Jump to content

Recommended Posts

Hi there. Today my Antivirus blocked something, so I decided to run a bunch of scans. When I ran Malwarebytes it found exploit.drop.2 and it seemingly removed it. However my Anivirus is still occasionally finding things to block, and I can not run it normally without it crashing.

I have absolutely no idea what to do, so any help would be greatly appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by Spectre at 19:51:43 on 2011-12-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT -5:00]

.

AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\FS\Spyro Portal\FlashPortal.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\REGSVR32.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll

TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [Google Update] "c:\documents and settings\spectre\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CA339C8D-9EEB-411B-9A44-B580763ADBA3} : DhcpNameServer = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\spectre\application data\mozilla\firefox\profiles\cqn8l0bl.default\

FF - prefs.js: browser.startup.homepage - hxxp://aol.com

FF - prefs.js: network.proxy.http - 203.161.118.218:8080 203.161.118.218.static.amnet.net.au

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\documents and settings\spectre\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\spectre\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\spectre\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\bitdefender\bitdefender 2011\bdaphffext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2011-7-16 12960]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]

R2 SpyroService;Spyro Portal Service;c:\program files\fs\spyro portal\FlashPortal.exe [2011-11-19 48128]

R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 153440]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2011-5-17 406016]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys --> c:\windows\system32\drivers\lv321av.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]

S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]

S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]

.

=============== Created Last 30 ================

.

2011-12-05 23:31:42 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-12-05 23:31:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2011-12-05 23:31:39 -------- d-----w- c:\program files\SpywareBlaster

2011-12-05 23:29:58 -------- d-----w- c:\documents and settings\spectre\local settings\application data\bdch

2011-12-01 19:51:30 -------- d-----w- c:\documents and settings\spectre\application data\Vywoy

2011-12-01 19:51:30 -------- d-----w- c:\documents and settings\spectre\application data\Afxa

2011-11-25 12:11:54 -------- d-----w- c:\documents and settings\spectre\application data\ElevatedDiagnostics

2011-11-25 12:10:47 -------- d-----w- C:\MATS

2011-11-25 11:56:44 221184 ----a-w- c:\windows\system32\wmpns.dll

2011-11-25 10:41:06 8192 -c----w- c:\windows\system32\dllcache\asferror.dll

2011-11-25 10:40:59 364544 -c----w- c:\windows\system32\dllcache\npdsplay.dll

2011-11-25 10:37:59 -------- d-----w- c:\windows\network diagnostic

2011-11-25 10:37:53 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2011-11-25 10:37:52 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-11-21 04:37:25 -------- d-----w- c:\program files\iPod

2011-11-21 04:37:19 -------- d-----w- c:\program files\iTunes

2011-11-21 04:34:06 -------- d-----w- c:\program files\Bonjour

2011-11-20 03:37:05 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-11-20 03:37:05 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-20 03:27:56 -------- d-----w- c:\program files\FS

2011-11-20 03:23:02 -------- d-----w- c:\program files\Microsoft Silverlight(2)

2011-11-12 22:39:10 -------- d-----w- c:\documents and settings\all users\application data\Dumps

2011-11-12 22:24:36 -------- d-----w- c:\documents and settings\spectre\application data\WTablet

2011-11-12 22:23:37 -------- d-----w- c:\program files\Tablet

.

==================== Find3M ====================

.

2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-29 12:04:53 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-29 00:39:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 19:53:23.85 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.