i have some kind of a backdoor dont know what it is though

View previous topic View next topic Go down

i have some kind of a backdoor dont know what it is though

Post by sdd122 on Fri Jan 21, 2011 4:02 pm

i have a back door that has a ftp server named [You must be registered and logged in to see this link.] could you give me the registry keys and files i need to delete to remove it? Thank You!

sdd122
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-01-21
OS OS : Windows 7
Points Points : 21508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by Kenny94 on Fri Jan 21, 2011 7:02 pm

Hi sdd122 and Welcome to GeekPolice!

Lets take a look at your PC before we start to remove anything... Smile


Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by sdd122 on Fri Jan 21, 2011 7:52 pm


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by steve at 14:27:00.89 on Fri 01/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6143.4092 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\DAP\DAP.EXE
C:\Users\steve\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - No File
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5

sdd122
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-01-21
OS OS : Windows 7
Points Points : 21508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by sdd122 on Fri Jan 21, 2011 7:52 pm


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/6/2010 8:29:57 PM
System Uptime: 1/21/2011 12:27:07 PM (2 hours ago)

Motherboard: Dell Inc. | | 0FF3FN
Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 780/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 921 GiB total, 496.994 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AQ9YPXRQ IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AQ9YPXRQ IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: a2u2h8l3

==== System Restore Points ===================

RP351: 1/19/2011 6:33:55 PM - TrueCrypt installation
RP352: 1/20/2011 12:45:43 PM - Installed Driver Detective.
RP353: 1/20/2011 12:56:19 PM - Installed Driver Whiz.
RP360: 1/20/2011 9:13:52 PM - Restore Operation
RP361: 1/20/2011 9:31:50 PM - Windows Update
RP362: 1/21/2011 7:57:11 AM - Restore Operation
RP363: 1/21/2011 8:11:31 AM - Windows Update

==== Installed Programs ======================

..::LvL - Quake 3 Widget
µTorrent
1st JavaScript Editor Pro 5.1
3DMark Vantage
A Fly!
A.V.A
AaAaAA!!! - A Reckless Disregard for Gravity
ABBYY FineReader 6.0 Sprint
Acoustica Effects Pack
Acoustica Mixcraft 5
Addictive Angling
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Photoshop CS4
Adobe Reader 9.4.1
Adobe Setup
Adobe Shockwave Player 11.5
Age of Chivalry
Akamai NetSession Interface
Algodoo Phun edition v5.28
Alien Swarm
Allods Online 1.1.02.58
Alpha Prime
AMD Demo - Mecha
AMD Fusion Media Explorer
AMD Fusion Utility for Desktops
America's Army 3
AnalogX AutoTune
aniMate 2 DS3
Anime Studio Debut 6.1
Antares Auto-Tune Evo TDM
Antares Auto-Tune Evo VST
Antares Autotune VST v5.09
Apple Application Support
Apple Software Update
AREA-51 (remove only)
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Ask Toolbar
ATI Catalyst Control Center
Audacity 1.3.12 (Unicode)
AVS Screen Capture version 1.1.2
AVS Update Manager 1.0
AVS Video Converter 7
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Battlefield 2(TM)
Battlefield Heroes
Battlefield: Bad Company 2
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 3
Bing Bar
Bing Bar Platform
BitTorrent
Borderlands
BSR Screen Recorder 5
Build Your Own Net Dream (remove only)
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM) Demo
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 5.6.1
Combat Arms
Cool Spot Deskmate
Counter-Strike: Source
Counter-Strike: Source Beta
Coupon Printer for Windows
Cozi
Cross Fire En
Crysis(R) SP Demo
D-Fend Reloaded 1.0.3 (deinstall)
D3DX10
Dark Messiah
Day of Defeat: Source
DAZ Studio 3
DebugMode Wax 2.0
Deer Hunter Tournament
Defcon v1.6
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Toolbar
DesktopEyes
Deus Ex
DirectXInstallService
DivX Setup
DNA
Don't push the red button!
Download Accelerator Plus (DAP)
Download Manager 2.3.10
Drift City
Dual-Core Optimizer
EA Download Manager
EMC 10 Content
Enemy Territory - QUAKE Wars(TM) Demo
Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
Enemy Territory - QUAKE Wars(TM) Demo 2
Express Burn Disc Burning Software
Express Rip
Fallout 3
Fallout 3 - Game of the Year Edition
Fallout New Vegas
Far Cry
Far Cry 2
Façade
FEAR
FEARCombat
Fiddler2
FileZilla Client 3.3.5.1
FlightGear v2.0.0
Fort Zombie
Fraps (remove only)
Futuremark SystemInfo
Game Booster
Game Cam 2.54.0.47
Game Maker 8.0
GameSpy Arcade
Garry's Mod
Garry's Mod Addon Manager 2
GenesisAD
Get Bin Laden!
GIMP 2.6.11
Glest 3.2.2
Google Chrome
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
GTA San Andreas
GTA2
Half-Life
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Halo CE Cracked Setup
Halo Server
Hamachi 1.0.2.1
Hidden and Dangerous Deluxe
Hitman 2 Silent Assassin
Homey
Hunting Unlimited 2009
HyperCam 2
HyperCam Toolbar
IL-2 Sturmovik 1946
Inkscape 0.45
Insurgency
Intel AppUp(SM) center
Internet TV for Windows Media Center
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Just Cause 2 Demo
KingAgnostic's Minecraft 1.1.2_01
Landwirtschafts Simulator 2011
Lead and Gold - Gangs of the Wild West
League of Legends
Left 4 Dead v1.0.0.5
Malwarebytes' Anti-Malware
ManyCam 2.6.25 (remove only)
Map001
McAfee SecurityCenter
Medal of Honor Airborne
Mercenaries 2: World in Flames(tm)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo Custom Edition
Microsoft Halo Trial
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WorldWide Telescope
Microsoft XNA Framework Redistributable 3.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mirror's Edge™
MixPad Audio Mixer
Moonbase Alpha
MorphVOX Junior
MorphVOX Pro
Morrowind
Mount&Blade
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MTX
Multimedia Card Reader
Neffy 1,3,29,0
Notepad++
NVIDIA PhysX
Oblivion
Octodad
OF Dragon Rising
OpenAL
Opera 10.63
Operation Flashpoint uninstall
OPERATION7
PacSteamT
Pando Media Booster
PDF Settings CS5
Penumbra Episode 1
Picasa 3
Pirates, Vikings, & Knights II
Pivot Stickfigure Animator
Plants Vs. Zombies
Plants vs. Zombies Demo
PlayLinc
PowerISO
Prism Video File Converter
Project64 1.6
PunkBuster Services
Purge
Python 2.7
Quake Live Mozilla Plugin
QualxServ Service Agreement
Quick Memory Editor 5.5
QuickTime
RAIDXpert
REACTOR
Really Slick Screensavers 0.2
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Rise And Fall (remove only)
Rise of Nations Thrones and Patriots Trial Version
ROM CHECK FAIL 1.0
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Runes of Magic
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
S.T.A.L.K.E.R. - Clear Sky
S.T.A.L.K.E.R. - Shadow of Chernobyl
Savage 2 - A Tortured Soul
Savage 2.00e
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
ServerChecker
ShaunWhiteSnowboarding
ShopAtHome.com Toolbar
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Silkroad
SimAquarium
Skins
Skype Toolbars
Skype™ 4.2
Smart Mod Manager
Smokin' Guns 1.0
Sniper: Ghost Warrior
Soldier Front
Sonic CinePlayer Decoder Pack
Sony Vegas Pro 8.0
Souptoys
Source SDK
SPORE™
Steam
Stranded II 1.0.0.1
SugarSync Manager
Switch Sound File Converter
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 6
TES Construction Set
The Lord of the Rings Online™ v03.02.05.8032
The Sims™ 2 Double Deluxe
The Suffering (remove only)
theHunter-Launcher (remove only)
theHunter (remove only)
THX TruStudio PC
Tunngle beta
Unity Web Player
Unlocker 1.9.0
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Urban Terror 4.1
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Vital Desktop 1.4.1
Warrior Epic
WavePad Sound Editor
WBFS Manager 3.0
WeGame Client Beta 2.1.9
WindowBlinds
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Windows Movie Maker 2.6
WinRAR archiver
Wolfenstein - Enemy Territory
Wolfenstein 3D
WolfQuest
World of Tanks Closed Beta v.0.6.1.5
World of Warcraft
X-Fusions Wallpaper v1.0
Xfire (remove only)
Yahoo! Toolbar
Zelda Forever
Zip Motion Block Video codec (Remove Only)
ZMatrix 1.5.2
Zombie Panic Source
Zombpocalypse 0.9.2
Zoo Tycoon 2 - Marine Mania

==== Event Viewer Messages From Past Week ========

1/21/2011 8:16:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
1/21/2011 8:07:07 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
1/21/2011 12:27:58 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
1/21/2011 12:27:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 prohlp02 prosync1 RxFilter sfhlp01
1/21/2011 12:27:48 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/21/2011 12:27:41 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
1/21/2011 12:27:20 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/21/2011 10:44:50 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
1/20/2011 8:43:27 PM, Error: Service Control Manager [7034] - The AMD Fusion Utility Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 3:36:04 PM, Error: Service Control Manager [7034] - The dlea_device service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 9:23:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.
1/17/2011 9:23:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/17/2011 2:55:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

==== End Of File ===========================

sdd122
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-01-21
OS OS : Windows 7
Points Points : 21508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by Kenny94 on Fri Jan 21, 2011 9:11 pm


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


Run CKScanner


  • Please download CKScanner by from [You must be registered and logged in to see this link.]
  • Important: - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by sdd122 on Sun Jan 23, 2011 8:06 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\counter-strike source\cstrike\cache\cs_crackmansion.bsp0000
c:\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\counter-strike source\cstrike\maps\soundcache\cs_crackmansion.cache
c:\games\toribash-3.9\replay\head and nut cracker.rpl
c:\program files\bohemia interactive\arma 2\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo
c:\program files\bohemia interactive\arma 2\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo.acex_sm.bisign
c:\program files\bohemia interactive\arma 2\@acex_sm\addons\acex_sm_s_wep_crack.pbo
c:\program files\bohemia interactive\arma 2\@acex_sm\addons\acex_sm_s_wep_crack.pbo.acex_sm.bisign
c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\shadow_wall_2_cracked.dds
c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked.nif
c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked_diff.dds
c:\program files (x86)\crackattack\bin\cafrontendstate
c:\program files (x86)\crackattack\localdata\garbage_flavor_000.tga
c:\program files (x86)\crackattack\localdata\garbage_flavor_001.tga
c:\program files (x86)\crackattack\localdata\garbage_flavor_002.tga
c:\program files (x86)\crackattack\localdata\garbage_flavor_003.tga
c:\program files (x86)\crackattack\localdata\garbage_flavor_004.tga
c:\program files (x86)\crackattack\localdata\garbage_flavor_005.tga
c:\program files (x86)\crackattack\localdata\score_record
c:\program files (x86)\data realms\cortex command\base.rte\scenes\scripts\coalition crackdown.lua
c:\program files (x86)\debugmode\wax 2.0\presets\vl presets\vl misc\cracked.wxpr
c:\program files (x86)\gamersfirst\war rock\maps\vitious\objectlightmap\v_crack_1661_4943.dds
c:\program files (x86)\gamersfirst\war rock\maps\vitious\objectlightmap\v_crack_2516_4941.dds
c:\program files (x86)\gamersfirst\war rock\staticmesh\standardmesh\v_crack.smf
c:\program files (x86)\gamersfirst\war rock\texture\fm003\decal_crack01_fm003.dds
c:\program files (x86)\gamersfirst\war rock\texture\fm003\decal_crack02_fm003.dds
c:\program files (x86)\gamersfirst\war rock\texture\fm003\decal_crack03_fm003.dds
c:\program files (x86)\gamersfirst\war rock\texture\fmx01\d_crackwall01.dds
c:\program files (x86)\gamersfirst\war rock\texture\santo\decal_crack01_fm003.dds
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.pyo
c:\program files (x86)\mount&blade\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\crackhouse_greatrivers_xdre4m.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\crackhouse_greatriverz_xdre4m.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse!v3.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse!v3.nav
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhousenightbeta4.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhousenightbeta4.nav
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse_abduction!.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_crackhouse_abduction!.nav
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_not_brads_crackhouse.bsp
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\cs_not_brads_crackhouse.nav
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\crackhouse_greatrivers_xdre4m.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\crackhouse_greatriverz_xdre4m.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_crackhouse!v3.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_crackhousenightbeta4.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_crackhouse_abduction!.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_crackmansion.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\maps\soundcache\cs_not_brads_crackhouse.cache
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\sdd122\counter-strike source\cstrike\materials\sprites\trails\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack1.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack1.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack2.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack2.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack3.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack3.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack4.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack4.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack5.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack5.vtf
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack6.vmt
c:\program files (x86)\steam\steamapps\sdd122\garrysmod\garrysmod\materials\killas\hud\wallcrack6.vtf
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\cache\cs_crackmansion.bsp0000
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\maps\cs_crackhouse.nav
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\maps\soundcache\cs_crackmansion.cache
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\sdd122\oldcounter-strike source\cstrike\materials\sprites\trails\crackedbeam.vtf
c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\gamedata\textures\detail\detail_grnd_cracked.dds
c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\gamedata\textures\detail\detail_grnd_cracked_bump#.dds
c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\gamedata\textures\detail\detail_grnd_cracked_bump.dds
c:\users\steve\desktop\dominics stuff\nesren\europe\crackout (e).nes
c:\users\steve\desktop\dominics stuff\stonesense_slate_2.2\mount&blade\sounds\fire_small_crackle_slick_op.ogg
c:\users\steve\desktop\dominics stuff\world 2\mount_and_blade_1_003___crack.torrent
c:\users\steve\desktop\mugen100rc7\mugen\chars\mugen all characters battle zero\chars\niggah\cracka.act
scanner sequence 3.ZZ.11
----- EOF -----

sdd122
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-01-21
OS OS : Windows 7
Points Points : 21508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i have some kind of a backdoor dont know what it is though

Post by Kenny94 on Mon Jan 24, 2011 1:16 pm

All those torrents is causing more harm than good.



  1. Download ComboFix from below:


    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------



Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum