Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need to check for malwares

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need to check for malwares

Unread postby rocky14321 » October 24th, 2013, 1:43 am

hi once i was infected by PUM.HIJACK.HOMEPAGE malware . i need to check whether it is fully removed .thanks in advance. here is my dds report.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by gatesys at 10:58:35.55 on Thu 10/24/2013
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1289 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gatesys\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-11 65640]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-12 701512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-12 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2013-7-22 257416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-10-4 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-16 52224]
.
=============== Created Last 30 ================
.
2013-10-19 19:32:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-16 09:07:51 -------- d-----w- c:\users\gatesys\appdata\roaming\Qualys
2013-10-16 05:37:53 -------- d-----w- c:\windows\system32\SPReview
2013-10-16 05:22:59 80720 ----a-w- c:\windows\system32\mscories.dll
2013-10-16 05:20:53 -------- d-----w- c:\windows\system32\EventProviders
2013-10-15 17:10:50 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-10-15 17:09:07 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-10-15 17:09:07 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-10-15 17:09:07 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-10-15 17:09:07 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-10-15 17:09:07 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-10-15 17:09:07 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-10-15 17:03:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-15 17:03:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-10-15 17:03:43 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 16:36:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-15 16:35:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-15 16:35:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-10 09:05:22 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-04 07:08:55 -------- d-----w- c:\program files\GUM7129.tmp
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Deployment
2013-10-04 07:07:59 -------- d-----w- c:\users\gatesys\appdata\local\Apps
2013-10-02 08:56:38 -------- d-----w- c:\progra~2\Oracle
2013-10-02 08:48:08 209272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-10-02 08:48:08 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL
.
==================== Find3M ====================
.
2013-10-16 05:35:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-10-13 07:50:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:50:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-14 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-08-06 22:52:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 17:29:58 217176 ----a-w- c:\windows\system32\unrar.dll
.
============= FINISH: 10:59:09.40 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2013 9:04:49 PM
System Uptime: 10/24/2013 10:02:10 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | J3E1 | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 74.803 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 63.386 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 63.058 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 55.701 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 10/16/2013 10:51:43 AM - Windows 7 Service Pack 1
RP45: 10/20/2013 1:01:16 AM - Installed Java 7 Update 45
RP47: 10/23/2013 10:15:37 PM - Removed Microsoft Office Enterprise 2007
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
CCleaner
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet Download Manager
Java 7 Update 45
Java Auto Updater
K-Lite Mega Codec Pack 10.0.0
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
Picasa 3
Realtek High Definition Audio Driver
WinRAR 5.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/24/2013 10:02:19 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/24/2013 10:02:19 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
.
==== End Of File ===========================
rocky14321
Member+
 
Posts: 5
Joined: October 13th, 2013, 2:10 pm
Advertisement
Register to Remove

Re: need to check for malwares

Unread postby Cypher » October 24th, 2013, 5:47 am

This is not the first time you have posted for help on our forum.
Your topic is being closed for one (or more) of the following reasons:

  • Repeated use of P2P software, despite warnings of their use and requests for removal.
  • Repeated use of cracked, illegal or pirated software.
  • Use of outdated or unpatched versions of Windows, after previously agreeing to update as a condition for receiving help on our forum.
  • Returning for help with no Anti-virus software installed, despite being advised to install.
  • Continued practice of unsafe surfing.
  • Posting for help for many different computers, repair tech.
  • Continuing to post in multiple malware removal forums, for the same computer issue.
  • Repeatedly failing to reply to your topic within the necessary time frames.
  • Repeatedly posting without the required information.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware