|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
malware savetubevideo.com
hi,
Need help removing these worm, it keeps redirecting my mozilla browers to this url; www.landing.savetubevideo.com/ Cant any body suggest ways of getting rid of this problem Thanks Last edited by Jintan; February 21st, 2011 at 09:50 AM. Reason: neutralized link |
#2
|
||||
|
||||
Hello slimdread
Download Ccleaner: Here Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit Please download Malwarebytes' Anti-Malware: Here to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Click: Here to download HJTinstall.exe Save HJTinstall.exe to your desktop. Double click on the HJTinstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\Hijack This. Click I accept Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ? |
#3
|
|||
|
|||
Quote:
Scan saved at 10:03:23 AM, on 14/02/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Hi, I have run ccleaner like u recommended and malware byte. This is the log file of hijackthis; Running processes: D:\WINDOWS\System32\smss.exe D:\PROGRA~1\AVG\AVG10\avgchsvx.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\vcsFPService.exe D:\WINDOWS\system32\spoolsv.exe d:\program files\idt\wdm\STacSV.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe D:\WINDOWS\System32\accelerometerST.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Program Files\AVG\AVG10\avgtray.exe D:\Program Files\LSI SoftModem\agrsmsvc.exe D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe D:\Program Files\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\AVG\AVG10\avgwdsvc.exe D:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe D:\Program Files\AVG\AVG10\avgnsx.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe D:\Program Files\Quest Software\Toad for Oracle\toad.exe D:\PROGRA~1\AVG\AVG10\avgrsx.exe D:\Program Files\AVG\AVG10\avgcsrvx.exe D:\Program Files\Google\Google Talk\googletalk.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\WINDOWS\system32\notepad.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.150.141.21:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O1 - Hosts: 195.39.188.197 Telco104 O1 - Hosts: 41.187.84.38 epm.its.ws O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngin0.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - D:\Program Files\Softonic-Eng7\tbSof0.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - D:\Program Files\Softonic-Eng7\tbSof0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngin0.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [IMSS] "D:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] D:\WINDOWS\System32\accelerometerST.exe O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] D:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Free YouTube Download - D:\Documents and Settings\Anthony\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1289609005468 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - D:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: BMFMySQL - Unknown owner - D:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - d:\program files\idt\wdm\STacSV.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - D:\WINDOWS\system32\vcsFPService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11693 bytes BR |
#4
|
||||
|
||||
You were also supposed to post malwarebyte log
Please post it, along with DDS log files. Please download DDS: Here If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click. Then save it on the desktop. Save as dds.scr Save as Type : All files to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. |
#5
|
|||
|
|||
Sorry about that, Find below the logs as required. I attached the very first log for the Malware and today's log. I think that would give you a clear
========================= Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5740 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/02/2011 12:27:08 PM mbam-log-2011-02-11 (12-27-08).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Objects scanned: 221279 Time elapsed: 31 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: d:\program files\savetubevideo.com (Adware.SkyLab) -> Quarantined and deleted successfully. d:\program files\savetubevideo.com\savetubevideo (Adware.SkyLab) -> Quarantined and deleted successfully. d:\program files\savetubevideo.com\savetubevideo\FF (Adware.SkyLab) -> Quarantined and deleted successfully. Files Infected: d:\documents and settings\Anthony\my documents\Doc\ITS\FBkup\idm ultraedit v15.20.0.1022 incl. keymaker-zwt\Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. d:\Tools\idm ultraedit v15.20.0.1022 incl. keymaker-zwt\idm ultraedit v15.20.0.1022 incl. keymaker-zwt\Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. d:\program files\savetubevideo.com\savetubevideo\FF\tmp (Adware.SkyLab) -> Quarantined and deleted successfully. =====Malware Log=========== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5740 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 16/02/2011 10:51:50 AM mbam-log-2011-02-16 (10-51-50).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Objects scanned: 218516 Time elapsed: 31 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ========================= =====DDS log:============== DDS (Ver_10-12-12.01) - NTFSx86 Run by Anthony at 10:23:08.43 on 16/02/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1676 [GMT -8:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== D:\PROGRA~1\AVG\AVG10\avgchsvx.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs D:\WINDOWS\system32\vcsFPService.exe svchost.exe svchost.exe D:\WINDOWS\system32\spoolsv.exe d:\program files\idt\wdm\STacSV.exe svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe D:\WINDOWS\System32\accelerometerST.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Program Files\AVG\AVG10\avgtray.exe D:\Program Files\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe D:\Program Files\LSI SoftModem\agrsmsvc.exe D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe D:\Program Files\AVG\AVG10\avgwdsvc.exe D:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe D:\WINDOWS\system32\svchost.exe -k imgsvc D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe D:\Program Files\AVG\AVG10\avgnsx.exe D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe D:\PROGRA~1\AVG\AVG10\avgrsx.exe D:\Program Files\AVG\AVG10\avgcsrvx.exe D:\Program Files\Quest Software\Toad for Oracle\toad.exe D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Google Talk\googletalk.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Program Files\Microsoft Office\Office12\EXCEL.EXE D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe C:\Program Files\ExtraPutty 0.22\Bin\putty.exe C:\Program Files\ExtraPutty 0.22\Bin\putty.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\oracle\product\10.2.0\client_3\BIN\sqlplusw.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Anthony\My Documents\Downloads\dds.pif ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = 10.150.141.21:8080 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - d:\program files\dvdvideosofttb\tbDVDV.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - d:\program files\conduitengine\ConduitEngin0.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg10\avgssie.dll BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - d:\program files\softonic-eng7\tbSof0.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - d:\program files\dvdvideosofttb\tbDVDV.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\googletoolbar1.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\progra~1\yahoo!\companion\installs\cpn\YTSingle Instance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\googletoolbar1.dll TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - d:\program files\softonic-eng7\tbSof0.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - d:\program files\conduitengine\ConduitEngin0.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - d:\program files\dvdvideosofttb\tbDVDV.dll uRun: [Google Update] "d:\documents and settings\anthony\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe mRun: [IMSS] "d:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe" mRun: [IAAnotif] d:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [AccelerometerSysTrayApplet] d:\windows\system32\accelerometerST.exe mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] d:\program files\avg\avg10\avgtray.exe mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blu eto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\vpn cli~1.lnk - d:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico IE: Free YouTube Download - d:\documents and settings\anthony\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: its.ws\epm DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289609005468 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg10\avgpp.dll Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - d:\progra~1\quests~1\toadfo~1\RNetPin.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL Hosts: 10.5.104.20 Meds Hosts: 195.39.188.197 Telco104 Hosts: 10.160.141.34 tabtst Hosts: 10.160.141.35 trntst Hosts: 10.160.147.50 trnt1 Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\anthony\applic~1\mozilla\firefox\profi les\idqx4b36.default\ FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net FF - prefs.js: browser.startup.homepage - hxxp://en-US.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q= FF - prefs.js: network.proxy.http - 10.50.56.6 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 1 FF - plugin: d:\documents and settings\anthony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dl l FF - plugin: d:\program files\mozilla firefox\plugins\NPJinit13122.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - Extension: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984] R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;d:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 BMFMySQL;BMFMySQL;d:\program files\quest software\benchmark factory for databases\repository\mysql\bin\mysqld-max-nt.exe [2005-10-22 4431872] R2 UNS;Intel(R) Management & Security Application User Notification Service;d:\program files\intel\intel(r) management engine components\uns\UNS.EXE [2010-11-12 2320920] R2 vcsFPService;Validity VCS Fingerprint Service;d:\windows\system32\vcsFPService.exe [2009-10-21 1639728] R3 AESTAud;AE Audio Service;d:\windows\system32\drivers\AESTAud.sys [2010-11-12 113664] R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\driv ers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\driv ers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\ AVGIDSShim.sys [2010-8-19 26192] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;d:\windows\system32\drivers\e1k5132.sys [2010-11-12 166568] R3 IFXTPM;IFXTPM;d:\windows\system32\drivers\ifxtpm.s ys [2010-11-12 44800] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [2010-11-12 57320] R3 rismc32;RICOH Smart Card Reader;d:\windows\system32\drivers\rismc32.sys [2010-11-12 49152] R4 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\dr ivers\mbamswissarmy.sys [2011-2-11 38224] S0 is3srv;is3srv;d:\windows\system32\drivers\is3srv.s ys --> d:\windows\system32\drivers\is3srv.sys [?] S0 szkg5;szkg5;d:\windows\system32\drivers\szkg.sys --> d:\windows\system32\drivers\szkg.sys [?] S0 szkgfs;szkgfs;d:\windows\system32\drivers\szkgfs.s ys --> d:\windows\system32\drivers\szkgfs.sys [?] S3 Com4QLBEx;Com4QLBEx;d:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-11-12 228408] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;d:\windows\system32\drivers\PTDMBus.sys [2010-12-29 29952] S3 PTDMMdm;PANTECH USB Modem Drivers ;d:\windows\system32\drivers\PTDMMdm.sys [2010-12-29 41856] S3 PTDMVsp;PANTECH USB Modem Serial Port ;d:\windows\system32\drivers\PTDMVsp.sys [2010-12-29 39936] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;d:\windows\system32\drivers\PTDMWWAN.sys [2010-12-29 59520] S3 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== File Associations =============== .txt=UltraEdit.txt =============== Created Last 30 ================ 2011-02-16 18:22:44 -------- d--h--w- d:\windows\PIF 2011-02-14 17:36:36 -------- d-----w- d:\program files\CCleaner 2011-02-14 17:35:41 -------- d-----w- d:\program files\Trend Micro 2011-02-11 19:35:17 -------- d-----w- d:\docume~1\anthony\applic~1\Malwarebytes 2011-02-11 19:35:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2011-02-11 19:35:14 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-11 19:35:11 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2011-02-11 19:35:11 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2011-02-11 19:19:14 -------- d-----w- d:\program files\Trojan Remover 2011-02-11 17:37:45 -------- d-----w- d:\docume~1\alluse~1\applic~1\STOPzilla! 2011-02-10 18:56:31 -------- d-----w- d:\docume~1\anthony\applic~1\DVDVideoSoft 2011-02-10 03:42:34 -------- d-----w- d:\docume~1\anthony\locals~1\applic~1\DVDVideoSoft TB 2011-02-10 03:42:33 -------- d-----w- d:\program files\DVDVideoSoftTB 2011-02-10 03:42:20 -------- d-----w- d:\docume~1\anthony\applic~1\DVDVideoSoftIEHelpers 2011-02-10 03:42:08 -------- d-----w- d:\program files\common files\DVDVideoSoft 2011-02-10 03:42:07 -------- d-----w- d:\program files\DVDVideoSoft 2011-01-28 20:06:13 -------- d-sh--w- d:\documents and settings\anthony\IECompatCache 2011-01-28 06:09:08 -------- d-----w- d:\program files\YouTube Downloader 2011-01-28 05:41:07 -------- d-----w- d:\program files\K-Lite Codec Pack ==================== Find3M ==================== 2010-11-22 17:41:35 0 ----a-w- d:\windows\system32\ConduitEngine.tmp ============= FINISH: 10:29:06.62 =============== |
#6
|
||||
|
||||
Quote:
When you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
malware? | unforgiven1977 | Malware Removal | 17 | July 4th, 2015 10:17 AM |
Can Malwarebytes Anti Malware actually get rid of malware such as Windows System? | dwilliams1578 | Malware Removal | 2 | June 4th, 2011 09:39 AM |
AVG keeps blocking "UK9.exe" malware, Firefox keeps redirecting to malware. | Vulpix | Malware Removal | 5 | March 2nd, 2010 03:00 AM |
Malware? | Bremang | Malware Removal | 1 | October 16th, 2008 08:12 PM |
291 Malware even though.... | just lost | Malware Removal | 2 | May 29th, 2005 01:32 AM |
All times are GMT +1. The time now is 05:52 PM.