Jump to content

Recommended Posts

Hello. Here I was requested to post in here for a possible infection. I could not install Java SE and did not reboot after installations, so there may still be some files left over. MSE detected 3 Java exploits, and the scan of MBAM that I ran after the MSE scan came up clean.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07

Run by April at 12:46:44 on 2011-12-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1073 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

svchost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Documents and Settings\April\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell.com

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sonic RecordNow!]

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\april\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\april\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\april\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} - hxxp://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9A0A6725-DB22-451B-B5F1-3EC6026BED23} : DhcpNameServer = 192.168.1.254

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\april\application data\mozilla\firefox\profiles\9zi0ltr2.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?gsessionid=sWSX8jnH0xKH7YreaPF9Jg|https://legacy.umail.miami.edu/owa/auth/logon.aspx?url=https://legacy.umail.miami.edu/owa/&reason=0|http://miami.mywconline.com/index.php?auth=no&resume=%2Fschedule.php

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll

FF - plugin: c:\documents and settings\april\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl5783655a;MpKsl5783655a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ed5e5c9-eee5-47ea-a0f0-ed6667159b8a}\MpKsl5783655a.sys [2011-12-4 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-10-28 10384]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]

S1 MpKsl2d0371da;MpKsl2d0371da;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dc49814-9d85-43e5-8499-d955f07305c6}\mpksl2d0371da.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dc49814-9d85-43e5-8499-d955f07305c6}\MpKsl2d0371da.sys [?]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2005-3-20 153760]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-13 27064]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]

S4 vsdatant;vsdatant;a --> a [?]

.

=============== Created Last 30 ================

.

2011-12-04 17:23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-04 17:23:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 17:23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-04 15:22:05 135168 ----a-w- c:\windows\system32\REN23.tmp

2011-12-04 13:30:11 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ed5e5c9-eee5-47ea-a0f0-ed6667159b8a}\MpKsl5783655a.sys

2011-12-04 13:29:59 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ed5e5c9-eee5-47ea-a0f0-ed6667159b8a}\offreg.dll

2011-12-04 06:51:46 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ed5e5c9-eee5-47ea-a0f0-ed6667159b8a}\mpengine.dll

2011-11-20 18:25:28 -------- d-----w- c:\documents and settings\april\local settings\application data\V-Safe 100

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-08 10:32:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2004-07-02 20:33:27 4354084 -c----w- c:\program files\spybotsd13.exe

2004-07-01 15:09:30 2150574 -c----w- c:\program files\aaw6181.exe

2004-06-16 00:40:39 2200064 -c----w- c:\program files\RhapsodyReal.exe

.

============= FINISH: 12:48:04.70 ===============

Link to post
Share on other sites

This might help with the Java issues;

Java Setup Problem,

If you want to check for infections, try this:

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.