Just the other day it acted funny and i noticed my MSE had shut down and acted like it couldn't start because it was missing some service files. I tried to restart the service but it tells me it's not even there anymore. I would also get errors on host processes for windows service had stopped working. It would drop host processes about every 15 minutes.
In the meantime i did a scan with Malware Bytes and came up with a exploit,drop.cfg trojan.
I got on the MSE forums to try and get that back up again and deleted all my old AVG programs and files, deleted and reinstalled MSE again, which got that going again. It never came up with anything in new scans but as i was looking through the MSE history, i found about 150 instances of it finding a trojan Win64/siefef.w over the last couple days which it quarenteened. The trojan attacks have stopped and so have the dropped hosts, but i noticed that Windows Firewall will not start up due to an undisclosed problem. So there is still something going on.
It also had been freezing alot during the early stages but that seems to be gone now. Some of the other strange things seem to be if i move my desktop icons around, they will be put back to the default positions every time i reboot. Windows security center cannot be started. It says the service is turned off and will not start when i try to restart it. I had a severly old version of Java, which may have been the source of the attack, but have since updated it, but when i go back to their site to show me which version i have, it always tells me i'm running the old version. Do i need to delete the old version? Same goes for IE9. I downloaded it but it always wants to run IE8.
Sorry for such a long post, just wanted to tell everything about this. I do have a ghosted version of my HHD saved, so if all else fails, i can go back to it. Sounds like whatever this is wont let me start up much of my malware services. Malware Bytes has shown clean since the first exploit file was found. I have also seen many sites that claim to remove the Trojan Win64/siefef.w problem but of course most of them just want to get you to buy their inferior product. Is trojanremoval.org a reputable site?
Your forums and sites have been very helpful to me in the past and i want to thank everyone involed here for their help so far.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.4.1
Run by Jerry at 14:19:33 on 2012-05-26
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.archerytalk.com/vb/forumdisplay.php?f=1
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
uWindows: Load=C:\Users\Jerry\AppData\Local\Temp\{57150~1.EXE
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Advanced System Protector]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: facebook.com\%20www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
TCP: Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319} : DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [Advanced System Protector]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-26 17:37:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF940C14-A769-49F5-AC8E-6E66F883536F}\offreg.dll
2012-05-26 17:32:43 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF940C14-A769-49F5-AC8E-6E66F883536F}\mpengine.dll
2012-05-25 13:03:21 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 01:56:47 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78C7667C-5F86-483B-B891-0F54D567B0AB}\gapaengine.dll
2012-05-24 01:51:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-24 01:51:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-23 00:02:16 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-23 00:01:47 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-23 00:01:47 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-21 20:37:05 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-09 21:06:23 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 21:05:58 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 21:05:57 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 13:33:15 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-21 05:35:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-21 05:35:29 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-21 05:35:29 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-21 05:31:26 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-05 13:33:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:33:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-29 19:21:24 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:21:24 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 11:30:48 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 08:12:52 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-28 06:34:19 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:30:31 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 06:30:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:30:01 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-28 06:30:01 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-28 05:41:20 479232 ----a-w- C:\Windows\System32\html.iec
2012-02-28 05:00:09 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-02-28 04:58:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
.
============= FINISH: 14:20:16.58 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark Vantage
3DMark05
3DVIA Shape for Maps
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
Advanced System Protector
AMD OverDrive
Auslogics Disk Defrag
AV Grabber
Beta 0.9.0
Browser Configuration Utility
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CDDRV_Installer
Creative Audio Control Panel
Creative Console Launcher
Creative Sound Blaster Properties x64 Edition
Creative System Information
Creative ZEN
Disk Space Fan 2.2.7.820
DMIView B7.0108.01
Drv
EasyTune5Pro
Emsisoft Anti-Malware
ERUNT 1.1j
EVEREST Ultimate Edition v5.50
EZ Grabber
Futuremark SystemInfo
GIMP 2.6.8
GoGear VIBE Device Manager
Google Earth
Google Update Helper
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
i-Cool
Indeo® software
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 7 Update 4
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Media Converter for Philips
Microsoft DirectX SDK (June 2010)
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mp3tag v2.44
MSI Afterburner 1.6.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PandoraRecovery (Remove Only)
PCMark Vantage
Phone F USB Driver
Photo-grapher 1
PIXresizer 2.0.4
PunkBuster Services
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RepairSolutions
Rhapsody
Seagate DiscWizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Shaft Selector Xpert
SmartSound Quicktracks Plugin
Sony DVD Architect Studio 4.5d
SpeedFan (remove only)
SpywareBlaster 4.6
Steam
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
Terrain Navigator Pro
Ulead DVD DiskRecorder 2.1.1
Ulead Straight-to-Disc SDK
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Movie Studio Platinum 9.0b
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
WinRAR archiver
Xfire (remove only)
Z Engine
.
==== End Of File ===========================