Jump to content

Webcam randomly turning on...Plz help!


Recommended Posts

Hi!

My webcam is randomly turning on and sometimes my mouse stops working also some webpages are suddenly popping up , I am having a lot of problems.....plz help me

 

Here are the files:

 

DDS.txt :

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by Kshitij at 19:02:32 on 2013-11-19
Microsoft Windows 8 Single Language  6.2.9200.0.1252.91.1033.18.6000.4438 [GMT 5.5:30]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\SysWOW64\vmnetdhcp.exe
F:\VMWare9\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\dwm.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhostex.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\RTFTrack.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
F:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Kshitij\AppData\Roaming\Microsoft\fsfg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
F:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
F:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kshitij\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [iDMan] F:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Users\Kshitij\AppData\Roaming\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [gdt] "C:\Users\Kshitij\AppData\Roaming\Microsoft\fsfg.exe"
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [vmware-tray.exe] "F:\VMWare9\vmware-tray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
mPolicies-System: DisableCAD = dword:1
IE: Download all links with IDM - F:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - F:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{648BAE61-6F99-4361-B9C1-DC0CBB5BEC80} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C16E4DAA-0B4D-485F-8FA3-822E82901A4F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C16E4DAA-0B4D-485F-8FA3-822E82901A4F}\C416074756368667E613 : DHCPNameServer = 59.144.127.16 59.144.127.17
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [synLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Users\Kshitij\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kshitij\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kshitij\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Kshitij\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - ExtSQL: 2013-10-31 06:33; mozilla_cc@internetdownloadmanager.com; C:\Users\Kshitij\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-11 647736]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-5-11 39008]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-7-29 30496]
R0 vsock;vSockets Driver;C:\windows\System32\Drivers\vsock.sys [2013-7-10 70296]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-1-25 227456]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-17 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-17 384840]
R2 IDMWFP;IDMWFP;C:\windows\System32\Drivers\idmwfp.sys [2013-11-9 174968]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-11 166720]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-14 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-12-14 70152]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-2 14984480]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-30 5071712]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-11 365376]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-1-25 323584]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-5-11 34384]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-5-11 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-2-22 342528]
R3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\Drivers\mcvidrv_x64.sys [2013-9-15 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\Drivers\nvvad64v.sys [2013-8-2 39712]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-5-11 683664]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2013-5-11 8230160]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-11 33008]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-17 393032]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-1 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-1 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S2 VMwareHostd;VMware Workstation Server;F:\VMWare9\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" --> F:\VMWare9\vmware-hostd.exe -u C:\ProgramData\VMware\hostd\config.xml [?]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2013-5-11 89168]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2013-5-11 346192]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2013-5-11 115280]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-5-11 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2013-5-11 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2013-5-11 136424]
S3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2013-5-11 581200]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-7-28 137336]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-7-1 25928]
S3 OracleDBConsoleKSHITIJ;OracleDBConsoleKSHITIJ;F:\app\Kshitij\product\11.2.0\dbhome_1\BIN\nmesrvc.exe [2013-7-1 35328]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;F:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR  --> F:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR  [?]
S3 OracleServiceKSHITIJ;OracleServiceKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ --> f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ [?]
S3 OracleVssWriterKSHITIJ;Oracle KSHITIJ VSS Writer Service;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ --> f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-5-11 315536]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-5-11 102376]
S4 OracleJobSchedulerKSHITIJ;OracleJobSchedulerKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ --> f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ [?]
S4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;F:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:F:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> F:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY:F:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile="C:\windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="C:\windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=C:\windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=C:\windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="C:\windows\System32\CScript.exe" "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2013-11-19 13:14:50 -------- d-sh--w- C:\Users\Kshitij\AppData\Roaming\msgre
2013-11-19 13:09:40 -------- d-----w- C:\Users\Kshitij\AppData\Roaming\dmplogs
2013-11-19 13:05:45 -------- d-----w- C:\AdwCleaner
2013-11-19 12:59:14 -------- d-sh--w- C:\Users\Kshitij\AppData\Roaming\msgr
2013-11-19 12:12:51 505856 ----a-w- C:\Users\Kshitij\AppData\Roaming\Microsoft\fsfg.exe
2013-11-19 08:58:05 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6271A5D7-5F06-427B-A9CD-5132FD646B30}\mpengine.dll
2013-11-18 14:15:06 10280728 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-17 22:34:23 -------- d-----w- C:\Users\Kshitij\AppData\Roaming\.mono
2013-11-17 22:34:22 -------- d-----w- C:\Users\Kshitij\AppData\Local\UWebKit
2013-11-16 22:35:26 -------- d-----w- C:\Users\Kshitij\AppData\Roaming\openvr
2013-11-14 06:01:58 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 22:55:28 2062848 ----a-w- C:\windows\System32\d3d11.dll
2013-11-13 22:55:28 1711616 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-11-13 22:55:21 2304512 ----a-w- C:\windows\System32\authui.dll
2013-11-13 22:55:21 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-11-13 22:18:28 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-11-13 15:59:03 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2013-11-13 15:58:40 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-11-09 05:08:40 174968 ----a-w- C:\windows\System32\drivers\idmwfp.sys
2013-11-01 22:23:30 -------- d-----w- C:\Program Files (x86)\Desktop Screen Record 5
2013-10-26 05:31:01 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-10-26 05:30:38 -------- d-----w- C:\windows\PCHEALTH
2013-10-26 05:30:38 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-10-26 05:29:12 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
.
==================== Find3M  ====================
.
2013-11-05 22:58:57 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-05 22:58:57 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 02:20:37 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-13 22:36:37 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-09-07 09:57:18 56072 ----a-w- C:\windows\System32\certsentry.dll
2013-09-04 03:11:23 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2013-08-30 05:43:40 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll
2013-08-29 23:48:12 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 19:03:16.38 ===============
 
 
 
Attach.txt :
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume2
Install Date: 30-06-2013 09:36:12 AM
System Uptime: 19-11-2013 06:47:12 PM (1 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 443 GiB total, 380.756 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.218 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 441 GiB total, 200.529 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Device ID: USB\VID_0CF3&PID_3004\ALASKA_DAY_2006
Manufacturer: Qualcomm Atheros Communications
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
PNP Device ID: USB\VID_0CF3&PID_3004\ALASKA_DAY_2006
Service: BTHUSB
.
==== System Restore Points ===================
.
RP40: 02-11-2013 07:03:56 AM - Windows Update
RP41: 09-11-2013 08:36:39 AM - Scheduled Checkpoint
RP42: 13-11-2013 09:26:25 PM - Installed DirectX
RP43: 15-11-2013 02:36:02 AM - Installed DirectX
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader XI (11.0.05)
BlueStacks App Player
BlueStacks Notification Center
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Home Theater v4
Dota 2
Energy Management
FormatFactory 3.1.1
Futuremark SystemInfo
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
inSSIDer 3
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Internet Download Manager
Java 7 Update 45
Java Auto Updater
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo PowerDVD10
Lenovo YouCam
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.59
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MultiBit 0.5.13
Nitro Pro 8
NVIDIA Control Panel 311.27
NVIDIA GeForce Experience 1.6
NVIDIA Graphics Driver 311.27
NVIDIA Install Application
NVIDIA Optimus 7.2.17
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 7.2.17
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.1
Onekey Theater
Power2Go
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Sandboxie 4.06 (64-bit)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Shared C Run-time for x64
SHIELD Streaming
Skype™ 6.7
Steam
Stellarium 0.12.2
SugarSync Manager
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Team Fortress 2
TeamViewer 8
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TurboC++ for Windows 3.8.0.1m_r
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
UserGuide
VMware Workstation
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
WinPcap 4.1.3
WinRAR 4.20 (64-bit)
Wireshark 1.10.1 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
19-11-2013 06:47:55 PM, Error: Service Control Manager [7024]  - 
19-11-2013 06:47:50 PM, Error: Service Control Manager [7023]  - The BlueStacks Android Service service terminated with the following error:  An exception occurred in the service when handling the control request.
14-11-2013 09:29:42 PM, Error: Service Control Manager [7034]  - The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
14-11-2013 04:37:50 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer HARSHCLOUD that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C16E4DAA-0B4D-485F-8FA3-822E82901A4F}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 
 
 
Thanks,
 
Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Hi!

Thanks for the reply!

As you said I downloaded the program and as soon as i ran it i got this :

"C:\windows\system32\config\system: The process cannot access the file because it is being used by another process"

 

then I unchecked the boxes you told me to and pressed the scan button , during the scan I again got that error two times and then the scan completed and this is the ark.txt file,

 

ark.txt:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-19 19:24:09
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000040 ST1000LM024_HN-M101MBB rev.2AR20002 931.51GB
Running: lgut8deq.exe; Driver: C:\Users\Kshitij\AppData\Local\Temp\kxrdafod.sys
 
 
---- Devices - GMER 2.1 ----
 
Device  \FileSystem\Ntfs \Ntfs                                                                                          fffffa800567e2c0
Device  \FileSystem\fastfat \Fat                                                                                        fffffa80056362c0
Device  \Driver\iaStorA \Device\00000040                                                                                fffffa80056802c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                fffffa80056382c0
Device  \Driver\iaStorA \Device\RaidPort0                                                                               fffffa80056802c0
Device  \Driver\cdrom \Device\CdRom0                                                                                    fffffa80056762c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{648BAE61-6F99-4361-B9C1-DC0CBB5BEC80}                                        fffffa80056722c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{C16E4DAA-0B4D-485F-8FA3-822E82901A4F}                                        fffffa80056722c0
Device  \Driver\iaStorA \Device\00000041                                                                                fffffa80056802c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                fffffa80056382c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{5A149460-B6C6-4FBB-B142-20E07374AE1E}                                        fffffa80056722c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                fffffa80056382c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                         fffffa80056722c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                fffffa80056382c0
Device  \Driver\iaStorA \Device\ScsiPort0                                                                               fffffa80056802c0
 
---- Trace I/O - GMER 2.1 ----
 
Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80056802c0]<< sptd.sys storport.sys hal.dll iaStorA.sys   fffffa80056802c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b46060]                                                 fffffa8007b46060
Trace   3 CLASSPNP.SYS[fffff88000aa5e0a] -> nt!IofCallDriver -> \Device\00000040[0xfffffa8006257730]                    fffffa8006257730
Trace   \Driver\iaStorA[0xfffffa8006241940] -> IRP_MJ_CREATE -> 0xfffffa80056802c0                                      fffffa80056802c0
 
---- Threads - GMER 2.1 ----
 
Thread  C:\windows\system32\csrss.exe [672:696]                                                                         fffff960008325e8
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                                           unknown MBR code
 
---- EOF - GMER 2.1 ----
 
 
 
Thanks!
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Here is the combofix log file:

 

ComboFix 13-11-19.01 - Kshitij 20-11-2013   8:09.2.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.91.1033.18.6000.4511 [GMT 5.5:30]
Running from: c:\users\Kshitij\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-20 to 2013-11-20  )))))))))))))))))))))))))))))))
.
.
2013-11-20 02:44 . 2013-11-20 02:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-20 02:44 . 2013-11-20 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 14:18 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB940B6-2C23-402C-A96B-53F0C18D87FE}\mpengine.dll
2013-11-19 13:09 . 2013-11-19 13:09 -------- d-----w- c:\users\Kshitij\AppData\Roaming\dmplogs
2013-11-19 13:05 . 2013-11-19 13:16 -------- d-----w- C:\AdwCleaner
2013-11-19 13:04 . 2013-11-19 13:04 -------- d-----w- c:\users\ADMINI~1
2013-11-19 12:59 . 2013-11-19 12:59 -------- d-sh--w- c:\users\Kshitij\AppData\Roaming\msgr
2013-11-19 10:41 . 2013-11-19 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Roaming\.mono
2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Local\UWebKit
2013-11-16 22:35 . 2013-11-16 22:35 -------- d-----w- c:\users\Kshitij\AppData\Roaming\openvr
2013-11-14 06:01 . 2013-11-14 06:01 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 22:55 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-13 22:55 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-13 22:55 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 22:55 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 22:18 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 15:59 . 2013-11-13 15:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-11-13 15:58 . 2013-11-13 15:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-11-01 22:23 . 2013-11-02 09:12 -------- d-----w- c:\program files (x86)\Desktop Screen Record 5
2013-10-26 05:31 . 2013-10-26 05:31 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\windows\PCHEALTH
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files\Microsoft Office
2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-10-26 05:28 . 2013-10-26 05:28 -------- d-----r- C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 14:37 . 2013-07-03 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-05 22:58 . 2013-09-13 11:39 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 02:20 . 2013-10-17 21:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 11:52 . 2013-06-30 21:14 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-09-07 09:57 . 2013-09-05 23:30 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-08-31 19:30 . 2013-06-30 21:14 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-23 05:11 . 2013-10-09 11:51 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"IDMan"="f:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-11-08 3825232]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"uTorrent"="c:\users\Kshitij\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-29 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"vmware-tray.exe"="f:\vmware9\vmware-tray.exe" [2012-10-31 104088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;f:\vmware9\vmware-hostd.exe;f:\vmware9\vmware-hostd.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 OracleDBConsoleKSHITIJ;OracleDBConsoleKSHITIJ;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe [x]
R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR  [x]
R3 OracleServiceKSHITIJ;OracleServiceKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ [x]
R3 OracleVssWriterKSHITIJ;Oracle KSHITIJ VSS Writer Service;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 OracleJobSchedulerKSHITIJ;OracleJobSchedulerKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ [x]
R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 23:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job
- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job
- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- f:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-19 172168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-19 400008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-19 441992]
"RtsFT"="RTFTrack.exe" [2012-10-17 6334096]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-07 13262480]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-03 1256080]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-05-11 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-05-11 191544]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - f:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - f:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\
FF - ExtSQL: 2013-10-31 06:33; mozilla_cc@internetdownloadmanager.com; c:\users\Kshitij\AppData\Roaming\IDM\idmmzcc5
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:f:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4008833774-2699350555-1950638099-1002_Classes\Wow6432Node\CLSID\{2bc16b7c-1192-4ad4-b547-532b3ed7eec2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (S-1-15-2-1)
"Model"=dword:00000100
"Therad"=dword:00000007
"MData"=hex(0):11,60,01,95,5a,2a,a3,31,9b,28,e7,61,46,3c,fe,9b,00,62,82,78,3b,
   9f,1f,90,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4008833774-2699350555-1950638099-1002_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):da,77,1c,11,be,13,98,f8,4c,85,72,c9,2f,d9,30,a6,20,d6,37,54,a7,
   59,54,29,bc,79,52,ab,5e,c1,75,5e,ae,d6,f1,02,35,54,af,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-20  08:15:36
ComboFix-quarantined-files.txt  2013-11-20 02:45
ComboFix2.txt  2013-11-20 02:35
.
Pre-Run: 403,970,285,568 bytes free
Post-Run: 403,893,428,224 bytes free
.
- - End Of File - - 62B40FD2AF94B1569FCD069F7497931A
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Link to post
Share on other sites

The file isn´t infected

You shouldn´t delete it...

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

CFScript.txt

Link to post
Share on other sites

Combofix.txt :-

 

ComboFix 13-11-19.01 - Kshitij 20-11-2013  15:30:55.3.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.91.1033.18.6000.4764 [GMT 5.5:30]
Running from: c:\users\Kshitij\Desktop\ComboFix.exe
Command switches used :: c:\users\Kshitij\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-20 to 2013-11-20  )))))))))))))))))))))))))))))))
.
.
2013-11-20 10:07 . 2013-11-20 10:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-20 10:07 . 2013-11-20 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 14:18 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB940B6-2C23-402C-A96B-53F0C18D87FE}\mpengine.dll
2013-11-19 13:09 . 2013-11-19 13:09 -------- d-----w- c:\users\Kshitij\AppData\Roaming\dmplogs
2013-11-19 13:05 . 2013-11-19 13:16 -------- d-----w- C:\AdwCleaner
2013-11-19 13:04 . 2013-11-19 13:04 -------- d-----w- c:\users\ADMINI~1
2013-11-19 12:59 . 2013-11-19 12:59 -------- d-sh--w- c:\users\Kshitij\AppData\Roaming\msgr
2013-11-19 10:41 . 2013-11-19 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Roaming\.mono
2013-11-17 22:34 . 2013-11-17 22:34 -------- d-----w- c:\users\Kshitij\AppData\Local\UWebKit
2013-11-16 22:35 . 2013-11-16 22:35 -------- d-----w- c:\users\Kshitij\AppData\Roaming\openvr
2013-11-14 06:01 . 2013-11-14 06:01 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 22:55 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-13 22:55 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-13 22:55 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 22:55 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 22:18 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 15:59 . 2013-11-13 15:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-11-13 15:58 . 2013-11-13 15:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-11-01 22:23 . 2013-11-02 09:12 -------- d-----w- c:\program files (x86)\Desktop Screen Record 5
2013-10-26 05:31 . 2013-10-26 05:31 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\windows\PCHEALTH
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-10-26 05:30 . 2013-10-26 05:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files\Microsoft Office
2013-10-26 05:29 . 2013-10-26 05:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-10-26 05:28 . 2013-10-26 05:28 -------- d-----r- C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 14:37 . 2013-07-03 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-05 22:58 . 2013-09-13 11:39 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 02:20 . 2013-10-17 21:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 11:52 . 2013-06-30 21:14 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-09-07 09:57 . 2013-09-05 23:30 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-08-31 19:30 . 2013-06-30 21:14 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-23 05:11 . 2013-10-09 11:51 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"IDMan"="f:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-11-08 3825232]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"uTorrent"="c:\users\Kshitij\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-29 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"vmware-tray.exe"="f:\vmware9\vmware-tray.exe" [2012-10-31 104088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;f:\vmware9\vmware-hostd.exe;f:\vmware9\vmware-hostd.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 OracleDBConsoleKSHITIJ;OracleDBConsoleKSHITIJ;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\nmesrvc.exe [x]
R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR ;f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR  [x]
R3 OracleServiceKSHITIJ;OracleServiceKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\ORACLE.EXE KSHITIJ [x]
R3 OracleVssWriterKSHITIJ;Oracle KSHITIJ VSS Writer Service;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\bin\OraVSSW.exe KSHITIJ [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 OracleJobSchedulerKSHITIJ;OracleJobSchedulerKSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ;f:\app\kshitij\product\11.2.0\dbhome_1\Bin\extjob.exe KSHITIJ [x]
R4 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe;f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 23:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 07:25]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002Core.job
- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008833774-2699350555-1950638099-1002UA.job
- c:\users\Kshitij\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-30 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- f:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-19 172168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-19 400008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-19 441992]
"RtsFT"="RTFTrack.exe" [2012-10-17 6334096]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-07 13262480]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-03 1256080]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-05-11 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-05-11 191544]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - f:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - f:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\
FF - ExtSQL: 2013-10-31 06:33; mozilla_cc@internetdownloadmanager.com; c:\users\Kshitij\AppData\Roaming\IDM\idmmzcc5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:f:\app\Kshitij\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="f:\app\Kshitij\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-20  15:39:29
ComboFix-quarantined-files.txt  2013-11-20 10:09
ComboFix2.txt  2013-11-20 02:45
ComboFix3.txt  2013-11-20 02:35
.
Pre-Run: 403,791,941,632 bytes free
Post-Run: 403,575,386,112 bytes free
.
- - End Of File - - 03385C7A5E950FB4F72835AACC7F127E
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
mbam-log-2013-11-20 (15-40-59).txt :-
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.20.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Kshitij :: KSHITIJ-PC [administrator]
 
Protection: Disabled
 
20-11-2013 03:40:59 PM
mbam-log-2013-11-20 (15-40-59).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 498852
Time elapsed: 1 hour(s), 6 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Qoobox\Quarantine\C\Users\Kshitij\AppData\Roaming\Microsoft\fsfg.exe.vir (Backdoor.DarkKomet) -> Quarantined and deleted successfully.
C:\Users\Kshitij\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IWWHYDG\bit[1].exe (Trojan.Zbot.EDFV) -> Quarantined and deleted successfully.
 
(end)
 
 
 
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

 

C:\Users\Kshitij\Downloads\Programs\FFSetup3.1.1.0.exe

Delete this file.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

AdwCleaner[s1].txt :-

 

# AdwCleaner v3.012 - Report created 21/11/2013 at 13:44:09
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 Single Language  (64 bits)
# Username : Kshitij - KSHITIJ-PC
# Running from : C:\Users\Kshitij\Downloads\Programs\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Kshitij\AppData\Roaming\Mozilla\Firefox\Profiles\3lufnsmi.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Kshitij\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2063 octets] - [19/11/2013 18:39:35]
AdwCleaner[R1].txt - [1027 octets] - [21/11/2013 13:41:43]
AdwCleaner[R2].txt - [1088 octets] - [21/11/2013 13:42:55]
AdwCleaner[s0].txt - [2133 octets] - [19/11/2013 18:46:12]
AdwCleaner[s1].txt - [1010 octets] - [21/11/2013 13:44:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1070 octets] ##########
 
 
 
Checkup.txt :-
 
 Results of screen317's Security Check version 0.99.77  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
Thanks!
Link to post
Share on other sites

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:
 

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.
  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Link to post
Share on other sites

Thanks a lot sir for helping me remove malwares , everything seems fine now but since the time I started having problems one question always intrigued me , actually I am a computer science student and I have a lot of interest in the field of information security and plan to make a future in it , so I try to stay in touch with all this stuff and also follow all the protection recommendations that you told me on a daily basis , I use all legitimate softwares and games , all the softwares and games that I have are either freely available on their official websites or I have bought them , then how did I get infected by those malwares?

 

If I am not wrong one of the malwares that MBAM detected was made through the DarkComet RAT and the other was part of the zeus botnet.

I really dont understand how I can get such malwares even after taking so many precautions , is there any way I can find the answer to this?

 

 

Thanks a lot!

Link to post
Share on other sites

You are running P2P software (utorrent).

This connects your computer with the torrent network where malware and infected files are spread. Using these networks is one of the easiest ways of getting infections.

 

This in combination witrh your outdated IE may be the source of the infection.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.