Jump to content

Infection BS84


BS84

Recommended Posts

Hi,

I'm having an issue with Trojan:Win32/Sirefef.J

I ran the dds scan, and here are the results:

Bruce

***

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27

Run by Thomason at 22:45:39 on 2011-12-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1502 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\SoftKey\Calendar Creator 4.0\CCSCHED.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Thomason\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wuauclt.exe

C:\Program Files\Serif\WebPlus\X4\Program\WebPlus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.drudgereport.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\thomason\appdata\roaming\micros~1\windows\startm~1\programs\startup\calend~1.lnk - c:\program files\softkey\calendar creator 4.0\CCSCHED.EXE

StartupFolder: c:\users\thomason\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\thomason\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{188DD68A-6E2D-473D-8163-C429B2672C3F} : DhcpNameServer = 68.87.74.162 68.87.68.162

TCP: Interfaces\{9C214E91-EFDE-4BAF-8A65-3F0297241DF6} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9C214E91-EFDE-4BAF-8A65-3F0297241DF6}\3434053473434323 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9C214E91-EFDE-4BAF-8A65-3F0297241DF6}\65562796A7F6E602D496649623230303021383644302355636572756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9C214E91-EFDE-4BAF-8A65-3F0297241DF6}\C696E6B6379737 : DhcpNameServer = 192.168.254.254

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\thomason\appdata\roaming\mozilla\firefox\profiles\1qs3t3yf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl2585e6f6;MpKsl2585e6f6;c:\programdata\microsoft\microsoft antimalware\definition updates\{e433485a-e96c-4de5-b62e-b0b966cfc839}\MpKsl2585e6f6.sys [2011-12-14 29904]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-19 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-19 1343400]

.

=============== Created Last 30 ================

.

2011-12-15 02:01:31 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e433485a-e96c-4de5-b62e-b0b966cfc839}\MpKsl2585e6f6.sys

2011-12-15 02:01:13 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e433485a-e96c-4de5-b62e-b0b966cfc839}\offreg.dll

2011-12-15 02:01:09 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e433485a-e96c-4de5-b62e-b0b966cfc839}\mpengine.dll

2011-12-08 15:38:52 -------- d-----w- c:\windows\PCHEALTH

2011-12-08 15:38:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-12-08 15:37:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-12-08 15:36:35 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-12-08 04:44:19 -------- d-----w- c:\users\thomason\triplea

2011-12-08 04:43:13 -------- d-----w- c:\program files\TripleA

2011-12-08 03:01:26 -------- d-----w- c:\users\thomason\appdata\local\Microsoft Help

2011-12-05 23:47:22 -------- d-----w- c:\users\thomason\appdata\local\CutePDF Writer

2011-12-05 23:46:29 -------- d-----w- c:\program files\GPLGS

2011-12-05 23:45:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2011-12-05 23:45:38 -------- d-----w- c:\program files\Acro Software

2011-12-05 10:35:28 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll

2011-11-29 01:42:38 -------- d-----w- c:\program files\e-Sword Module Installer

2011-11-28 19:37:47 55808 ----a-w- c:\windows\system32\MFCD30.DLL

2011-11-28 19:37:47 4096 ----a-w- c:\windows\system32\MFCUIW32.DLL

2011-11-28 19:37:47 33280 ----a-w- c:\windows\system32\MFC30DEU.DLL

2011-11-28 19:37:47 322832 ----a-w- c:\windows\system32\MFC30.DLL

2011-11-28 19:37:47 32256 ----a-w- c:\windows\system32\MFC30FRA.DLL

2011-11-28 19:37:47 15872 ----a-w- c:\windows\system32\MFCN30.DLL

2011-11-28 19:37:47 133392 ----a-w- c:\windows\system32\MFCO30.DLL

2011-11-28 19:37:31 -------- d-----w- c:\program files\SoftKey

2011-11-20 23:57:40 -------- d-----w- c:\program files\Database2RTF

.

==================== Find3M ====================

.

2011-10-07 21:29:02 217088 ----a-w- c:\windows\system32\DownloadXPro.dll

2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:46:16.42 ===============

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.