Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup.exe possible malware?, asking for Windows 7 assistance


  • This topic is locked This topic is locked
4 replies to this topic

#1 mrp13

mrp13

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 09 February 2013 - 07:32 AM

Microsoft Windows 7

PUP:adware!

Noticed Setup.exe on desktop and immediately deleted it but windows defender notifies of PUP:adware! on manual scan only

 

In the past hours or so I have noticed a few pop ups and unusual redirects to apparently fraudulent websites even on legitamite web searches.

I have installed some games for my younger family members recently, maybe?!?

I have noticed some hits in performance and would really appreciate some help.

 

Thanks in advance and respectfully,

s/Mr P of United States

09 FEB 2013 #

 

Ref: DDS.txt

 

PS I posted DDS log, apologies if out of procedure. ###

---

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by Family at 5:27:10 on 2013-02-09
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4069.2745 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://encrypted.google.com/
mWinlogon: Userinit = userinit.exe,
BHO:
Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO:
Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler:
{B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files
(x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE:
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF:
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -
hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1347284973235
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: Interfaces\{C8227ECE-39DE-4F30-A101-4764EAD9A1F7} : NameServer = 208.67.222.222,208.67.220.220
Filter:
text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files
(x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler:
wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files
(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO:
Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler:
{B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft
Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-Filter:
text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program
Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\pgr0t33u.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Family\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-25 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-9-10 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-9-10 370288]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-11-24 78208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-25 203776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-9-10 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-9-10 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-5 44808]
R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2
jhi_service;Intel® Identity Protection Technology Host Interface
Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
[2011-2-23 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 398184]
R2
UNS;Intel® Management and Security Application User Notification
Service;C:\Program Files (x86)\Intel\Intel® Management Engine
Components\UNS\UNS.exe [2011-8-25 2656280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-10 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2
clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN
v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET
Framework NGEN
v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
[2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-20 682344]
S2
RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common
Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25
219632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3
RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common
Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25
1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 60 ================
.
2013-02-09 00:50:18    --------    d-----w-    C:\ProgramData\Bohemia Interactive Studio
2013-02-08 13:18:36    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-08 12:09:35    --------    d-----w-    C:\Users\Family\AppData\Roaming\addpcs
2013-02-08 12:09:28    --------    d-----w-    C:\Program Files\Temp File Cleaner
2013-02-02 14:36:14    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-27 15:21:02    --------    d-----w-    C:\Program Files\Paint.NET
2013-01-27 15:20:46    --------    d-----w-    C:\Users\Family\AppData\Local\Paint.NET
2013-01-27 05:30:59    68104    ----a-w-    C:\Windows\System32\XAPOFX1_0.dll
2013-01-27 05:16:08    --------    d-----w-    C:\Program Files (x86)\Bohemia Interactive
2013-01-27 01:34:05    --------    d-----w-    C:\Program Files (x86)\SIX Networks
2013-01-09 15:22:59    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-05 18:22:08    50800    ----a-w-    C:\Windows\System32\drivers\point64.sys
2012-12-29 15:47:06    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-29 15:47:06    --------    d-----w-    C:\Program Files\iTunes
2012-12-29 15:47:06    --------    d-----w-    C:\Program Files\iPod
2012-12-29 15:47:06    --------    d-----w-    C:\Program Files (x86)\iTunes
2012-12-29 14:40:50    --------    d-----w-    C:\Users\Family\AppData\Local\Programs
2012-12-27 15:14:16    --------    d-----w-    C:\Users\Family\AppData\Roaming\Xfire
2012-12-27 15:13:19    --------    d-----w-    C:\ProgramData\Xfire
2012-12-27 15:13:17    --------    d-----w-    C:\Program Files (x86)\Xfire
2012-12-21 10:00:38    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-21 10:00:38    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-21 10:00:37    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-21 10:00:33    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-18 19:08:32    209112    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-12-12 23:47:49    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2012-12-12 23:47:49    2048    ----a-w-    C:\Windows\System32\tzres.dll
2012-12-12 23:47:10    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2012-12-12 23:47:10    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
.
==================== Find6M  ====================
.
2013-02-08 13:18:29    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-08 13:18:29    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-02-07 23:18:13    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 23:18:13    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-02 14:36:11    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-02 14:36:11    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2012-12-14 23:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-07 20:40:40    42440    ----a-w-    C:\Windows\SysWow64\xfcodec.dll
2012-12-07 20:40:38    28104    ----a-w-    C:\Windows\System32\xfcodec64.dll
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-12-01 13:01:27    16200    ----a-w-    C:\Windows\stinger.sys
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2012-11-23 03:13:57    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-11-14 06:02:49    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2012-11-09 04:43:04    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2012-11-02 22:38:36    862664    ----a-w-    C:\Windows\SysWow64\msvcr110.dll
2012-11-02 22:38:36    828872    ----a-w-    C:\Windows\System32\msvcr110.dll
2012-11-02 22:38:36    661448    ----a-w-    C:\Windows\System32\msvcp110.dll
2012-11-02 22:38:36    534480    ----a-w-    C:\Windows\SysWow64\msvcp110.dll
2012-11-02 22:38:36    354264    ----a-w-    C:\Windows\System32\vccorlib110.dll
2012-11-02 22:38:36    251864    ----a-w-    C:\Windows\SysWow64\vccorlib110.dll
2012-11-02 22:38:36    1795952    ----a-w-    C:\Windows\System32\WdfCoInstaller01011.dll
2012-11-01 05:43:42    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2012-10-30 23:51:55    984144    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55    71600    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07    41224    ----a-w-    C:\Windows\avastSS.scr
2012-10-25 10:12:26    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 10:12:26    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52    561664    ----a-w-    C:\Windows\apppatch\AcLayers.dll
2012-10-15 16:59:28    54072    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54    1914248    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21    70656    ----a-w-    C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21    303104    ----a-w-    C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17    246272    ----a-w-    C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17    18944    ----a-w-    C:\Windows\System32\netevent.dll
2012-10-03 17:44:16    216576    ----a-w-    C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16    569344    ----a-w-    C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24    18944    ----a-w-    C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24    175104    ----a-w-    C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23    156672    ----a-w-    C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26    45568    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 05:32:08    2177688    ----a-w-    C:\Windows\System32\coin92.dll
.
============= FINISH:  5:27:23.41 ===============


Edited by hamluis, 09 February 2013 - 08:14 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:52 AM

Posted 09 February 2013 - 04:33 PM

Good evening. smile.png
 

windows defender notifies of PUP:adware! on manual scan only

Can you tell me exactly what infection is being reported, does it just say PUP:adware! or anything more, what files are infected and also do you allow Windows Defender to delete them and, if so, do they reappear when you scan after a reboot?


So long, and thanks for all the fish.

 

 


#3 mrp13

mrp13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 11 February 2013 - 12:16 AM

Thanks for your quick reply!

I have it as exactly PUP:adware! and after allowing Windows Defender and avast! to run I believe there is no problems as of now.

Everything is clean then?

Respectfully, Mr P 10 FEB 2013 # ###

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:52 AM

Posted 11 February 2013 - 03:12 PM

Good evening. smile.png

A PUP is a Potentially Unwanted Program - one that some people will be happy to have on their system but others will not. This will include programs that display adverts as the price of getting the functionality of the application for free, for example.

Given that your security programs are clean, and that the threat was probably not that great in the first place, i'd say you were good to go.


So long, and thanks for all the fish.

 

 


#5 mrp13

mrp13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 12 February 2013 - 07:50 AM

Excellent, I do not want adware and will classify it as no-go on me computers. Please close this thread with my thanks! laugh.png 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users