Jump to content

TrojanDownloader:Java/OpenStream.AK


mem

Recommended Posts

Hi,

I haven't had symptoms of a problem but this weekend when running a full scan with MS Security Essentials it detected and quarantined a trojan downloader- Detected item:TrojanDownloader:Java/OpenStream.AK. Real time MSE has not detected anything. MBAM Pro real time has not detected anything and finds nothing in the Full Scan. Highjack This has a number of missing files in section 023 but they may not be releated. GMER (ark text file attached) found two items that look like IDT audio or touchpad related items. Any comments about any further actions needed are welcome.

Win7 x64, Standard User Account, MSE, MBAM Pro

MSEdetection.txt

mbam_log_2010_10_23__07_19_55_.txt

hijackthis1.log

ark.txt

Link to post
Share on other sites

First, thanks for looking at the information. Also, I have uninstalled Java 6 update 22 from the PC after the MSE scan and do not intend to reinstall unless needed in the future. You may notice that I use IE9beta (latest) as well. While waiting for a response I also ran the ESET online scanner and no infection found. Nothing was found with the MBAM scan just now so I only included the header below. The "Attach" file did show up from DDS but said to attach as a zip only if requested so I just saved to disk in case you need it as well.

-----------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4945

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

10/26/2010 8:03:56 AM

mbam-log-2010-10-26 (08-03-56).txt

Scan type: Quick scan

Objects scanned: 145879

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

**************************************************

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Master at 17:15:41.89 on Tue 10/26/2010

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4086.2916 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1b92f8b399b096a3\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1b92f8b399b096a3\AESTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\OEM02Mon.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Master\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: OToolbarHelper Class: {7aed0dc9-374e-440d-b966-be292971225b} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Virtual Account Numbers: {a1bdf46b-9de6-4090-8791-84f26e00934c} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll

mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [uCS Virtual Account Numbers] C:\PROGRA~2\UCS\VIRTUA~1\CitiUCS.exe /lang=en_RG /dontopenmycards

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Master\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\05mqfukl.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - component: C:\Program Files (x86)\UCS\Virtual Account Numbers\components\SlimOrbAddonCitiUCS.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-28 52856]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2009-11-3 1477728]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-6-18 173984]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1b92f8b399b096a3\AESTSr64.exe [2009-10-29 89600]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-4-4 2480048]

R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-5-2 304464]

R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-4-4 252512]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-10-29 24664]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-6-18 40832]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216]

R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-1-25 7520256]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2010-10-26 21:57:37 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{47448DFE-FC11-4DE0-A088-DFA54F412496}\mpengine.dll

2010-10-25 20:00:50 -------- d-----w- C:\Program Files (x86)\ESET

2010-10-24 16:15:26 899072 ----a-w- C:\Windows\System32\d2d1.dll

2010-10-24 16:15:26 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll

2010-10-24 16:15:26 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2010-10-24 16:15:26 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2010-10-24 16:15:26 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll

2010-10-24 16:15:26 1543168 ----a-w- C:\Windows\System32\DWrite.dll

2010-10-24 16:15:26 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2010-10-24 16:15:26 1137664 ----a-w- C:\Windows\System32\FntCache.dll

2010-10-24 16:15:26 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll

2010-10-24 16:15:17 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2010-10-24 16:15:16 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2010-10-24 16:15:16 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2010-10-24 16:15:16 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2010-10-24 16:14:50 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2010-10-24 16:14:49 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2010-10-24 16:14:33 -------- d-----w- C:\Program Files (x86)\Feedback Tool

2010-10-18 20:58:35 -------- d-----w- C:\Windows\PCHEALTH

2010-10-18 20:54:42 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2010-10-18 20:54:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2010-10-01 21:44:08 -------- d-----w- C:\Users\Master\AppData\Roaming\Windows Live Writer

2010-10-01 21:44:08 -------- d-----w- C:\Users\Master\AppData\Local\Windows Live Writer

2010-10-01 14:48:32 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-01 14:48:32 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-01 14:48:31 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-01 14:48:31 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-01 14:48:31 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-01 14:48:30 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-01 14:48:30 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-01 14:47:09 -------- d-----w- C:\Users\Master\AppData\Local\Windows Live

2010-09-29 12:10:09 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 12:10:09 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-09-29 12:09:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 12:09:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-27 10:28:18 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

==================== Find3M ====================

2010-10-22 14:30:47 3695968 ----a-w- C:\Windows\System32\AutoPartNt.exe

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-01 05:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll

2010-09-01 05:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-01 05:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2010-09-01 05:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-01 05:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll

2010-09-01 05:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-01 05:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2010-09-01 05:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2010-09-01 05:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2010-09-01 05:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2010-09-01 05:43:02 448512 ----a-w- C:\Windows\System32\html.iec

2010-09-01 05:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll

2010-09-01 05:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx

2010-09-01 05:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2006-10-15 02:31:24 29184 ----a-w- C:\Program Files (x86)\Hash.exe

============= FINISH: 17:16:41.31 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

No issues remain. Thanks for the help...appreciate it.

Results of screen317's Security Check version 0.99.6

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.1.85.3

Adobe Reader 9.4.0

Mozilla Firefox (3.6.12)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :)

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.