Jump to content

timowee

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi there, Sorry for the late reply, I was busy with school work.. Anyway, I've run the scan, and it says no viruses or anything bad detected, in short the scan came up clean. Is that supposed to be happening? Thank you all once again for your help, I really appreciate it Tim
  2. Rogue Killer: RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : User [Admin rights] Mode : Scan -- Date : 08/02/2013 19:44:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts
  3. DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.21.2 Run by User at 19:33:17 on 2013-08-02 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3884.2500 [GMT 8:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\AsScrPro.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Elantech\ETDGesture.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe uRun: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe uRun: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe mRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe mRun: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exe mRun: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exe StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\143434543535D235471627845726 : DHCPNameServer = 198.41.0.4 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\162776F6E6 : DHCPNameServer = 10.164.32.129 10.165.32.129 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\3594E4744554C4D283836483 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\8484026416D696C697D27657563747 : DHCPNameServer = 218.186.2.16 218.186.1.58 218.186.2.6 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\A4F6560214B6963716D656 : DHCPNameServer = 165.21.83.88 165.21.100.88 TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\C696E6B6379737 : DHCPNameServer = 203.116.1.78 203.116.1.94 218.186.2.16 TCP: Interfaces\{ADDD6723-377A-4363-BB94-CF03E9EC3F59} : DHCPNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gctrtteq.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-07-21 16:50; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Web Assistant\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.id - e2830576000000000000485d60720ba7 FF - user.js: extensions.incredibar_i.instlDay - 15520 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:16:26 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyGpriUT9 FF - user.js: extensions.incredibar_i.upn2n - 92261668370122171 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-7-12 24680] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-12 379520] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MBAMScheduler;MBAMScheduler;C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 418376] R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 701512] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-5-22 11576] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2314240] R2 Web Assistant;Web Assistant;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2013-7-21 188760] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-3-3 339856] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-12 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-19 25928] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-28 44032] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-12 35104] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-25 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736] . =============== Created Last 30 ================ . 2013-07-30 01:48:59 -------- d-----w- C:\Program Files (x86)\GUMBA1C.tmp 2013-07-27 04:08:59 -------- d-----w- C:\Windows\en 2013-07-25 01:38:16 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2013-07-25 01:37:10 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2013-07-25 01:37:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2013-07-25 01:37:10 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2013-07-25 01:37:10 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2013-07-25 01:37:10 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2013-07-25 01:37:10 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2013-07-25 01:37:10 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2013-07-25 01:37:10 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2013-07-25 01:36:53 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2013-07-25 01:36:53 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2013-07-25 01:36:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DSETUP.dll 2013-07-25 01:36:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DXSETUP.exe 2013-07-25 01:36:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\dsetup32.dll 2013-07-25 01:36:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DXSETUP.exe 2013-07-25 01:36:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DSETUP.dll 2013-07-25 01:36:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\dsetup32.dll 2013-07-25 01:36:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DSETUP.dll 2013-07-25 01:36:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DXSETUP.exe 2013-07-25 01:36:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\dsetup32.dll 2013-07-12 01:32:44 -------- d-sh--w- C:\Program Files . ==================== Find3M ==================== . 2013-05-31 06:59:32 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime 2013-05-31 06:59:32 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime 2013-05-19 09:34:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-19 09:34:10 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-05-19 09:34:10 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-05-17 01:09:50 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx . ============= FINISH: 19:34:03.93 ===============
  4. Attach.txt log: .DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 14/6/2011 1:00:31 PMSystem Uptime: 2/8/2013 7:27:10 PM (0 hours ago).Motherboard: ASUSTeK Computer Inc. | | U35JCProcessor: Intel® Core i5 CPU M 460 @ 2.53GHz | Socket 989 | 1317/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 116 GiB total, 33.567 GiB free.D: is FIXED (NTFS) - 328 GiB total, 327.672 GiB free..==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: BT-270Device ID: USB\VID_0B05&PID_1788\74F06DB3154AManufacturer: BroadcomName: BT-270PNP Device ID: USB\VID_0B05&PID_1788\74F06DB3154AService: BTHUSB.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.??????? 2.7Acrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.1 MUIAlcor Micro USB Card ReaderASUS AI RecoveryASUS AP BankASUS FancyStartASUS LifeFrame3ASUS MultiFrameASUS Power4Gear HybridAsus ScreensaverASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraASUS WebStorageATK PackageBoingo Wi-FiCCleanerControlDeckD3DX10DropboxETDWare PS/2-X64 11.5.6.6_WHQLExpress GateFacebook Video Calling 1.2.0.159Fast BootGame Park ConsoleGoogle ChromeGoogle DriveGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Turbo Boost Technology MonitorJava 7 Update 21Java Auto UpdaterJava 6 Update 27Junk Mail filter updateLEGO MINDSTORMS NXT x64 Driver SupportMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft PowerPoint ViewerMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Movie MakerMozilla Firefox 13.0 (x86 en-GB)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)NI VC2008MSMs x64NI VC2008MSMs x86NVIDIA Display Control PanelNVIDIA DriversNVIDIA UpdatusPhoto CommonPhoto GalleryRealtek High Definition Audio DriverSamsung ML-2160 SeriesSamsung Printer Live UpdateSecurity Task Manager 1.8gSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)SRS Premium Sound Control Panelsyncables desktop SEUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)USB 2.0 VGA UVC WebCamVLC media player 2.0.6Web Assistant 2.0.0.601WIDCOMM Bluetooth SoftwareWindows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinFlashWinRAR 4.20 (32-bit)Wireless Console 3YTD Video Downloader 4.2.==== Event Viewer Messages From Past Week ========.31/7/2013 1:23:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.28/7/2013 6:16:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.26/7/2013 6:02:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.26/7/2013 6:02:12 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/8/2013 7:27:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom.==== End Of File ===========================
  5. Help! My machine running Windows 7 Home Premium 64-bit (if that helps) has caught some nasty bug called Backdoor.bot! I have tried to delete it on multiple occasions using Malwarebytes Anti-Malware, and it says threat removed, and sometimes when I scan it comes up clean, but when I insert thumb drives or SD cards the computer puts in 3 files immediately, and all the files become .exe files and 468kb large. When I scan them, it shows Backdoor.bot as a threat. When I try to remove them with Malwarebytes, the files dissapear, then a few seconds later appear again. What do I do? Please help! All help is greatly appreciated. Below is the log of MBAM: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.31.02 Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421User :: USER-PC [administrator] 31/7/2013 6:09:57 PMMBAM-log-2013-07-31 (18-51-13).txt Scan type: Full scan (C:\|D:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 345255Time elapsed: 40 minute(s), 40 second(s) Memory Processes Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> 3360 -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> 3448 -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> 4012 -> No action taken. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. Registry Values Detected: 6HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.