Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple malware/trojans


  • Please log in to reply
3 replies to this topic

#1 lagniappe

lagniappe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 13 August 2009 - 10:13 PM

I seem to have multiple pieces of malware infecting my Windows XP box, including tapi.nfo, sofatnet, msimfo32 and possibly more. Software such as MBAM, Spybot SD, CF and HJT are all shutdown when they run and have read/execute privileges revoked. Some google.com, yahoo.com and bing.com searches seemed by eaten or redirected.

Any help in combating these is greatly appreciated.

UPDATE: I had run clamav scan from TRK before generating this DDS.txt
UPDATE: deleted msimfo32.exe, tapi.nfo and sofatnet.exe manually

DDS (Ver_09-07-30.01) - NTFSx86
Run by lindsey at 19:51:14.71 on Thu 08/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.457 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\dev\cygwin\bin\cygrunsrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\dev\cygwin\usr\sbin\sshd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Copy of foo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox v3.0\firefox.exe
C:\Documents and Settings\lindsey\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
mWinlogon: Taskman=c:\recycler\s-1-5-21-2998774317-7457111276-637613697-0599\msimfo32.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} - hxxps://horizons.istaria.com/controls/launcher.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232345141734
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://www.mikethetiger.com/cam/wg_webeye.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {2497F42D-4DC5-412B-816B-9FBB39DA6FFC} = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lindsey\applic~1\mozilla\firefox\profiles\03jdu164.default 3.0\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\lindsey\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox v3.0\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\videolan\vlc_0.9\npvlc.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox v3.0\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox v3.0\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox v3.0\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox v3.0\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox v3.0\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox v3.0\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox v3.0\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox v3.0\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-21 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-23 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 298776]
R2 sshd;CYGWIN sshd;c:\dev\cygwin\bin\cygrunsrv.exe [2005-2-3 68096]
R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;c:\windows\system32\drivers\hextun.sys [2009-2-23 22176]
R3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2009-5-14 780544]
S2 PLUSBCF;USB Compact Flash Reader;c:\windows\system32\drivers\UCF1PL.SYS [2006-2-4 21801]
S2 sofatnet;sofatnet Service;c:\windows\system32\sofatnet.exe [2001-8-23 95232]
S3 gw6c;Hexago Gateway6 Client;c:\program files\hexago\gateway6 client\gw6c.exe [2009-2-23 385024]
S3 jbridgep;jbridgep;\??\c:\windows\temp\jbridgep.sys --> c:\windows\temp\jbridgep.sys [?]
S3 netcard;netcard;c:\windows\system32\netcard.sys [2001-8-23 2304]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PLSCSICF;PLSCSICF;c:\windows\system32\drivers\UCF0PL.SYS [2006-2-4 7178]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 EvdoServer;EvdoServer;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]

=============== Created Last 30 ================

2009-08-13 19:49 <DIR> --d----- c:\windows\Installer
2009-08-13 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13658754
2009-08-12 04:25 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-12 00:24 <DIR> --d----- c:\docume~1\lindsey\applic~1\Malwarebytes
2009-08-12 00:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 00:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-12 00:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 00:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-12 00:18 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:18 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 23:45 <DIR> --d-h--- c:\windows\PIF
2009-08-11 23:34 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 23:24 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-11 19:42 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-11 19:42 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-11 19:42 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-11 19:42 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-11 18:38 128,512 a------- c:\windows\sv2.malware.maybe
2009-08-11 18:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\10039684
2009-08-11 18:35 <DIR> --dsh--- c:\windows\system32\lowsec
2009-08-09 21:36 599,552 -c------ c:\windows\system32\dllcache\crypt32.dll
2009-08-09 21:36 177,664 -c------ c:\windows\system32\dllcache\wintrust.dll
2009-08-06 13:46 86,287 a------- c:\windows\system32\WinUpdateMan.exe
2009-08-06 10:48 16,384 a------- c:\windows\system32\Msdirectx.exe
2009-08-05 21:45 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-22 22:38 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-22 22:38 1,409 a------- c:\windows\QTFont.for
2009-07-17 12:01 58,880 -c------ c:\windows\system32\dllcache\atl.dll

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 08:17 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-26 17:21 1,956,352 a------- c:\windows\system32\drivers\VX3000.sys
2009-06-26 17:21 671,744 a------- c:\windows\system32\LCCoin30.dll
2009-06-26 17:21 96,256 a------- c:\windows\VX3000.dll
2009-06-26 17:21 757,248 a------- c:\windows\vVX3000.exe
2009-06-26 17:21 222,720 a------- c:\windows\vVX3000.dll
2009-06-26 17:21 170,496 a------- c:\windows\system32\cVX3000.dll
2009-06-25 10:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-19 21:45 22,328 a------- c:\docume~1\lindsey\applic~1\PnkBstrK.sys
2006-03-19 22:29 32 a----r-- c:\documents and settings\all users\hash.dat
2008-05-08 19:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 19:51:42.89 ===============

Attached Files

  • Attached File  DDS.txt   18.81KB   3 downloads

Edited by lagniappe, 13 August 2009 - 11:38 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 22 August 2009 - 07:10 PM

Hi,

Sorry for delay, no shortage of posters. Your log is several days old, if you still need help reply to my post.

How Can I Reduce My Risk to Malware?


#3 lagniappe

lagniappe
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 August 2009 - 05:02 PM

After wading through past threads and the excellent responses, I think I'm OK now. It was pretty bad for a while but I was finally able to get AV and anti-malware tools to run successfully and go from there.

Thanks for looking at this.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 23 August 2009 - 09:14 PM

Hi lagniappe,

ok good. If you have it all under control now, here are some tips for you:

10 Tips for Reducing/Preventing Your Risk To Malware:

1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits. If you frequently have malware then you should review your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. All browsers can have vulnerabilities but statistically it is the most commonly used browser that will tend to be targeted the most. See also: Hardening or Securing Internet Explorer.

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another potential malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users