Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91631 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help Needed


  • Please log in to reply
1 reply to this topic

#1 teresam73

teresam73

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 April 2008 - 01:56 PM

I am actually posting this for my parents... XP OS & I have downloaded SDFix & ran that as well & working on getting them more AntiVirus Protection & doing some more cleaning up of the system(ex.defrag, updating windows & such), so any advise for antivirus would be greatly appreciated as well. Thanks in advance...

Anyways, here's the HijackThis log & SDFix report as well....




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:34 PM, on 4/6/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MsnFixer.lnk = ?
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6456A712-7D8D-4F27-8FE4-F69857C82954}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3357 bytes










SDFix: Version 1.167
Run by Owner on Sun 04/06/2008 at 02:43 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\EK.EXE - Deleted
C:\WINDOWS\system32\1.htm - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\o - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 14:59:38
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 18 Aug 2001 94,784 ..SH. --- "C:\WINDOWS\twain.dll"
Sat 18 Aug 2001 46,592 ..SH. --- "C:\WINDOWS\twain_32.dll"
Fri 22 Mar 2002 36,864 A.SHR --- "C:\Program Files\Detto\DettoWeb.exe"
Thu 21 Mar 2002 2,513,981 A.SHR --- "C:\Program Files\Detto\IntelliMover Demo.exe"
Sat 18 Aug 2001 995,383 ..SH. --- "C:\WINDOWS\system32\mfc42.dll"
Sat 18 Aug 2001 50,688 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Sat 18 Aug 2001 401,462 ..SH. --- "C:\WINDOWS\system32\msvcp60.dll"
Sat 18 Aug 2001 322,560 ..SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Wed 4 Apr 2007 1,242,605 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak1"
Sat 18 Aug 2001 569,344 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Sat 18 Aug 2001 106,496 ..SH. --- "C:\WINDOWS\system32\olepro32.dll"
Sat 18 Aug 2001 9,728 ..SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Fri 30 Mar 2007 1,277,392 A.SH. --- "C:\WINDOWS\system32\yccdd.tmp"
Thu 29 Mar 2007 1,272,878 A.SH. --- "C:\WINDOWS\system32\yccdd.bak1"
Fri 30 Mar 2007 1,274,691 A.SH. --- "C:\WINDOWS\system32\yccdd.bak2"
Sat 14 Apr 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\432b7d8c0af6fbb39177c4091c0bfe14\BIT11.tmp"
Sat 14 Apr 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7385ee21bf1530c2e77f4e9a68b5c196\BITC.tmp"
Mon 14 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cdbe7c798e60d7c87f164d8de7e7e7e8\BIT1.tmp"
Thu 26 Apr 2007 426,344 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f1029acf04e464ca3acb87136d905ad9\BIT5.tmp"

Finished!

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 07 April 2008 - 03:06 PM

No AV, no firewall, and no Service Packs for Windows - reformat and reinstall the OS. The computer is a slime magnet for everything and anything that goes by the name of malware, and there's nothing to stop it getting onto the PC. Once you get the PC back up and running, get to Windows Updates and download everything that Microsoft has on offer.

There are a few free firewalls available.
Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingc...tutorial60.html

Free Avs.
Avg Free Edition: Available here.
avast! 4 Home Edition: Available here
AntiVir PersonalEdition Classic :Available here

While you can download them all to see which one you prefer, only install one at a time - running two or more anti-virus programs simultaneously can cause conflicts resulting in less, not more, protection.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users