timowee
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by timowee
-
-
Rogue Killer:RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : User [Admin rights]Mode : Scan -- Date : 08/02/2013 19:44:23| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts
-
DDS.txt:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.21.2Run by User at 19:33:17 on 2013-08-02Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3884.2500 [GMT 8:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\FBAgent.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Web Assistant\ExtensionUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\taskhost.exeC:\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxtray.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exeC:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Windows\AsScrPro.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Program Files\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Program Files\Elantech\ETDGesture.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\sppsvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllBHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exeuRun: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exeuRun: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exemRun: [WindowMessenger] C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exemRun: [Windows Alerter] C:\Program Files\Windows Alerter\WinAlert.exemRun: [Windows Common Files Manager] C:\Program Files\Windows Common Files\Commgr.exeStartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: NameServer = 192.168.1.254TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\143434543535D235471627845726 : DHCPNameServer = 198.41.0.4TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\162776F6E6 : DHCPNameServer = 10.164.32.129 10.165.32.129TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\3594E4744554C4D283836483 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\8484026416D696C697D27657563747 : DHCPNameServer = 218.186.2.16 218.186.1.58 218.186.2.6TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\A4F6560214B6963716D656 : DHCPNameServer = 165.21.83.88 165.21.100.88TCP: Interfaces\{5335D9EC-7F17-4A51-896E-11B40F86F0E7}\C696E6B6379737 : DHCPNameServer = 203.116.1.78 203.116.1.94 218.186.2.16TCP: Interfaces\{ADDD6723-377A-4363-BB94-CF03E9EC3F59} : DHCPNameServer = 192.168.1.254Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gctrtteq.default\FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-07-21 16:50; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Web Assistant\Firefox.---- FIREFOX POLICIES ----FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.id - e2830576000000000000485d60720ba7FF - user.js: extensions.incredibar_i.instlDay - 15520FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:16:26FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6OyGpriUT9FF - user.js: extensions.incredibar_i.upn2n - 92261668370122171FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10643FF - user.js: extensions.incredibar_i.ppd - 1.============= SERVICES / DRIVERS ===============.R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-12 379520]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 MBAMScheduler;MBAMScheduler;C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 418376]R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 701512]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-5-22 11576]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2314240]R2 Web Assistant;Web Assistant;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2013-7-21 188760]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-3-3 339856]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-12 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-19 25928]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-28 44032]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-12 35104]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-25 57840]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736].=============== Created Last 30 ================.2013-07-30 01:48:59 -------- d-----w- C:\Program Files (x86)\GUMBA1C.tmp2013-07-27 04:08:59 -------- d-----w- C:\Windows\en2013-07-25 01:38:16 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys2013-07-25 01:37:10 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll2013-07-25 01:37:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll2013-07-25 01:37:10 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll2013-07-25 01:37:10 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll2013-07-25 01:37:10 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll2013-07-25 01:37:10 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll2013-07-25 01:37:10 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll2013-07-25 01:37:10 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll2013-07-25 01:36:53 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll2013-07-25 01:36:53 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll2013-07-25 01:36:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DSETUP.dll2013-07-25 01:36:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\DXSETUP.exe2013-07-25 01:36:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5beb30bc1ce88d705\dsetup32.dll2013-07-25 01:36:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DXSETUP.exe2013-07-25 01:36:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\DSETUP.dll2013-07-25 01:36:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\59e5e3491ce88d703\dsetup32.dll2013-07-25 01:36:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DSETUP.dll2013-07-25 01:36:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\DXSETUP.exe2013-07-25 01:36:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5757dbd51ce88d701\dsetup32.dll2013-07-12 01:32:44 -------- d-sh--w- C:\Program Files.==================== Find3M ====================.2013-05-31 06:59:32 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime2013-05-31 06:59:32 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime2013-05-19 09:34:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-05-19 09:34:10 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-05-19 09:34:10 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-05-17 01:09:50 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx.============= FINISH: 19:34:03.93 ===============
-
Attach.txt log:
.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 14/6/2011 1:00:31 PMSystem Uptime: 2/8/2013 7:27:10 PM (0 hours ago).Motherboard: ASUSTeK Computer Inc. | | U35JCProcessor: Intel® Core i5 CPU M 460 @ 2.53GHz | Socket 989 | 1317/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 116 GiB total, 33.567 GiB free.D: is FIXED (NTFS) - 328 GiB total, 327.672 GiB free..==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: BT-270Device ID: USB\VID_0B05&PID_1788\74F06DB3154AManufacturer: BroadcomName: BT-270PNP Device ID: USB\VID_0B05&PID_1788\74F06DB3154AService: BTHUSB.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.??????? 2.7Acrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.1 MUIAlcor Micro USB Card ReaderASUS AI RecoveryASUS AP BankASUS FancyStartASUS LifeFrame3ASUS MultiFrameASUS Power4Gear HybridAsus ScreensaverASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraASUS WebStorageATK PackageBoingo Wi-FiCCleanerControlDeckD3DX10DropboxETDWare PS/2-X64 11.5.6.6_WHQLExpress GateFacebook Video Calling 1.2.0.159Fast BootGame Park ConsoleGoogle ChromeGoogle DriveGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Turbo Boost Technology MonitorJava 7 Update 21Java Auto UpdaterJava 6 Update 27Junk Mail filter updateLEGO MINDSTORMS NXT x64 Driver SupportMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft PowerPoint ViewerMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Movie MakerMozilla Firefox 13.0 (x86 en-GB)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)NI VC2008MSMs x64NI VC2008MSMs x86NVIDIA Display Control PanelNVIDIA DriversNVIDIA UpdatusPhoto CommonPhoto GalleryRealtek High Definition Audio DriverSamsung ML-2160 SeriesSamsung Printer Live UpdateSecurity Task Manager 1.8gSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)SRS Premium Sound Control Panelsyncables desktop SEUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)USB 2.0 VGA UVC WebCamVLC media player 2.0.6Web Assistant 2.0.0.601WIDCOMM Bluetooth SoftwareWindows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinFlashWinRAR 4.20 (32-bit)Wireless Console 3YTD Video Downloader 4.2.==== Event Viewer Messages From Past Week ========.31/7/2013 1:23:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.28/7/2013 6:16:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.26/7/2013 6:02:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.26/7/2013 6:02:12 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/8/2013 7:27:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom.==== End Of File =========================== -
Help! My machine running Windows 7 Home Premium 64-bit (if that helps) has caught some nasty bug called Backdoor.bot! I have tried to delete it on multiple occasions using Malwarebytes Anti-Malware, and it says threat removed, and sometimes when I scan it comes up clean, but when I insert thumb drives or SD cards the computer puts in 3 files immediately, and all the files become .exe files and 468kb large. When I scan them, it shows Backdoor.bot as a threat. When I try to remove them with Malwarebytes, the files dissapear, then a few seconds later appear again.
What do I do? Please help! All help is greatly appreciated.
Below is the log of MBAM:
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.07.31.02Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421User :: USER-PC [administrator]31/7/2013 6:09:57 PMMBAM-log-2013-07-31 (18-51-13).txtScan type: Full scan (C:\|D:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 345255Time elapsed: 40 minute(s), 40 second(s)Memory Processes Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> 3360 -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> 3448 -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> 4012 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.Registry Values Detected: 6HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> No action taken.(end)
Help! I'm infected with Backdoor.bot and can't delete it!
in Resolved Malware Removal Logs
Posted
Hi there,
Sorry for the late reply, I was busy with school work..
Anyway, I've run the scan, and it says no viruses or anything bad detected, in short the scan came up clean.
Is that supposed to be happening?
Thank you all once again for your help, I really appreciate it
Tim