295 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dashost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Hosam\Downloads\RogueKillerX64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Arkane] C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe
uRun: [AdobeUpdate] wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe"
uRun: [AdobeBridge] <no file>
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DriverCD] H:\Run.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Hosam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
LSP: mswsock.dll
TCP: Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer = 41.128.225.225,41.128.225.226
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-23 00:07; mozilla_cc@internetdownloadmanager.com; C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-30 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WSServiceCrk;Windows Store service crack;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2013-7-17 29696]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\l1c51x64.sys [2013-7-22 90224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-30 25928]
S2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-9-18 172920]
S3 AtiDCM;AtiDCM;C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [2013-7-22 23312]
S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2013-7-29 16152]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
FileExt: .js: JSFile - HKCR\Unknown\Shell=C:\Windows\SysWow64\OpenWith.exe "%1" [default=openas]
.
=============== Created Last 30 ================
.
2013-09-30 21:25:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-30 21:25:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 01:00:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCE602A2-F2F7-490B-B532-2B1228495B18}\mpengine.dll
2013-09-28 22:46:10 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Adobe64x
2013-09-28 22:34:05 -------- d-----w- C:\DirectX
2013-09-28 22:33:28 -------- d-sh--w- C:\Users\Hosam\lbsan
2013-09-28 01:36:37 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-26 22:04:04 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-26 22:03:56 -------- d-----w- C:\Users\Hosam\AppData\Local\PunkBuster
2013-09-26 22:02:30 -------- d-----w- C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher
2013-09-26 18:47:58 304816 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin
2013-09-26 18:40:19 -------- d-----w- C:\Users\Hosam\.local
2013-09-26 18:35:49 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Amarok
2013-09-26 18:34:01 -------- d-----w- C:\Program Files (x86)\Amarok
2013-09-24 11:55:54 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple Computer
2013-09-24 11:55:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-24 11:55:19 -------- d-----w- C:\Program Files\iPod
2013-09-24 11:55:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 11:55:18 -------- d-----w- C:\Program Files\iTunes
2013-09-24 11:55:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-24 11:55:10 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple
2013-09-24 11:54:45 -------- d-----w- C:\Program Files\Bonjour
2013-09-24 11:54:45 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-09-24 03:40:25 -------- d-----w- C:\Program Files\Speccy
2013-09-24 02:50:26 -------- d-----w- C:\Users\Hosam\AppData\Local\Arma 3
2013-09-24 02:50:26 -------- d-----w- C:\ProgramData\Bohemia Interactive
2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-23 17:46:50 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-09-23 17:46:50 3233712 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-09-23 17:34:44 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Ubisoft
2013-09-22 22:25:42 -------- d-----w- C:\ProgramData\Origin
2013-09-20 04:21:51 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Unity
2013-09-18 10:56:01 172920 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-09-18 10:36:19 -------- d-----w- C:\Users\Hosam\AppData\Roaming\The Creative Assembly
2013-09-18 04:55:52 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-09-16 17:16:42 -------- d-----w- C:\Windows\AutoKMS
2013-09-16 17:14:46 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Toolkit
2013-09-16 17:10:17 -------- d-----w- C:\Windows\PCHEALTH
2013-09-16 17:09:20 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Help
2013-09-16 13:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-09-15 11:18:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-09-13 09:46:50 -------- d-----w- C:\Users\Hosam\AppData\Local\Unity
2013-09-11 23:41:39 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 23:41:39 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-11 15:01:21 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-09-11 14:56:47 4038144 ----a-w- C:\Windows\System32\win32k.sys
2013-09-09 17:49:43 -------- d-----w- C:\Users\Hosam\AppData\Local\MercurySteam
2013-09-07 08:39:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-09-04 20:40:52 -------- d-----w- C:\Windows\UbiSoft
2013-09-04 17:22:57 -------- d-----w- C:\ProgramData\Orbit
.
==================== Find3M  ====================
.
2013-08-27 00:09:17 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2013-08-27 00:09:17 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2013-08-23 11:35:18 87345 ----a-w- C:\ProgramData\1377257689.bdinstall.bin
2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
2013-08-13 19:48:17 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 15:30:01 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-07-31 14:28:16 232065 ----a-w- C:\ProgramData\1375280627.bdinstall.bin
2013-07-21 23:36:09 1660 ----a-w- C:\Windows\System32\ASOROSet.bin
2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-07-08 18:15:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-08 18:15:44 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-08 18:15:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-08 12:55:34 510101 ----a-w- C:\Windows\System32\twitchsdk_32_release.dll
2013-07-08 07:20:43 383985 ----a-w- C:\ProgramData\1373267891.bdinstall.bin
2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll
2013-07-04 13:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-07-04 13:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-07-04 13:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
============= FINISH:  0:20:37.63 ===============
 

RogueKiller

 

RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Hosam [Admin rights]
Mode : Scan -- Date : 10/01/2013 00:08:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] postgre.exe -- C:\Users\Hosam\AppData\Roaming\Adobe64x\postgre.exe [-] -> KILLED [TermProc]
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\Hosam\AppData\Local\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] b95359d1dd27d5cccdd94f01b10eb30c
[bSP] 61c1e9781f6bd58575b6a85f5d4329b5 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153602046 | Size: 535478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10012013_000857.txt >>
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.