Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can`t stop http://btsearch.name From being my homepage !


  • Please log in to reply
14 replies to this topic

#1 sonic97

sonic97

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 December 2012 - 07:55 AM

Peace to all :)
Hi there
First Of all i wanna thank all the members of this site who is helping

recently i`v downloaded A music downloader (as it supposed to be) form the following site "http://play-music-ultimate(DOT)com"
After installing i realized that the program was something that download youtube videos (i dont think its youtube downloader)
however it have installed a toolbar to my firefox and Here the problem starts ! my homepage i set as http://btsearch.name (some times i see it as avg.name in the address bar)
i have uninstalled that music downloader and disabled the toolbar but the problem still exist
i have changed my home page normally Firefox > Options > General tab
its ok the home page is changed but when i close firefox and open it again http://btsearch.name still set as homepage
i have opened both chrome and IE to find that both of them have the same problem .
the http://btsearch.name page opens also when i open a new tab !
I have tried lots of methods but nothing is working
Here what i have tried >>>
1-Kaspersky internet security 2012 Full scan (Nothing found)
2-Norton scanner Full scan (Just some cookies and i have cleaned them)
3-Super anti spyware Full scan in safe mode (Found some threats clean them all)
4-Malware bytes Full scan in safe mode (Found some threats & cleaned them all)
5-Adw cleaner By Xplode Scaned (deleted some threats)
6-Full uninstall for Firefox and install it again
:thumbsup: After doing all of this Problem dose not exist On Internet Explorer ! :thumbup2:
But i still need some Help On Firefox Because its my favorite One
And yes i can stop using Chrome :P

The problem still exists :crazy: !

Please help me i Hate http://btsearch.name :wacko:

Edited by sonic97, 28 December 2012 - 08:14 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 30 December 2012 - 12:14 PM

Hi

<ignore my previous post here>

Edited by dev00790, 30 December 2012 - 12:15 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 30 December 2012 - 12:15 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply.

:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 03 January 2013 - 04:40 PM

Ignore this please

Edited by sonic97, 03 January 2013 - 04:42 PM.


#5 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 03 January 2013 - 04:41 PM

Tsddkiller
22:43:33.0796 5520  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:43:33.0812 5520  ============================================================
22:43:33.0812 5520  Current date / time: 2013/01/01 22:43:33.0812
22:43:33.0812 5520  SystemInfo:
22:43:33.0812 5520  
22:43:33.0812 5520  OS Version: 6.1.7601 ServicePack: 1.0
22:43:33.0812 5520  Product type: Workstation
22:43:33.0812 5520  ComputerName: USER-HP
22:43:33.0812 5520  UserName: user
22:43:33.0812 5520  Windows directory: C:\Windows
22:43:33.0812 5520  System windows directory: C:\Windows
22:43:33.0812 5520  Running under WOW64
22:43:33.0812 5520  Processor architecture: Intel x64
22:43:33.0812 5520  Number of processors: 4
22:43:33.0812 5520  Page size: 0x1000
22:43:33.0812 5520  Boot type: Normal boot
22:43:33.0812 5520  ============================================================
22:43:34.0202 5520  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:43:34.0217 5520  ============================================================
22:43:34.0217 5520  \Device\Harddisk0\DR0:
22:43:34.0217 5520  MBR partitions:
22:43:34.0217 5520  Initialize success
22:43:34.0217 5520  ============================================================
22:43:38.0070 6328  ============================================================
22:43:38.0070 6328  Scan started
22:43:38.0070 6328  Mode: Manual; SigCheck; TDLFS; 
22:43:38.0070 6328  ============================================================
22:43:38.0164 6328  ================ Scan system memory ========================
22:43:38.0164 6328  System memory - ok
22:43:38.0164 6328  ================ Scan services =============================
22:43:38.0180 6328  !SASCORE - ok
22:43:38.0226 6328  1394ohci - ok
22:43:38.0226 6328  Accelerometer - ok
22:43:38.0226 6328  ACPI - ok
22:43:38.0242 6328  AcpiPmi - ok
22:43:38.0242 6328  AdobeActiveFileMonitor9.0 - ok
22:43:38.0258 6328  adp94xx - ok
22:43:38.0258 6328  adpahci - ok
22:43:38.0258 6328  adpu320 - ok
22:43:38.0273 6328  AeLookupSvc - ok
22:43:38.0273 6328  AESTFilters - ok
22:43:38.0273 6328  AFD - ok
22:43:38.0273 6328  agp440 - ok
22:43:38.0273 6328  ALG - ok
22:43:38.0289 6328  aliide - ok
22:43:38.0289 6328  AMD External Events Utility - ok
22:43:38.0289 6328  amdide - ok
22:43:38.0304 6328  AmdK8 - ok
22:43:38.0336 6328  amdkmdag - ok
22:43:38.0336 6328  amdkmdap - ok
22:43:38.0336 6328  AmdPPM - ok
22:43:38.0351 6328  amdsata - ok
22:43:38.0351 6328  amdsbs - ok
22:43:38.0351 6328  amdxata - ok
22:43:38.0351 6328  AMPPAL - ok
22:43:38.0367 6328  AMPPALP - ok
22:43:38.0367 6328  AMPPALR3 - ok
22:43:38.0398 6328  appdrv01 - ok
22:43:38.0414 6328  appdrvrem01 - ok
22:43:38.0414 6328  AppID - ok
22:43:38.0414 6328  AppIDSvc - ok
22:43:38.0429 6328  Appinfo - ok
22:43:38.0445 6328  Apple Mobile Device - ok
22:43:38.0445 6328  arc - ok
22:43:38.0445 6328  arcsas - ok
22:43:38.0476 6328  aspnet_state - ok
22:43:38.0476 6328  AsyncMac - ok
22:43:38.0492 6328  atapi - ok
22:43:38.0492 6328  AudioEndpointBuilder - ok
22:43:38.0492 6328  AudioSrv - ok
22:43:38.0507 6328  AVP - ok
22:43:38.0507 6328  AxInstSV - ok
22:43:38.0507 6328  b06bdrv - ok
22:43:38.0523 6328  b57nd60a - ok
22:43:38.0523 6328  bcm - ok
22:43:38.0538 6328  BCM43XX - ok
22:43:38.0538 6328  bcmbusctr - ok
22:43:38.0538 6328  BDESVC - ok
22:43:38.0538 6328  Beep - ok
22:43:38.0554 6328  BFE - ok
22:43:38.0554 6328  BITS - ok
22:43:38.0554 6328  blbdrive - ok
22:43:38.0570 6328  Bluetooth Device Monitor - ok
22:43:38.0570 6328  Bluetooth Media Service - ok
22:43:38.0570 6328  Bluetooth OBEX Service - ok
22:43:38.0570 6328  bowser - ok
22:43:38.0585 6328  BrFiltLo - ok
22:43:38.0585 6328  BrFiltUp - ok
22:43:38.0585 6328  Browser - ok
22:43:38.0585 6328  Brserid - ok
22:43:38.0601 6328  BrSerWdm - ok
22:43:38.0601 6328  BrUsbMdm - ok
22:43:38.0601 6328  BrUsbSer - ok
22:43:38.0601 6328  BthEnum - ok
22:43:38.0616 6328  BTHMODEM - ok
22:43:38.0616 6328  BthPan - ok
22:43:38.0616 6328  BTHPORT - ok
22:43:38.0616 6328  bthserv - ok
22:43:38.0632 6328  BTHSSecurityMgr - ok
22:43:38.0632 6328  BTHUSB - ok
22:43:38.0632 6328  btmaudio - ok
22:43:38.0632 6328  btmaux - ok
22:43:38.0632 6328  btmhsf - ok
22:43:38.0648 6328  cdfs - ok
22:43:38.0648 6328  cdrom - ok
22:43:38.0648 6328  CertPropSvc - ok
22:43:38.0648 6328  circlass - ok
22:43:38.0663 6328  CLFS - ok
22:43:38.0663 6328  clr_optimization_v2.0.50727_32 - ok
22:43:38.0663 6328  clr_optimization_v2.0.50727_64 - ok
22:43:38.0663 6328  clr_optimization_v4.0.30319_32 - ok
22:43:38.0679 6328  clr_optimization_v4.0.30319_64 - ok
22:43:38.0679 6328  clwvd - ok
22:43:38.0679 6328  CmBatt - ok
22:43:38.0679 6328  cmdide - ok
22:43:38.0694 6328  CNG - ok
22:43:38.0694 6328  cnnctfy2 - ok
22:43:38.0694 6328  Compbatt - ok
22:43:38.0694 6328  CompositeBus - ok
22:43:38.0710 6328  COMSysApp - ok
22:43:38.0726 6328  Connectify - ok
22:43:38.0726 6328  crcdisk - ok
22:43:38.0726 6328  CryptSvc - ok
22:43:38.0741 6328  cvhsvc - ok
22:43:38.0741 6328  DcomLaunch - ok
22:43:38.0741 6328  defragsvc - ok
22:43:38.0741 6328  DfsC - ok
22:43:38.0757 6328  dg_ssudbus - ok
22:43:38.0757 6328  Dhcp - ok
22:43:38.0757 6328  discache - ok
22:43:38.0757 6328  Disk - ok
22:43:38.0772 6328  Dnscache - ok
22:43:38.0772 6328  dot3svc - ok
22:43:38.0772 6328  DPS - ok
22:43:38.0772 6328  drmkaud - ok
22:43:38.0788 6328  dtsoftbus01 - ok
22:43:38.0788 6328  DXGKrnl - ok
22:43:38.0804 6328  EapHost - ok
22:43:38.0804 6328  ebdrv - ok
22:43:38.0804 6328  EFS - ok
22:43:38.0804 6328  ehRecvr - ok
22:43:38.0819 6328  ehSched - ok
22:43:38.0819 6328  elxstor - ok
22:43:38.0819 6328  ErrDev - ok
22:43:38.0835 6328  esgiguard - ok
22:43:38.0850 6328  EventSystem - ok
22:43:38.0850 6328  EvtEng - ok
22:43:38.0850 6328  exfat - ok
22:43:38.0866 6328  fastfat - ok
22:43:38.0866 6328  Fax - ok
22:43:38.0866 6328  fdc - ok
22:43:38.0866 6328  fdPHost - ok
22:43:38.0882 6328  FDResPub - ok
22:43:38.0882 6328  FileInfo - ok
22:43:38.0882 6328  Filetrace - ok
22:43:38.0882 6328  flpydisk - ok
22:43:38.0897 6328  FltMgr - ok
22:43:38.0897 6328  FontCache - ok
22:43:38.0897 6328  FontCache3.0.0.0 - ok
22:43:38.0897 6328  FsDepends - ok
22:43:38.0913 6328  Fs_Rec - ok
22:43:38.0913 6328  fvevol - ok
22:43:38.0913 6328  gagp30kx - ok
22:43:38.0913 6328  GEARAspiWDM - ok
22:43:38.0928 6328  gpsvc - ok
22:43:38.0928 6328  hcw85cir - ok
22:43:38.0928 6328  HdAudAddService - ok
22:43:38.0944 6328  HDAudBus - ok
22:43:38.0944 6328  HidBatt - ok
22:43:38.0944 6328  HidBth - ok
22:43:38.0944 6328  HidIr - ok
22:43:38.0960 6328  hidserv - ok
22:43:38.0960 6328  HidUsb - ok
22:43:38.0960 6328  hkmsvc - ok
22:43:38.0960 6328  HomeGroupListener - ok
22:43:38.0975 6328  HomeGroupProvider - ok
22:43:38.0975 6328  HP Support Assistant Service - ok
22:43:38.0975 6328  hpdskflt - ok
22:43:38.0991 6328  hpqwmiex - ok
22:43:38.0991 6328  HpSAMD - ok
22:43:38.0991 6328  hpsrv - ok
22:43:39.0006 6328  HPWMISVC - ok
22:43:39.0006 6328  HTTP - ok
22:43:39.0022 6328  hwpolicy - ok
22:43:39.0038 6328  i8042prt - ok
22:43:39.0038 6328  iaStor - ok
22:43:39.0038 6328  IAStorDataMgrSvc - ok
22:43:39.0053 6328  iaStorV - ok
22:43:39.0053 6328  iBtFltCoex - ok
22:43:39.0053 6328  IDMWFP - ok
22:43:39.0069 6328  idsvc - ok
22:43:39.0069 6328  iirsp - ok
22:43:39.0069 6328  IKEEXT - ok
22:43:39.0084 6328  intaud_WaveExtensible - ok
22:43:39.0084 6328  IntcDAud - ok
22:43:39.0084 6328  intelide - ok
22:43:39.0100 6328  intelkmd - ok
22:43:39.0100 6328  intelppm - ok
22:43:39.0100 6328  IPBusEnum - ok
22:43:39.0100 6328  IpFilterDriver - ok
22:43:39.0116 6328  iphlpsvc - ok
22:43:39.0116 6328  IPMIDRV - ok
22:43:39.0116 6328  IPNAT - ok
22:43:39.0131 6328  iPod Service - ok
22:43:39.0131 6328  IRENUM - ok
22:43:39.0131 6328  isapnp - ok
22:43:39.0131 6328  iScsiPrt - ok
22:43:39.0147 6328  ISODrive - ok
22:43:39.0147 6328  iwdbus - ok
22:43:39.0147 6328  kbdclass - ok
22:43:39.0162 6328  kbdhid - ok
22:43:39.0162 6328  KeyIso - ok
22:43:39.0178 6328  KL1 - ok
22:43:39.0178 6328  kl2 - ok
22:43:39.0194 6328  KLIF - ok
22:43:39.0209 6328  KLIM6 - ok
22:43:39.0209 6328  klmouflt - ok
22:43:39.0225 6328  KMService - ok
22:43:39.0240 6328  KSecDD - ok
22:43:39.0240 6328  KSecPkg - ok
22:43:39.0240 6328  ksthunk - ok
22:43:39.0256 6328  KtmRm - ok
22:43:39.0256 6328  L1C - ok
22:43:39.0272 6328  LanmanServer - ok
22:43:39.0272 6328  LanmanWorkstation - ok
22:43:39.0287 6328  lltdio - ok
22:43:39.0287 6328  lltdsvc - ok
22:43:39.0303 6328  lmhosts - ok
22:43:39.0303 6328  LMS - ok
22:43:39.0318 6328  LSI_FC - ok
22:43:39.0318 6328  LSI_SAS - ok
22:43:39.0318 6328  LSI_SAS2 - ok
22:43:39.0334 6328  LSI_SCSI - ok
22:43:39.0334 6328  luafv - ok
22:43:39.0350 6328  Mcx2Svc - ok
22:43:39.0350 6328  megasas - ok
22:43:39.0365 6328  MegaSR - ok
22:43:39.0365 6328  MEIx64 - ok
22:43:39.0365 6328  Microsoft SharePoint Workspace Audit Service - ok
22:43:39.0381 6328  MMCSS - ok
22:43:39.0381 6328  Modem - ok
22:43:39.0396 6328  monitor - ok
22:43:39.0396 6328  mouclass - ok
22:43:39.0412 6328  mouhid - ok
22:43:39.0412 6328  mountmgr - ok
22:43:39.0412 6328  MozillaMaintenance - ok
22:43:39.0428 6328  mpio - ok
22:43:39.0428 6328  mpsdrv - ok
22:43:39.0443 6328  MpsSvc - ok
22:43:39.0443 6328  MRxDAV - ok
22:43:39.0459 6328  mrxsmb - ok
22:43:39.0459 6328  mrxsmb10 - ok
22:43:39.0459 6328  mrxsmb20 - ok
22:43:39.0474 6328  msahci - ok
22:43:39.0474 6328  msdsm - ok
22:43:39.0490 6328  MSDTC - ok
22:43:39.0490 6328  Msfs - ok
22:43:39.0506 6328  mshidkmdf - ok
22:43:39.0506 6328  msisadrv - ok
22:43:39.0521 6328  MSiSCSI - ok
22:43:39.0521 6328  msiserver - ok
22:43:39.0537 6328  MSKSSRV - ok
22:43:39.0537 6328  MSPCLOCK - ok
22:43:39.0552 6328  MSPQM - ok
22:43:39.0552 6328  MsRPC - ok
22:43:39.0568 6328  mssmbios - ok
22:43:39.0568 6328  MSTEE - ok
22:43:39.0584 6328  MTConfig - ok
22:43:39.0584 6328  Mup - ok
22:43:39.0584 6328  MyWiFiDHCPDNS - ok
22:43:39.0599 6328  napagent - ok
22:43:39.0599 6328  NativeWifiP - ok
22:43:39.0615 6328  NAUpdate - ok
22:43:39.0677 6328  NBVol - ok
22:43:39.0693 6328  NBVolUp - ok
22:43:39.0708 6328  NDIS - ok
22:43:39.0724 6328  NdisCap - ok
22:43:39.0724 6328  NdisTapi - ok
22:43:39.0740 6328  Ndisuio - ok
22:43:39.0740 6328  NdisWan - ok
22:43:39.0755 6328  NDProxy - ok
22:43:39.0771 6328  NetBIOS - ok
22:43:39.0771 6328  NetBT - ok
22:43:39.0786 6328  Netlogon - ok
22:43:39.0786 6328  Netman - ok
22:43:39.0802 6328  NetMsmqActivator - ok
22:43:39.0818 6328  NetPipeActivator - ok
22:43:39.0833 6328  netprofm - ok
22:43:39.0833 6328  NetTcpActivator - ok
22:43:39.0849 6328  NetTcpPortSharing - ok
22:43:39.0864 6328  NETwNs64 - ok
22:43:39.0864 6328  nfrd960 - ok
22:43:39.0880 6328  NlaSvc - ok
22:43:39.0896 6328  nmwcd - ok
22:43:39.0896 6328  nmwcdc - ok
22:43:39.0911 6328  Npfs - ok
22:43:39.0911 6328  nsi - ok
22:43:39.0927 6328  nsiproxy - ok
22:43:39.0942 6328  Ntfs - ok
22:43:39.0958 6328  Null - ok
22:43:39.0958 6328  nusb3hub - ok
22:43:39.0974 6328  nusb3xhc - ok
22:43:39.0974 6328  NVENETFD - ok
22:43:39.0989 6328  nvraid - ok
22:43:39.0989 6328  nvstor - ok
22:43:39.0989 6328  nv_agp - ok
22:43:40.0005 6328  ohci1394 - ok
22:43:40.0005 6328  ose - ok
22:43:40.0005 6328  osppsvc - ok
22:43:40.0020 6328  p2pimsvc - ok
22:43:40.0020 6328  p2psvc - ok
22:43:40.0036 6328  Parport - ok
22:43:40.0036 6328  partmgr - ok
22:43:40.0036 6328  PcaSvc - ok
22:43:40.0067 6328  pccsmcfd - ok
22:43:40.0067 6328  pci - ok
22:43:40.0067 6328  pciide - ok
22:43:40.0083 6328  pcmcia - ok
22:43:40.0083 6328  pcw - ok
22:43:40.0083 6328  PEAUTH - ok
22:43:40.0098 6328  PerfHost - ok
22:43:40.0114 6328  pla - ok
22:43:40.0114 6328  PlugPlay - ok
22:43:40.0114 6328  PNRPAutoReg - ok
22:43:40.0130 6328  PNRPsvc - ok
22:43:40.0130 6328  PolicyAgent - ok
22:43:40.0145 6328  Power - ok
22:43:40.0145 6328  PptpMiniport - ok
22:43:40.0145 6328  Processor - ok
22:43:40.0161 6328  ProfSvc - ok
22:43:40.0161 6328  ProtectedStorage - ok
22:43:40.0176 6328  Psched - ok
22:43:40.0176 6328  PxHlpa64 - ok
22:43:40.0176 6328  qicflt - ok
22:43:40.0192 6328  ql2300 - ok
22:43:40.0192 6328  ql40xx - ok
22:43:40.0192 6328  QWAVE - ok
22:43:40.0208 6328  QWAVEdrv - ok
22:43:40.0208 6328  RasAcd - ok
22:43:40.0208 6328  RasAgileVpn - ok
22:43:40.0223 6328  RasAuto - ok
22:43:40.0223 6328  Rasl2tp - ok
22:43:40.0239 6328  RasMan - ok
22:43:40.0239 6328  RasPppoe - ok
22:43:40.0239 6328  RasSstp - ok
22:43:40.0254 6328  rdbss - ok
22:43:40.0254 6328  rdpbus - ok
22:43:40.0254 6328  RDPCDD - ok
22:43:40.0270 6328  RDPENCDD - ok
22:43:40.0270 6328  RDPREFMP - ok
22:43:40.0286 6328  RDPWD - ok
22:43:40.0286 6328  rdyboost - ok
22:43:40.0301 6328  RegSrvc - ok
22:43:40.0301 6328  RemoteAccess - ok
22:43:40.0317 6328  RemoteRegistry - ok
22:43:40.0317 6328  RFCOMM - ok
22:43:40.0317 6328  RpcEptMapper - ok
22:43:40.0332 6328  RpcLocator - ok
22:43:40.0332 6328  RpcSs - ok
22:43:40.0348 6328  rspndr - ok
22:43:40.0348 6328  RSUSBSTOR - ok
22:43:40.0348 6328  SamSs - ok
22:43:40.0395 6328  SASDIFSV - ok
22:43:40.0410 6328  SASKUTIL - ok
22:43:40.0426 6328  sbp2port - ok
22:43:40.0442 6328  SCardSvr - ok
22:43:40.0457 6328  scfilter - ok
22:43:40.0473 6328  Schedule - ok
22:43:40.0488 6328  SCPolicySvc - ok
22:43:40.0504 6328  sdbus - ok
22:43:40.0520 6328  SDRSVC - ok
22:43:40.0520 6328  secdrv - ok
22:43:40.0535 6328  seclogon - ok
22:43:40.0551 6328  SENS - ok
22:43:40.0566 6328  SensrSvc - ok
22:43:40.0582 6328  Serenum - ok
22:43:40.0582 6328  Serial - ok
22:43:40.0598 6328  sermouse - ok
22:43:40.0613 6328  ServiceLayer - ok
22:43:40.0660 6328  SessionEnv - ok
22:43:40.0676 6328  sffdisk - ok
22:43:40.0676 6328  sffp_mmc - ok
22:43:40.0691 6328  sffp_sd - ok
22:43:40.0691 6328  sfloppy - ok
22:43:40.0707 6328  Sftfs - ok
22:43:40.0722 6328  sftlist - ok
22:43:40.0722 6328  Sftplay - ok
22:43:40.0738 6328  Sftredir - ok
22:43:40.0738 6328  Sftvol - ok
22:43:40.0754 6328  sftvsa - ok
22:43:40.0754 6328  SharedAccess - ok
22:43:40.0769 6328  ShellHWDetection - ok
22:43:40.0785 6328  SiSRaid2 - ok
22:43:40.0785 6328  SiSRaid4 - ok
22:43:40.0800 6328  Smb - ok
22:43:40.0816 6328  SNMPTRAP - ok
22:43:40.0816 6328  spldr - ok
22:43:40.0832 6328  Spooler - ok
22:43:40.0832 6328  sppsvc - ok
22:43:40.0847 6328  sppuinotify - ok
22:43:40.0863 6328  SQLWriter - ok
22:43:40.0863 6328  srv - ok
22:43:40.0878 6328  srv2 - ok
22:43:40.0878 6328  SrvHsfHDA - ok
22:43:40.0894 6328  SrvHsfV92 - ok
22:43:40.0894 6328  SrvHsfWinac - ok
22:43:40.0910 6328  srvnet - ok
22:43:40.0910 6328  SSDPSRV - ok
22:43:40.0925 6328  SstpSvc - ok
22:43:40.0941 6328  ssudmdm - ok
22:43:40.0941 6328  STacSV - ok
22:43:40.0956 6328  stexstor - ok
22:43:40.0956 6328  STHDA - ok
22:43:40.0972 6328  stisvc - ok
22:43:40.0988 6328  swenum - ok
22:43:40.0988 6328  swprv - ok
22:43:41.0003 6328  SynTP - ok
22:43:41.0003 6328  SysMain - ok
22:43:41.0019 6328  TabletInputService - ok
22:43:41.0019 6328  TapiSrv - ok
22:43:41.0034 6328  TBS - ok
22:43:41.0034 6328  Tcpip - ok
22:43:41.0050 6328  TCPIP6 - ok
22:43:41.0066 6328  tcpipreg - ok
22:43:41.0081 6328  TDPIPE - ok
22:43:41.0097 6328  TDTCP - ok
22:43:41.0097 6328  tdx - ok
22:43:41.0112 6328  TermDD - ok
22:43:41.0112 6328  TermService - ok
22:43:41.0128 6328  Themes - ok
22:43:41.0128 6328  THREADORDER - ok
22:43:41.0144 6328  TrkWks - ok
22:43:41.0144 6328  TrustedInstaller - ok
22:43:41.0159 6328  tssecsrv - ok
22:43:41.0175 6328  TsUsbFlt - ok
22:43:41.0175 6328  TsUsbGD - ok
22:43:41.0190 6328  tunnel - ok
22:43:41.0190 6328  uagp35 - ok
22:43:41.0206 6328  udfs - ok
22:43:41.0222 6328  UI0Detect - ok
22:43:41.0237 6328  uliagpkx - ok
22:43:41.0237 6328  umbus - ok
22:43:41.0253 6328  UmPass - ok
22:43:41.0268 6328  UNS - ok
22:43:41.0268 6328  upnphost - ok
22:43:41.0284 6328  upperdev - ok
22:43:41.0284 6328  USBAAPL64 - ok
22:43:41.0300 6328  usbccgp - ok
22:43:41.0315 6328  usbcir - ok
22:43:41.0315 6328  usbehci - ok
22:43:41.0331 6328  usbhub - ok
22:43:41.0331 6328  usbohci - ok
22:43:41.0346 6328  usbprint - ok
22:43:41.0362 6328  usbscan - ok
22:43:41.0362 6328  usbser - ok
22:43:41.0378 6328  UsbserFilt - ok
22:43:41.0378 6328  USBSTOR - ok
22:43:41.0393 6328  usbuhci - ok
22:43:41.0393 6328  usbvideo - ok
22:43:41.0409 6328  UxSms - ok
22:43:41.0424 6328  VaultSvc - ok
22:43:41.0424 6328  vdrvroot - ok
22:43:41.0440 6328  vds - ok
22:43:41.0440 6328  vga - ok
22:43:41.0456 6328  VgaSave - ok
22:43:41.0456 6328  vhdmp - ok
22:43:41.0471 6328  viaide - ok
22:43:41.0471 6328  volmgr - ok
22:43:41.0487 6328  volmgrx - ok
22:43:41.0487 6328  volsnap - ok
22:43:41.0487 6328  vsmraid - ok
22:43:41.0502 6328  VSS - ok
22:43:41.0502 6328  vwifibus - ok
22:43:41.0518 6328  vwififlt - ok
22:43:41.0518 6328  vwifimp - ok
22:43:41.0534 6328  W32Time - ok
22:43:41.0534 6328  WacomPen - ok
22:43:41.0549 6328  WANARP - ok
22:43:41.0549 6328  Wanarpv6 - ok
22:43:41.0565 6328  WatAdminSvc - ok
22:43:41.0565 6328  wbengine - ok
22:43:41.0580 6328  WbioSrvc - ok
22:43:41.0580 6328  wcncsvc - ok
22:43:41.0596 6328  WcsPlugInService - ok
22:43:41.0596 6328  Wd - ok
22:43:41.0612 6328  Wdf01000 - ok
22:43:41.0612 6328  WdiServiceHost - ok
22:43:41.0627 6328  WdiSystemHost - ok
22:43:41.0627 6328  wdkmd - ok
22:43:41.0627 6328  WebClient - ok
22:43:41.0643 6328  Wecsvc - ok
22:43:41.0643 6328  wercplsupport - ok
22:43:41.0658 6328  WerSvc - ok
22:43:41.0658 6328  WfpLwf - ok
22:43:41.0674 6328  WIMMount - ok
22:43:41.0674 6328  WinDefend - ok
22:43:41.0690 6328  WinHttpAutoProxySvc - ok
22:43:41.0690 6328  Winmgmt - ok
22:43:41.0705 6328  WinRM - ok
22:43:41.0721 6328  WinUsb - ok
22:43:41.0721 6328  Wlansvc - ok
22:43:41.0736 6328  wlcrasvc - ok
22:43:41.0736 6328  wlidsvc - ok
22:43:41.0752 6328  WmiAcpi - ok
22:43:41.0768 6328  wmiApSrv - ok
22:43:41.0768 6328  WMPNetworkSvc - ok
22:43:41.0783 6328  WPCSvc - ok
22:43:41.0783 6328  WPDBusEnum - ok
22:43:41.0783 6328  ws2ifsl - ok
22:43:41.0799 6328  wscsvc - ok
22:43:41.0799 6328  WSearch - ok
22:43:41.0814 6328  wuauserv - ok
22:43:41.0814 6328  WudfPf - ok
22:43:41.0830 6328  WUDFRd - ok
22:43:41.0830 6328  wudfsvc - ok
22:43:41.0846 6328  WwanSvc - ok
22:43:41.0846 6328  YahooAUService - ok
22:43:41.0861 6328  ZTEusbmdm6k - ok
22:43:41.0861 6328  ZTEusbnmea - ok
22:43:41.0877 6328  ZTEusbser6k - ok
22:43:41.0908 6328  ================ Scan global ===============================
22:43:41.0908 6328  [Global] - ok
22:43:41.0908 6328  ================ Scan MBR ==================================
22:43:41.0924 6328  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:43:42.0267 6328  \Device\Harddisk0\DR0 - ok
22:43:42.0267 6328  ================ Scan VBR ==================================
22:43:42.0267 6328  ============================================================
22:43:42.0267 6328  Scan finished
22:43:42.0267 6328  ============================================================
22:43:42.0282 5636  Detected object count: 0
22:43:42.0282 5636  Actual detected object count: 0
22:43:50.0176 6204  Deinitialize success


#6 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 03 January 2013 - 04:43 PM

Security Check

Results of screen317's Security Check version 0.99.56  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 AVG PC Tuneup 2011 10.0.0.26 
 JavaFX 2.1.1    
 Java(TM) 7 Update 5  
 [color=red][b]Java version out of Date![/b][/color] 
 Adobe Flash Player 11.5.502.135  
 Mozilla Firefox (17.0.1) 
 Google Chrome 21.0.1180.83  
 Google Chrome 21.0.1180.89  
 Google Chrome 22.0.1229.79  
 Google Chrome 22.0.1229.92  
 Google Chrome 22.0.1229.94  
 Google Chrome 23.0.1271.64  
 Google Chrome 23.0.1271.91  
 Google Chrome 23.0.1271.95  
 Google Chrome 23.0.1271.97  
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 Kaspersky Lab Kaspersky Internet Security 2012 avp.exe  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: 1% 
[b][u]````````````````````End of Log``````````````````````[/b][/u] 

Farbar service scanner
Farbar Service Scanner Version: 23-12-2012
Ran by user (administrator) on 03-01-2013 at 13:47:24
Running from "C:\Users\user\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


#7 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 03 January 2013 - 04:47 PM

I couldn`t post MiniToolBox results ! :busy:

I receive a error message whit this text "[#103130] You do not have permission to reply to this topic."

#8 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 03 January 2013 - 05:57 PM

Hi

Please check that you are signed into BleepingComputer, then try posting Minitoolbox results.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 04 January 2013 - 05:34 AM

I could not post it

Edited by sonic97, 04 January 2013 - 05:51 AM.


#10 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 04 January 2013 - 05:50 AM

:wacko: Im getting the error "[#103130] You do not have permission to reply to this topic"
When i try to post the rest of the MiniToolBox results
However i have uploaded the text document with the result so please download it :clapping: http://www.mediafire.com/?etak1elg2ycc15j

#11 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 04 January 2013 - 11:20 AM

Hi

Please do the following next:

:step1:

Going over your logs I noticed that you have utorrent installed.
  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the "Windows Orb" button - Posted Image.
  • Click Control Panel then Programs and Features..

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 05 January 2013 - 04:13 AM

MalewareBytes anti-malware

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-HP [administrator]

1/4/2013 11:00:13 م
mbam-log-2013-01-04 (23-00-13).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 544742
Time elapsed: 1 hour(s), 24 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Eset

C:\Program Files (x86)\SecurityXploded\IDMPasswordDecryptor\IDMPasswordDecryptor.exe	a variant of Win32/SecurityXploded.A application	cleaned by deleting - quarantined
C:\Users\user\Downloads\Android Apps\bchd06_2.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\Broke My Phone-11.apk	Android/Adware.AirPush.A application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\com.bbmbbm.stupid1-36-1.35.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\com.bbmbbm.stupid1part2-2-1.2.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\great.app.luck-22-1.5.6.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\Spy Phone (1.0.17).apk	Android/SpyPhone.B application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\Spy.Phone.v1.0.17.apk	Android/SpyPhone.B application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.AdatBanatWalzawjeya-3-1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.AdatShababWaAlsehaa-3-1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.AdatShababWaAltakalosMenha-3-1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.adatShababWaAlzawjeya-3-1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.almotanabe-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.ArabAndroid.emroaAlqayes-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.bbmbbm.stupid1-36-1.35.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.bbmbbm.stupid1part2-2-1.2.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.bravo.galaxy.s3-9-v1.7.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.kutaa.kutaaAnfesamShakhsya-2-v1.1.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.kutaa.kutaaTahlelShakhseatAlwan-4-v1.3.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.pilotfishmediainc.fruitslayer-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\com.wubeoo.iphone5.lock.screen.free-9-v1.3.6.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
C:\Users\user\Downloads\Android Apps\App_Backup_Restore\de.w2games.ragememewidgetpro-7-v1.3.apk	a variant of Android/Leadbolt.C application	deleted - quarantined
C:\Users\user\Downloads\Compressed\idman61219.rar	a variant of Win32/HackTool.Patcher.AD application	deleted - quarantined
C:\Users\user\Downloads\Compressed\IDMPasswordDecryptor.zip	a variant of Win32/SecurityXploded.A application	deleted - quarantined
C:\Users\user\Downloads\Compressed\SpyHunter.4.3.32.patch-SND.zip	a variant of Win32/HackTool.Patcher.T application	deleted - quarantined
C:\Users\user\Downloads\Compressed\TuneUp Utilities 2012 KeyGen.zip	Win32/Keygen.CD application	deleted - quarantined
C:\Users\user\Downloads\Programs\AVGSecureSearchInstaller.exe	a variant of Win32/OpenInstall application	cleaned by deleting - quarantined
C:\Users\user\Downloads\Programs\CheatEngine61.exe	multiple threats	cleaned by deleting - quarantined
C:\Users\user\Downloads\Programs\DTLite4454-0316_2.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\user\Downloads\Programs\SoftonicDownloader_for_nokia-suite.exe	a variant of Win32/SoftonicDownloader.E application	cleaned by deleting - quarantined
C:\Users\user\Downloads\Programs\TuneUpInst-2.4.6.4.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\user\Music\SuperOneClickv1.7-ShortFuse.zip	Android/Exploit.Lotoor.AK trojan	deleted - quarantined
G:\App_Backup_Restore\com.anan11.sonichedgefans-2-v2.0.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.AdatBanatWalzawjeya-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.AdatShababWaAlsehaa-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.AdatShababWaAltakalosMenha-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.adatShababWaAlzawjeya-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.almotanabe-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.ArabAndroid.emroaAlqayes-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.bbmbbm.stupid1-36-v1.35.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
G:\App_Backup_Restore\com.bbmbbm.stupid1part2-2-v1.2.apk	a variant of Android/Adware.AirPush.C application	deleted - quarantined
G:\App_Backup_Restore\com.bravo.galaxy.note2-5-v1.1.3.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.bravo.galaxy.s3-10-v1.8.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.kutaa.kutaaAnfesamShakhsya-2-v1.1.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.kutaa.kutaaTahlelShakhseatAlwan-4-v1.3.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\com.pilotfishmediainc.fruitslayer-3-v1.2.apk	a variant of Android/Adware.AirPush.D application	deleted - quarantined
G:\App_Backup_Restore\de.w2games.ragememewidgetpro-7-v1.3.apk	a variant of Android/Leadbolt.C application	deleted - quarantined

Adwcleaner By Xplode

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 10:59:04
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-HP
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner_2.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\IM

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[R1].txt - [6032 octets] - [28/12/2012 09:45:30]
AdwCleaner[R2].txt - [874 octets] - [28/12/2012 14:57:42]
AdwCleaner[R3].txt - [737 octets] - [05/01/2013 10:59:04]
AdwCleaner[S1].txt - [5904 octets] - [28/12/2012 09:45:54]

########## EOF - C:\AdwCleaner[R3].txt - [856 octets] ##########
Sorry "http://btsearch.name" is still stuck as my home page & if i changed it ,it will automatically come back as my
homepage again (In Firefox & Chrome) :blink: .

#13 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 05 January 2013 - 10:30 AM

Hi

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 sonic97

sonic97
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2013 - 07:31 AM

Hmmmmmmm........... Thanks for letting me know :thumbsup:
:woot:
I think im going to reinstall windows 7 again
i wanna ask you about some questions be4 i do so

1-I have a lots of data on this laptop and losing it would be a Great waste !, if i copy some of the data on a hard disk would these
Trojans been copied to my hard disk ?

2-I usually connect my Android smartphone to infected laptop could the phone be infected also ?

3-My laptop came with a genuine Windows 7 Installed but it did not came with any Cd so ... if i got a non genuine copy of the same
windows & used the same genuine key that have been used in the infected laptop could i still get updates from Microsoft ?

4-After i finish every thing what type of security program you think i should get ? (because i think Kaspersky is so stupid)

And again thanks for help :wink:

#15 dev00790

dev00790

    Bleeping chocoholic


  • Members
  • 4,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:54 PM

Posted 07 January 2013 - 03:42 PM

Hi

1-I have a lots of data on this laptop and losing it would be a Great waste !, if i copy some of the data on a hard disk would these
Trojans been copied to my hard disk ?

Don't copy the whole contents of the hard drive.
Note: Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.
You can scan the copies of the files on another computer that has Vista / Win 7 (XP not recommended for this since autorun is enabled by defualt)

2-I usually connect my Android smartphone to infected laptop could the phone be infected also ?

It is likely since ESET detected some Trojans for Android on the computer. I suggest you post in the Android forum for further advice on this.

3-My laptop came with a genuine Windows 7 Installed but it did not came with any Cd so ... if i got a non genuine copy of the same
windows & used the same genuine key that have been used in the infected laptop could i still get updates from Microsoft ?

We do not condone use of non genuine software.

4-After i finish every thing what type of security program you think i should get ? (because i think Kaspersky is so stupid)

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:
If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users