Jump to content

timowee

Members
  • Posts

    5
  • Joined

  • Last visited

Posts posted by timowee

  1. Rogue Killer:

     

    RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com




     

    Operating System : Windows 7 (6.1.7600 ) 64 bits version

    Started in : Normal mode

    User : User [Admin rights]

    Mode : Scan -- Date : 08/02/2013 19:44:23

    | ARK || FAK || MBR |

     

    ¤¤¤ Bad processes : 0 ¤¤¤

     

    ¤¤¤ Registry Entries : 6 ¤¤¤

    [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

     

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

     

    ¤¤¤ Startup Entries : 0 ¤¤¤

     

    ¤¤¤ Web browsers : 0 ¤¤¤

     

    ¤¤¤ Particular Files / Folders: ¤¤¤

     

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

     

    ¤¤¤ External Hives: ¤¤¤

     

    ¤¤¤ Infection :  ¤¤¤

     

    ¤¤¤ HOSTS File: ¤¤¤

    --> %SystemRoot%\System32\drivers\etc\hosts
  2. DDS.txt:

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 

    Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.21.2

    Run by User at 19:33:17 on 2013-08-02

    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.65.1033.18.3884.2500 [GMT 8:00]

    .

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\FBAgent.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\Windows\system32\taskhost.exe

    C:\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxtray.exe

    C:\Program Files\Elantech\ETDCtrl.exe

    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

    C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

    C:\Program Files\P4G\BatteryLife.exe

    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Elantech\ETDCtrlHelper.exe

    C:\Program Files\Elantech\ETDGesture.exe

    C:\Windows\SysWOW64\ACEngSvr.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\sppsvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .



    mWinlogon: Userinit = userinit.exe,

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    uRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

    uRun: [Windows Alerter] C:\Program  Files\Windows Alerter\WinAlert.exe

    uRun: [Windows Common Files Manager] C:\Program  Files\Windows Common Files\Commgr.exe

    mRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

    mRun: [Windows Alerter] C:\Program  Files\Windows Alerter\WinAlert.exe

    mRun: [Windows Common Files Manager] C:\Program  Files\Windows Common Files\Commgr.exe

    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll




    TCP: NameServer = 192.168.1.254

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7} : DHCPNameServer = 192.168.1.254

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\143434543535D235471627845726 : DHCPNameServer = 198.41.0.4

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\162776F6E6 : DHCPNameServer = 10.164.32.129 10.165.32.129

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\3594E4744554C4D283836483 : DHCPNameServer = 192.168.1.254

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\8484026416D696C697D27657563747 : DHCPNameServer = 218.186.2.16 218.186.1.58 218.186.2.6

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\A4F6560214B6963716D656 : DHCPNameServer = 165.21.83.88 165.21.100.88

    TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\C696E6B6379737 : DHCPNameServer = 203.116.1.78 203.116.1.94 218.186.2.16

    TCP: Interfaces\{ADDD6723-377A-4363-BB94-CF03E9EC3F59} : DHCPNameServer = 192.168.1.254

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

    SSODL: WebCheck - <orphaned>

    x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

    x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-Notify: igfxcui - igfxdev.dll

    x64-SSODL: WebCheck - <orphaned>

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gctrtteq.default\

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    FF - ExtSQL: 2013-07-21 16:50; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Web Assistant\Firefox

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: extensions.incredibar_i.newTab - false


    FF - user.js: extensions.incredibar_i.id - e2830576000000000000485d60720ba7

    FF - user.js: extensions.incredibar_i.instlDay - 15520

    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:16:26

    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

    FF - user.js: extensions.incredibar_i.prdct - incredibar

    FF - user.js: extensions.incredibar_i.aflt - orgnl

    FF - user.js: extensions.incredibar_i.smplGrp - none

    FF - user.js: extensions.incredibar_i.tlbrId - base

    FF - user.js: extensions.incredibar_i.instlRef - 

    FF - user.js: extensions.incredibar_i.dfltLng - 

    FF - user.js: extensions.incredibar_i.excTlbr - false

    FF - user.js: extensions.incredibar_i.ms_url_id - 

    FF - user.js: extensions.incredibar_i.upn2 - 6OyGpriUT9

    FF - user.js: extensions.incredibar_i.upn2n - 92261668370122171

    FF - user.js: extensions.incredibar_i.productid - 26

    FF - user.js: extensions.incredibar_i.installerproductid - 26

    FF - user.js: extensions.incredibar_i.did - 10643

    FF - user.js: extensions.incredibar_i.ppd - 1

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]

    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-12 379520]

    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

    R2 MBAMScheduler;MBAMScheduler;C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 418376]

    R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 701512]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-5-22 11576]

    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2314240]

    R2 Web Assistant;Web Assistant;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2013-7-21 188760]

    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-3-3 339856]

    R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-12 56344]

    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

    R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-19 25928]

    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-28 44032]

    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]

    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-12 35104]

    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-25 57840]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]

    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]

    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-07-30 01:48:59 -------- d-----w- C:\Program Files (x86)\GUMBA1C.tmp

    2013-07-27 04:08:59 -------- d-----w- C:\Windows\en

    2013-07-25 01:38:16 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

    2013-07-25 01:37:10 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

    2013-07-25 01:37:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

    2013-07-25 01:37:10 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

    2013-07-25 01:37:10 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

    2013-07-25 01:37:10 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

    2013-07-25 01:37:10 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

    2013-07-25 01:37:10 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

    2013-07-25 01:37:10 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

    2013-07-25 01:36:53 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

    2013-07-25 01:36:53 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

    2013-07-25 01:36:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DSETUP.dll

    2013-07-25 01:36:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DXSETUP.exe

    2013-07-25 01:36:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\dsetup32.dll

    2013-07-25 01:36:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DXSETUP.exe

    2013-07-25 01:36:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DSETUP.dll

    2013-07-25 01:36:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\dsetup32.dll

    2013-07-25 01:36:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DSETUP.dll

    2013-07-25 01:36:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DXSETUP.exe

    2013-07-25 01:36:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\dsetup32.dll

    2013-07-12 01:32:44 -------- d-sh--w- C:\Program  Files

    .

    ==================== Find3M  ====================

    .

    2013-05-31 06:59:32 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime

    2013-05-31 06:59:32 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime

    2013-05-19 09:34:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

    2013-05-19 09:34:10 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2013-05-19 09:34:10 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2013-05-17 01:09:50 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx

    .

    ============= FINISH: 19:34:03.93 ===============
  3. Attach.txt log:

     

     

     
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/6/2011 1:00:31 PM
    System Uptime: 2/8/2013 7:27:10 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc.         |  | U35JC
    Processor: Intel® Core i5 CPU       M 460  @ 2.53GHz | Socket 989 | 1317/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 33.567 GiB free.
    D: is FIXED (NTFS) - 328 GiB total, 327.672 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: BT-270
    Device ID: USB\VID_0B05&PID_1788\74F06DB3154A
    Manufacturer: Broadcom
    Name: BT-270
    PNP Device ID: USB\VID_0B05&PID_1788\74F06DB3154A
    Service: BTHUSB
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ??????? 2.7
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1 MUI
    Alcor Micro USB Card Reader
    ASUS AI Recovery
    ASUS AP Bank
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS MultiFrame
    ASUS Power4Gear Hybrid
    Asus Screensaver
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ATK Package
    Boingo Wi-Fi
    CCleaner
    ControlDeck
    D3DX10
    Dropbox
    ETDWare PS/2-X64 11.5.6.6_WHQL
    Express Gate
    Facebook Video Calling 1.2.0.159
    Fast Boot
    Game Park Console
    Google Chrome
    Google Drive
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel® Control Center
    Intel® Graphics Media Accelerator Driver
    Intel® Management Engine Components
    Intel® Turbo Boost Technology Monitor
    Java 7 Update 21
    Java Auto Updater
    Java 6 Update 27
    Junk Mail filter update
    LEGO MINDSTORMS NXT x64 Driver Support
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Movie Maker
    Mozilla Firefox 13.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    NI VC2008MSMs x64
    NI VC2008MSMs x86
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA Updatus
    Photo Common
    Photo Gallery
    Realtek High Definition Audio Driver
    Samsung ML-2160 Series
    Samsung Printer Live Update
    Security Task Manager 1.8g
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SRS Premium Sound Control Panel
    syncables desktop SE
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    USB 2.0 VGA UVC WebCam
    VLC media player 2.0.6
    Web Assistant 2.0.0.601
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
    Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
    Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    WinRAR 4.20 (32-bit)
    Wireless Console 3
    YTD Video Downloader 4.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/7/2013 1:23:10 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
    28/7/2013 6:16:58 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
    26/7/2013 6:02:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    26/7/2013 6:02:12 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    2/8/2013 7:27:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
    .
    ==== End Of File ===========================
     
  4. Help! My machine running Windows 7 Home Premium 64-bit (if that helps) has caught some nasty bug called Backdoor.bot! I have tried to delete it on multiple occasions using Malwarebytes Anti-Malware, and it says threat removed, and sometimes when I scan it comes up clean, but when I insert thumb drives or SD cards the computer puts in 3 files immediately, and all the files become .exe files and 468kb large. When I scan them, it shows Backdoor.bot as a threat. When I try to remove them with Malwarebytes, the files dissapear, then a few seconds later appear again.

     

    What do I do? Please help! All help is greatly appreciated.

     

    Below is the log of MBAM:

     

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Database version: v2013.07.31.02
     
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]
     
    31/7/2013 6:09:57 PM
    MBAM-log-2013-07-31 (18-51-13).txt
     
    Scan type: Full scan (C:\|D:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 345255
    Time elapsed: 40 minute(s), 40 second(s)
     
    Memory Processes Detected: 3
    C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> 3360 -> No action taken.
    C:\Program  Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> 3448 -> No action taken.
    C:\Program  Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> 4012 -> No action taken.
     
    Memory Modules Detected: 0
    (No malicious items detected)
     
    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
     
    Registry Values Detected: 6
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program  Files\Windows Alerter\WinAlert.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program  Files\Windows Alerter\WinAlert.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program  Files\Windows Common Files\Commgr.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program  Files\Windows Common Files\Commgr.exe -> No action taken.
     
    Registry Data Items Detected: 0
    (No malicious items detected)
     
    Folders Detected: 0
    (No malicious items detected)
     
    Files Detected: 3
    C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> No action taken.
    C:\Program  Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> No action taken.
    C:\Program  Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> No action taken.
     
    (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.