Jump to content

fusionx

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thread suspended - discussion and testing moved to PMs. If we come up with anything useful I will post the results here at that time.
  2. Hello, Ran the cleaner, rebooted, turned off ESET, and installed 1.15.1.1800. Told it not to update both times. Ran a quick scan, nothing found. Updated, and again have the original error "Program_Error_Load_Database(0,13,CreateSDK)".
  3. Nope, nothing odd at all. I see a folder called "UpdatusUser", but learned it's something to do with an NVidia update service - not sure if it's bad or not, really
  4. Hello AS, and thanks for getting on this so fast I created the batch file. When I run it a window with a red background flashes very quickly, but no notepad file is created.
  5. Hello MBAM, I'm running MBAM Pro, latest version. Several days ago I started getting the error Program_Error_Load_Database(0,13,CreateSDK) and MBAM refuses to run. I'm also getting the error MBAM service terminated unexpectedly at bootup. I've followed all the instructions in the FAQ. MBAM runs when I boot into safe mode and reinstall (after running MBAM Clean). I did a full scan with no results. Upon reboot, it stops working again. When I delete rules.ref and update, it still shows the error. I've followed the steps in the "I'm infected" FAQ. GMER shows nothing. DeFogger had no errors. RKill found nothing wrong. I use ESET Smart Security version 4.2.71.2 with the latest definitions. A full scan shows nothing. Windows Update is failing on the .net updates. It also failed on installing and running the Microsoft Malicious Software Removal Tool. I downloaded it manually and it won't install saying the file is corrupted. I removed all the old Java buildup on the system, and tried to install the latest JRE. It also says the file is corrupted and will not install. Here is the contents of my DDS log: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Jeffrey at 17:29:46 on 2011-08-10 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2186 [GMT 8:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\CISVC.EXE C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\nlssrv32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\TechSmith\Snagit 10\Snagit32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - c:\program files\stumbleupon\StumbleUponIEBar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3D16C3FA-ACC1-4197-B8AD-85124AA78A6C} : NameServer = 8.8.8.8 TCP: Interfaces\{3D16C3FA-ACC1-4197-B8AD-85124AA78A6C} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5415501C-F07D-4EA6-8083-EA8485683C47} : NameServer = 202.126.40.5 222.127.143.5 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll FF - component: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll FF - plugin: e:\program files\canon\zoombrowser ex\program\NPCIG.dll . ============= SERVICES / DRIVERS =============== . R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144] R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336] R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-6-22 66560] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-13 2214504] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-11 12672] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-8 77624] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-25 201168] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-23 15872] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-8 181432] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-7 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040] . =============== Created Last 30 ================ . 2072-04-03 05:13:14 607296 ------w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll 2071-07-25 01:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe 2011-08-10 09:08:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-10 09:08:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-10 09:08:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-10 07:52:01 -------- d-----w- c:\users\jeffrey\appdata\local\FixItCenter 2011-08-10 07:04:35 -------- d-----w- c:\users\jeffrey\appdata\roaming\QuickScan 2011-08-10 04:44:11 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 04:44:09 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-10 04:42:58 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 04:42:58 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-08-10 04:42:57 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll 2011-08-10 04:42:57 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 04:42:57 163840 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 04:42:57 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 04:42:55 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-10 04:42:43 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-09 17:52:18 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ee3b8cde-c236-4ca7-b3ab-1ed7fe0dbef8}\mpengine.dll 2011-08-07 01:42:07 -------- d-----w- c:\windows\system32\Wat 2011-08-05 06:06:52 -------- d-----w- c:\users\jeffrey\appdata\roaming\Malwarebytes 2011-08-05 06:06:46 -------- d-----w- c:\programdata\Malwarebytes 2011-08-02 05:05:36 -------- d-----w- c:\windows\system32\System32 2011-08-01 08:18:00 54784 ----a-w- c:\windows\system32\msvci70.dll 2011-08-01 08:18:00 518416 ----a-w- c:\windows\system32\msxml.dll 2011-08-01 08:18:00 487424 ----a-w- c:\windows\system32\msvcp70.dll 2011-08-01 08:18:00 344064 ----a-w- c:\windows\system32\msvcr70.dll 2011-08-01 08:18:00 25088 ----a-w- c:\windows\system32\msxml3a.dll 2011-08-01 08:18:00 -------- d-----w- c:\program files\common files\Stardock 2011-07-31 17:11:33 34304 ----a-w- c:\program files\microsoft games\age of empires iii\SetupENU2.dll 2011-07-28 09:35:52 -------- d-----w- c:\programdata\Age of Empires 3 2011-07-28 09:31:49 -------- d-----w- c:\program files\common files\Microsoft Games 2011-07-28 09:21:42 -------- d-----w- c:\program files\Microsoft Games 2011-07-28 09:13:00 -------- d-----w- c:\program files\gBurner 2011-07-25 06:59:20 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2011-07-25 06:59:20 201168 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2011-07-25 06:59:20 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2011-07-25 06:59:20 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys 2011-07-21 07:48:28 -------- d-----w- c:\users\jeffrey\vw 2011-07-21 07:48:28 -------- d-----w- c:\users\jeffrey\MyConnection PC 2011-07-21 07:48:26 -------- d-----w- c:\program files\MyConnection PC 2011-07-20 07:56:37 -------- d-----w- c:\users\jeffrey\appdata\local\Samsung 2011-07-20 07:53:04 4659712 ----a-w- c:\windows\system32\Redemption.dll 2011-07-20 07:52:50 821824 ----a-w- c:\windows\system32\dgderapi.dll 2011-07-20 07:52:50 -------- d-----w- c:\program files\MarkAny 2011-07-20 07:52:23 -------- d-----w- c:\users\jeffrey\appdata\roaming\Samsung 2011-07-20 07:52:21 -------- d-----w- c:\programdata\Samsung 2011-07-20 07:52:21 -------- d-----w- c:\program files\Samsung 2011-07-14 02:41:11 -------- d-----w- c:\users\jeffrey\appdata\roaming\Sierra Entertainment 2011-07-14 02:36:58 -------- d-----w- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP 2011-07-14 02:21:25 -------- d-----w- c:\program files\Sierra Entertainment 2011-07-14 02:16:37 -------- d-----w- c:\users\jeffrey\appdata\roaming\DAEMON Tools Lite 2011-07-14 02:16:37 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-07-13 02:21:44 2560616 ----a-w- c:\windows\system32\nvsvcr.dll . ==================== Find3M ==================== . 2011-08-08 02:44:10 811520 ----a-w- c:\windows\system32\user32.dll 2011-08-08 02:44:10 113594 ----a-w- c:\windows\system32\slmgr.vbs 2011-08-08 02:44:08 53760 ----a-w- c:\windows\system32\sppuinotify.dll 2011-08-08 02:44:08 14336 ----a-w- c:\windows\system32\slwga.dll 2011-08-08 02:44:08 118784 ----a-w- c:\windows\system32\sppwmi.dll 2011-08-08 02:44:07 345088 ----a-w- c:\windows\system32\sppcommdlg.dll 2011-08-08 02:44:06 410624 ----a-w- c:\windows\system32\systemcpl.dll 2011-08-04 11:31:48 443448 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-07 23:20:44 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2011-07-07 23:20:42 77624 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 04:59:18 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-06-21 00:45:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-15 15:23:56 227840 ----a-w- c:\windows\system32\Deco_32.dll 2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-07 03:13:38 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD3200AAJS-00VWA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x8308A52A] -> \Device\Harddisk0\DR0[0x8699F5A8] 3 CLASSPNP[0x8CBAE59E] -> ntkrnlpa!IofCallDriver[0x8308A52A] -> [0x86431918] 5 ACPI[0x8C6C43D4] -> ntkrnlpa!IofCallDriver[0x8308A52A] -> \Device\Ide\IdeDeviceP4T0L0-5[0x864B6330] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! . ============= FINISH: 17:30:04.55 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.