Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infections JS/FakealertKryptik, Vundo.gen.bw - various firefox issues


  • This topic is locked This topic is locked
5 replies to this topic

#1 jingle103

jingle103

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 02 February 2010 - 04:36 PM

Started with browser irregularities; cannot log into gmail, when logging into notifier error states invalid certificate; get 302 error messages stating bookmarked pages have been moved; cannot access known sites, such as youtube (redirect to pages that say I'm infected and to activate antivirus) Redirects to "http://searchclick8.com/" when using google searches. Also when shutting down get item that states unknown programs need to be ended, including "firefox.exe" Does NOT seem to be affecting IE

Constant alerts from Mcafee, slow processing, etc.

Possibly unrelated hardware issue with keyboard; intermittently computer is not recognizing keyboard, unplugging and reconnecting usb or restart temporarily resolves this.


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 21:49:18.56 on Mon 02/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.539 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {21c3a23d-f9fc-4ebd-a371-968003dcfc2d} - junegehu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5ef93d42-2cf1-4786-90d7-309fa4c3fb11} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - NOW!Imaging
BHO: {C2EEFDDF-243B-443F-9C58-35D773E97382} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intervideo wincinema manager.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoCommonGroups = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
mPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: DisableMyPicturesDirChange = 0 (0x0)
mPolicies-explorer: DisableMyMusicDirChange = 0 (0x0)
mPolicies-explorer: DisableFavoritesDirChange = 0 (0x0)
mPolicies-explorer: GreyMSIAds = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\helper32.dll
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: internet
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: mcafee.com
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {B96C8B4D-DCFA-49C0-A83D-4404EA1EE611} = 193.104.110.38,4.2.2.1,68.87.69.150 68.87.85.102 192.168.1.1 68.87.69.150 68.87.85.102
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: tuvumuge.dll,pukovubu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli medilile.dll hazifiga.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1.you\applic~1\mozilla\firefox\profiles\5yob3mjo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-15 214664]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-10 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-10 234888]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-16 54752]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-15 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\virusscan\mcshield.exe [2009-4-15 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\virusscan\mcsysmon.exe [2009-4-15 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-15 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-15 40552]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-15 34248]

=============== Created Last 30 ================

2010-02-02 04:54:58 1357824 ----a-w- c:\windows\system32\IS15.exe
2010-02-02 04:54:54 29696 ----a-w- c:\windows\system32\helper32.dll
2010-02-02 04:54:02 38912 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-29 22:28:15 0 d-----w- c:\docume~1\hp_adm~1.you\applic~1\Registry Mechanic
2010-01-29 22:27:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 00:40:55 6456 ---ha-w- c:\windows\system32\gudomewo
2010-01-25 07:32:52 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-25 07:24:33 98816 ----a-w- c:\windows\sed.exe
2010-01-25 07:24:33 77312 ----a-w- c:\windows\MBR.exe
2010-01-25 07:24:33 261632 ----a-w- c:\windows\PEV.exe
2010-01-25 07:24:33 161792 ----a-w- c:\windows\SWREG.exe
2010-01-22 17:33:58 41427 ----a-w- c:\documents and settings\hp_administrator.your-55e5f9e3d2\.recently-used.xbel
2010-01-12 23:01:13 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-18 01:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_9701259.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_796624.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_6732682.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_6703601.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_6626417.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_6596788.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_5954598.dnp
2007-07-02 05:14:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_2672469.dnp
2007-07-02 05:12:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_997243.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_8965770.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_767612.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_7172686.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_6720286.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_4619228.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_3526712.dnp
2007-07-02 05:11:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_1890736.dnp
2007-07-02 05:11:15 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-7-1-2007_22-9-22_2010015.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_9639063.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_7960992.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_7943281.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_7510999.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_671784.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_6133698.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_3850169.dnp
2007-06-15 22:05:49 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_1777097.dnp
2007-06-15 22:04:39 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_1805617.dnp
2007-06-15 22:03:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_8806865.dnp
2007-06-15 22:03:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_5513366.dnp
2007-06-15 22:03:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_1419043.dnp
2007-06-15 22:03:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_6543502.dnp
2007-06-15 22:03:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_5800292.dnp
2007-06-15 22:03:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_3944016.dnp
2007-06-15 22:03:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_1225035.dnp
2007-06-15 22:03:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-15-2007_15-1-49_1140414.dnp
2007-06-04 21:26:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_6499530.dnp
2007-06-04 21:26:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_193302.dnp
2007-06-04 21:26:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_1651389.dnp
2007-06-04 21:26:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_8644110.dnp
2007-06-04 21:26:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_6002646.dnp
2007-06-04 21:26:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_5169784.dnp
2007-06-04 21:26:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_966590.dnp
2007-06-04 21:26:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_5055336.dnp
2007-06-04 21:23:16 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_330247.dnp
2007-06-04 21:20:08 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_830017.dnp
2007-06-04 21:20:08 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_2942445.dnp
2007-06-04 21:20:08 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_1246663.dnp
2007-06-04 21:20:06 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_7984476.dnp
2007-06-04 21:20:06 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_5588673.dnp
2007-06-04 21:20:06 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_497609.dnp
2007-06-04 21:20:06 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_4435372.dnp
2007-06-04 21:20:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item1-6-4-2007_14-16-47_1121441.dnp
2007-05-28 12:16:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_9890823.dnp
2007-05-28 12:16:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_8905005.dnp
2007-05-28 12:16:05 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_8451841.dnp
2007-05-28 12:16:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6761570.dnp
2007-05-28 12:16:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6090846.dnp
2007-05-28 12:16:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6085817.dnp
2007-05-28 12:16:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_3069452.dnp
2007-05-28 12:16:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_9534497.dnp
2007-05-28 12:14:47 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_4240784.dnp
2007-05-28 12:13:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_8019776.dnp
2007-05-28 12:13:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6315247.dnp
2007-05-28 12:13:04 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6161858.dnp
2007-05-28 12:13:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_8949980.dnp
2007-05-28 12:13:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_5626206.dnp
2007-05-28 12:13:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_405704.dnp
2007-05-28 12:13:03 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_3051534.dnp
2007-05-28 12:13:02 18 -c--a-w- c:\program files\XP Repair Pro 2007ERR_Item0-5-28-2007_5-11-18_6174397.dnp
2005-09-02 01:16:32 32 -csha-w- c:\windows\sminst\HPCD.SYS
1601-01-01 00:03:52 52736 --sha-w- c:\windows\system32\hazifiga.dll
2008-12-27 22:00:36 16384 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 21:50:58.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:10:42 PM

Posted 03 February 2010 - 11:58 PM

Hi jingle103
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

I'm going over your logs now.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:10:42 PM

Posted 04 February 2010 - 12:13 AM

Hi jingle103

Please do the following.

Download ComboFix from Here

Before saving it rename it to Mobofcix.exe then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 jingle103

jingle103
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 04 February 2010 - 02:52 AM

Unfortunately, I can no longer use that machine. If there is any information you have about how I got these viruses and how to avoid or minimize the risk in the future I would greatly appreciate it. As far as I know I've only opened safe emails, and visited known sites, etc.

I do thank you for your help, as well as any information or recommendations you might have for me as far as more effective tools to use. Obviously Mcafee isn't doing the job.

Cheers, Jake.

#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:10:42 PM

Posted 04 February 2010 - 08:46 PM

Hi jingle103
QUOTE
I can no longer use that machine

Sorry to hear that, Thanks for letting us know.

QUOTE
how to avoid or minimize the risk in the future


Here are some pointers.

First, Surf Safely, Do not click on banners or advertisements and stay away from "shady" web sites.
You are not winning a free laptop. rolleyes.gif

Do not use P2P file sharing such as Limewire, uTorrent, or any of the others.

Here are a few Preventive recommendations:

The following is a list of tools and utilities that we recommend to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
    To do this just Click > Start > All Programs Click on > Windows Update, and follow the online instructions from there.
    (It is recommended that you have Windows Updates set to download and install automatically.)

  2. One of your first defenses against infections and hackers is an Anti-virus and Firewall
    These are a Must Have to help keep you protected in todays Internet world.
    Here are some good ones and the best part, they are Free!

    Please Download and run only 1 AV and only 1 firewall.

    Anti-Virus
    AVGFree
    Avast
    Avira

    Firewall
    Comodo Firewall > During the setup process you will be given a choice, Please choose: Install the Firewall as a standalone
    Zonealarm Firewall

    Download, Update and scan your computer with the AV. Quarantine/Delete anything it finds.
    Check for updates at least once a week and do regular scans. Most AVs can be scheduled to scan at a given time, this is also recommended.

    Also I suggest you read this.
    Understanding Firewalls

  3. Malwarebytes' Anti-Malware (MBAM)
    http://www.malwarebytes.org/mbam.php (Home page)
    Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware.
    Some Key Features:
    Operating Systems: Microsoft Windows 2000, XP, Vista.
    Database updates released daily.
    Works together with other anti-malware utilities.
    This is a free program with the option of Activating a full version, unlocking realtime protection, scheduled scanning, and scheduled updating. It is a one time fee of $24.95 for the full version.
    Remember to ALWAYS check for and install available updates prior to scanning!

  4. Spybot Search & Destroy- A well known and reputable, FREE (for personal use) adware, spyware and malware removal program. Spybot has some great features to help protect against future infection too, as well as several other useful utilities built in. Check out the FAQ and Tutuorial pages while you're there!
    Remember to ALWAYS check for and install available updates prior to scanning!

  5. Ad-Aware - Another well known and reputable, FREE (for personal use) adware, spyware and malware removal program, Ad-Aware and Spybot S & D compliment each other very well, each finding and/or removing things the other doesn't. Regular scans with these two applications will help to ensure that many nasties managing to sneek in get caught and removed. The first in anti-spyware packages, Ad-Aware has the experience to provide a powerful cleaning tool. Also available in a feature-rich Professional version, making Ad-Aware an attractive package for everyone from Home user to Enterprise.
    Remember to ALWAYS check for and install available updates prior to scanning!

  6. SpywareBlaster is a Freeware (for personal use) application that will help to prevent the installation of spyware and other potentially unwanted software. It accomplishes this by blocking the installation of many known bad ActiveX controls, spyware and tracking cookies, and restricting the actions of potentially unwanted sites. SpywareBlaster does not require any running or background processes to work once protections are enabled, which means it will not slow down your system in any way.

  7. SpywareGuard - A Spyware "Shield" to protect your computer, acting much like your antivirus real-time protection. It's features include scanning files for spyware before you open them, blocking spyware downloads in Internet Explorer and monitoring/preventing attempted browser hijacking. Small and lightweight, yet powerful! Compatible with Windows 98, ME, 2000 & XP
    FREEWARE (for personal use)

  8. The MVPS Hosts File or similar HOSTS file will actually block a list of known bad sites from even loading in your browser. It can also be used to block ads, banners, 3rd party cookies and more. Operating system compatibility and installation instructions are provided.

  9. Install WinPatrol to monitor some key registry locations, file system changes, and other important areas, and have it alert you of the changes BEFORE allowing them to take place.

  10. Another thing we would suggest is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites. When using a search engine, The Ratings show up as small dots next to the web site. Green for Good, Yellow for Caution, Red for bad. Set your cursor on the dot for a small pop up window that provides more information on that web site.
    Web Browser: Internet Explorer 6 or 7. : Also works with Firefox.
    Operating System: Windows 2000 (Service Pack 4) Windows XP and Windows Vista

  11. If you would prefer something other then McAfee SiteAdvisor, you can go with this.
    WOT Web Of Trust.
    This is also free and is a well respected tool.

Now just because you have security applications installed, they are useless unless updated regularly.
Most of the above recommended applications are updated periodically, and it's up to you to check for updates. Set aside time in a day each month to update all of your protections.


To find out more information about how you got infected in the first place and more great guidelines to follow to prevent future infections you can read
this article by Grinler

Surf Safely!
Maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:42 AM

Posted 05 February 2010 - 08:21 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users