Posted by: wudz3
« on: 04. October 2009., 09:26:27 »nice, ive been looking for this solutions.. thanks
Posted by: wudz3« on: 04. October 2009., 09:26:27 »nice, ive been looking for this solutions.. thanks
Posted by: Samker« on: 30. August 2009., 08:02:30 »Hi again Lisa,
it's safe to remove all this with Malwarebyte's... But I'll do that on this way: 1. Turn of System Restore Quote Steps to turn off System Restore 2. Download & Run Microsoft Removal Tool: http://scforum.info/index.php/topic,4510.0.html 3. Run again Malwarebyte and remove/delete everything what he find... 4. Finally provide us New logs from HJT and (this time try to use) BitDefender OnLine Scan: http://scforum.info/index.php/topic,734.0.html cya later, S. Posted by: Aikosassie2« on: 29. August 2009., 23:54:04 »Ok here is the log file on the Malwarebytes. What should I do to remove all this stuff? I don't want to release something more into my computer..lol.
Malwarebytes' Anti-Malware 1.40 Database version: 2713 Windows 6.0.6001 Service Pack 1 8/29/2009 5:51:57 PM Logfile 082909 Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 245706 Time elapsed: 1 hour(s), 24 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\ProgramData\gra\WStech.dll (Rogue.AntiVirus1) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\qwprotect.qwprotectbho (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{512e801e-2f02-4ade-acaa-58f08a22b2f8} (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1 (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> No action taken. HKEY_CLASSES_ROOT\AppID\QWProtect.dll (Rogue.AntiVirus1) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\gra\WStech.dll (Rogue.AntiVirus1) -> No action taken. Posted by: Aikosassie2« on: 29. August 2009., 23:46:33 »I have Kapersky on my computer, but it will not let me load that scan from the link you gave me. I did do the Panda scan and the Malwarebytes scan though and it's almost finished. Ten files affected so far.
Lisa Posted by: Samker« on: 29. August 2009., 22:25:35 »Hi A.,
Don't worry we will help you to fix this, now provide us also: 1. All possible details related to yours problems / infection. 2. Run Kaspersky Online AntiVirus Scan and provide us log: http://scforum.info/index.php/topic,734.0.html We will wait your reply (with logs) and provide you next cleaning instructions. Regards, S. Posted by: Aikosassie2« on: 29. August 2009., 20:59:14 »Help, I have the same virus, and here is my hijack log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:31:04 PM, on 8/29/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\windows\SMINST\Components\scheduler\STService.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell\DellComms\bin\sprtcmd.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\gra\gra.exe C:\Windows\sminst\DataSafe.exe C:\Windows\sminst\Components\FileBackup\BackupPlg.exe C:\Windows\sminst\Components\PSTImageExt\STImageExtPlg.exe C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Dell\DellComms\gs_agent\bcont.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 208.43.47.212 a1.review.zdnet.com O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com O1 - Hosts: 208.43.47.212 reviews.download.com O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk O1 - Hosts: 208.43.47.212 reviews.pcmag.com O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk O1 - Hosts: 208.43.47.212 reviews.techradar.com O1 - Hosts: 208.43.47.212 toptenreviews.com O1 - Hosts: 208.43.47.212 www.reevoo.com O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: QWProtectBHO - {70FEAD04-A7FD-4B89-B814-8A8251C90EF7} - C:\ProgramData\gra\WStech.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [DellComms] "C:\Program Files\Dell\DellComms\bin\sprtcmd.exe" /P DellComms O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [29837465982736455] C:\ProgramData\gra\mradll.exe O4 - HKLM\..\Run: [09803874569874596] C:\ProgramData\gra\gra.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [67569387646557683] C:\ProgramData\gra\wsn.bat O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7E54134B-3A5A-42EF-8485-3A86425857BF}: NameServer = 69.78.96.14 66.174.92.14 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files\Dell\DellComms\bin\sprtsvc.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 12342 bytes |