Jump to content

Recommended Posts

So I just downloaded the new Malwarebytes 2 and ran it and it came back with this trojan.agent and it just says file it won't say the actual files name and I can't find the actual hosts folder on my computer.

I'm only questioning deleting it if it could be a false positive or something, and I don't even know whats stored in HOSTS. Should I just delete it?

 

Link to post
Share on other sites

Welcome to the forum.

Can you post the log from MB.

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Heres the malwarebytes log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/6/2014

Scan Time: 6:45:53 PM

Logfile: text.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.06.10

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Michael

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 257551

Time Elapsed: 23 min, 39 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUM.Hijack.StartMenu, HKU\S-1-5-21-3488448868-1326732637-1858433580-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Good: (1), Bad: (0),No Action By User,[6eb461c61665162080df6da5ad579f61]

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.Agent, C:\Windows\System32\HOSTS, Quarantined, [9d85e542473459ddd3c7cfedf70b966a], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

DDS

 


DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2

Run by Michael at 22:58:42 on 2014-04-06

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.1983 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Users\Michael\AppData\Roaming\Spotify\spotify.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Michael\Downloads\RogueKillerX64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{067F8FE3-6DF1-4984-B4ED-219713FB84DF} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{50EA41AA-656F-4E10-A864-3A23F7EA8A92} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hatftz2w.default\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-16 9216]

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 208928]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-16 55856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-24 1039096]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-3-24 423240]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-24 79184]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-26 50344]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-16 13592]

R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-23 84816]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-16 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-16 406056]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-6 119512]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-16 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-24 1255736]

.

=============== Created Last 30 ================

.

2014-04-07 00:07:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{504E0E97-095E-43B3-8394-45B964EDCC94}\offreg.dll

2014-04-06 17:40:09 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-06 17:39:56 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-06 17:39:56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-06 17:39:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-06 17:33:19 -------- d-----w- C:\Program Files (x86)\Project64 2.1

2014-04-05 02:16:08 -------- d-----w- C:\Users\Michael\AppData\Roaming\Little Inferno

2014-04-04 18:20:50 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{504E0E97-095E-43B3-8394-45B964EDCC94}\mpengine.dll

2014-03-26 23:17:51 43152 ----a-w- C:\Windows\avastSS.scr

2014-03-12 11:53:55 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-03-12 11:53:55 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-12 11:53:55 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-03-09 12:16:01 6574592 ----a-w- C:\Windows\System32\mstscax.dll

2014-03-09 12:16:01 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

.

==================== Find3M  ====================

.

2014-04-03 13:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-03-26 23:17:52 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2014-03-26 23:17:52 84816 ----a-w- C:\Windows\System32\drivers\aswstm.sys

2014-03-26 23:17:52 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-03-26 23:17:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2014-03-26 23:17:52 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2014-03-26 23:17:52 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-03-12 13:47:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-12 13:47:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-25 22:22:16 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

2014-02-25 22:22:16 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2014-02-25 22:22:16 133632 ----a-w- C:\Windows\System32\OpenAL32.dll

2014-02-25 22:22:16 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2014-02-11 19:35:15 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-24 23:40:26 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-17 21:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2014-01-17 21:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 22:58:54.47 ===============

 


 

Attach

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 3/24/2012 4:34:01 PM

System Uptime: 4/6/2014 7:33:20 AM (15 hours ago)

.

Motherboard: Dell Inc. |  | 0Y2MRG

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 638.012 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP404: 3/26/2014 7:17:03 PM - avast! antivirus system restore point

RP405: 4/1/2014 9:12:41 AM - Windows Update

RP406: 4/4/2014 2:20:25 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Amnesia: The Dark Descent

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI AVIVO64 Codecs

avast! Free Antivirus

Batman: Arkham Asylum GOTY Edition

Batman: Arkham City GOTY

Battle.net

Beneath a Steel Sky

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Closure

Counter-Strike: Global Offensive

Counter-Strike: Source

DayZ

Dead Space

Defraggler

Dell Edoc Viewer

Diablo III

Duke Nukem 3D

DW WLAN Card

Fallout

Fallout 2

Furcadia

Google Chrome

Google Update Helper

Guild Wars

Guild Wars 2

Half-Life 2

Half-Life: Source

Hearthstone

Hi-Rez Studios Authenticate and Update Service

Intel® Control Center

Intel® Rapid Storage Technology

iTunes

Java 7 Update 51

Java Auto Updater

League of Legends

LIMBO

Little Inferno

Malwarebytes Anti-Malware version 2.0.1.1004

Marvel Heroes

Microsoft .NET Framework 4.5.1

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Mirror's Edge

Mozilla Firefox 28.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Mumble 1.2.3

My Dell

NVIDIA PhysX

OpenAL

Origin

Portal 2

Project 64 version 2.1.0.1

QuickTime 7

Realtek High Definition Audio Driver

Scribblenauts Unlimited

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Skype™ 6.14

Smite

Snapshot

Source SDK Base 2006

Source SDK Base 2007

Spotify

Steam

Super Hexagon

Superbrothers: Sword & Sworcery EP

swMSM

System Requirements Lab CYRI

The Binding of Isaac

The Walking Dead

Treasure Adventure Game

Tyrian 2000

Unity Web Player

VC 9.0 Runtime

Ventrilo Client for Windows x64

Windows Live ID Sign-in Assistant

World of Warcraft

World of Warcraft Public Test

Xfire (remove only)

ZoneAlarm LTD Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/6/2014 7:33:55 AM, Error: Service Control Manager [7000]  - The Dock Login Service service failed to start due to the following error:  The system cannot find the file specified.

4/2/2014 1:49:26 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/2/2014 1:49:26 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

3/31/2014 1:12:07 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.

.

==== End Of File ===========================

 

Roguekiller

 


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Michael [Admin rights]

Mode : Scan -- Date : 04/06/2014 22:56:11

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 10 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000524AS +++++

--- User ---

[MBR] f789b4d763fdff68bfd89634e0370074

[bSP] c0c3138a0906ad9aac5729078fd33025 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 MB

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 940262 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_04062014_225611.txt >>

 

 

 

 



 

Link to post
Share on other sites

one last thing to note! I'm not sure if it matters but when i ran all the scans and posted them for you the supposed trojan wasn't in quaratine, I actually removed it out because I was trying to find it in my files wasn't sure if being quaratined hid the file or not because the mb scan says it was at the time quaratined.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.