Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CCE ( comodo cleaning essentials ) - false positiv ?


  • This topic is locked This topic is locked
16 replies to this topic

#1 eugen_pl

eugen_pl

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 20 April 2013 - 09:23 AM

Hi.

 

Please find the attached screenshots of CCE ( Comodo Cleaning Essentials ) scan result. 

 What now? Is it possible that this is just a false positive scan and cleaning results.

 

Windows 8 Pro.

 

 

Thanks for any help.

 

Eugene

 

Attached Files



BC AdBot (Login to Remove)

 


#2 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 20 April 2013 - 12:58 PM

MultiToolBox scan result :

 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>..

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Eugeniusz (administrator) on 20-04-2013 at 18:23:41
Running from "C:\Users\eugen_pl\Desktop"
Windows 8 Pro  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Broadcom 802.11n Network Adapter = WiFi (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Eugene_pl
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-F4-6A-0B-F7-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Business
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 60-EB-69-5F-94-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 18-F4-6A-0B-F7-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3ce2:ba45:3ece:9fbf%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 20 April 2013 15:33:35
   Lease Expires . . . . . . . . . . : 21 April 2013 15:33:39
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 253293674
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-9B-45-13-18-F4-6A-0B-F7-E9
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2408:1671:3f57:fffb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2408:1671:3f57:fffb%16(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4009:806::1000
 173.194.41.66
 173.194.41.67
 173.194.41.68
 173.194.41.69
 173.194.41.70
 173.194.41.71
 173.194.41.72
 173.194.41.73
 173.194.41.78
 173.194.41.64
 173.194.41.65
 
 
Pinging google.com [173.194.41.66] with 32 bytes of data:
Reply from 173.194.41.66: bytes=32 time=23ms TTL=57
Reply from 173.194.41.66: bytes=32 time=24ms TTL=57
 
Ping statistics for 173.194.41.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server:  SkyRouter.Home
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=426ms TTL=50
Reply from 98.138.253.109: bytes=32 time=425ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 425ms, Maximum = 426ms, Average = 425ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...1a f4 6a 0b f7 e9 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...60 eb 69 5f 94 46 ......Broadcom NetLink ™ Gigabit Ethernet
 12...18 f4 6a 0b f7 e9 ......Broadcom 802.11n Network Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 16    306 2001::/32                On-link
 16    306 2001:0:5ef5:79fd:2408:1671:3f57:fffb/128
                                    On-link
 12    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::2408:1671:3f57:fffb/128
                                    On-link
 12    281 fe80::3ce2:ba45:3ece:9fbf/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 \Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 \Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 \Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 \Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 \Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 \Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 \Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/20/2013 06:03:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x0004f44d
Faulting process ID: 0x106c
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report ID: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5
 
Error: (04/20/2013 02:24:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Eugene_pl)
Description: Activation of application microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/20/2013 02:24:41 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 43c
 
Start Time: 01ce3dca4a2b94cf
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 997c1caa-a9bd-11e2-bedf-60eb695f9446
 
Faulting package full name: microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.ModernPhotos
 
Error: (04/20/2013 02:24:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Eugene_pl)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
 
Error: (04/20/2013 00:14:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Eugene_pl)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/20/2013 00:14:53 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1018
 
Start Time: 01ce3db825c01bb2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 6e9c9bca-a9ab-11e2-bedf-60eb695f9446
 
Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31187
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31187
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/20/2013 10:58:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578
 
 
System errors:
=============
Error: (04/20/2013 02:35:35 PM) (Source: DCOM) (User: Eugene_pl)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (04/19/2013 05:01:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/18/2013 06:44:48 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/17/2013 03:45:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/17/2013 11:40:12 AM) (Source: BugCheck) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000000780, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP041713-72890-01
 
Error: (04/17/2013 11:39:51 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:54:40 on ?16/?04/?2013 was unexpected.
 
Error: (04/14/2013 06:11:37 PM) (Source: DCOM) (User: EUGENE_PL)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/14/2013 06:10:38 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (04/14/2013 06:10:38 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (04/14/2013 06:10:38 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2013 06:03:00 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16420505aaa82c00000050004f44d106c01ce3de601b96971C:\Users\eugen_pl\Downloads\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dll277e68bb-a9dc-11e2-bee1-60eb695f9446
 
Error: (04/20/2013 02:24:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Eugene_pl)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos-2144927142
 
Error: (04/20/2013 02:24:41 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642043c01ce3dca4a2b94cf4294967295C:\Windows\system32\wwahost.exe997c1caa-a9bd-11e2-bedf-60eb695f9446microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos
 
Error: (04/20/2013 02:24:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Eugene_pl)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
 
Error: (04/20/2013 00:14:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Eugene_pl)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
 
Error: (04/20/2013 00:14:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420101801ce3db825c01bb24294967295C:\Windows\system32\wwahost.exe6e9c9bca-a9ab-11e2-bedf-60eb695f9446microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31187
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31187
 
Error: (04/20/2013 10:58:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/20/2013 10:58:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-04 21:12:35.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\EUGENI~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-04 21:12:35.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\EUGENI~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-04 21:12:00.285
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\EUGENI~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Comodo Dragon (Version: 26.2.2.0)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.135)
HP Deskjet 3050A J611 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 28.0.1315.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.2.25)
Java Auto Updater (Version: 2.0.3.1)
LibreOffice 4.0 Help Pack (Polish) (Version: 4.0.2.2)
LibreOffice 4.0.2.2 (Version: 4.0.2.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Norton 360 (Version: 20.3.1.22)
Picasa 3 (Version: 3.8)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Skype Click to Call (Version: 6.7.12055)
Skype™ 6.3 (Version: 6.3.105)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SUPERAntiSpyware (Version: 5.6.1014)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 86%
Total physical RAM: 1782.81 MB
Available physical RAM: 233.44 MB
Total Pagefile: 3574.81 MB
Available Pagefile: 1459.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.19 MB
 
========================= Partitions: =====================================
 
1 Drive c: (eMachines) (Fixed) (Total:219.79 GB) (Free:152.06 GB) NTFS
2 Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\EUGENE_PL
 
Administrator            eugen_pl                 Eugeniusz                
Guest                    
 
 
**** End of log ****
 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<



#3 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 21 April 2013 - 12:44 PM

DDS Logs 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16519  BrowserJavaVersion: 10.21.2
Run by Eugeniusz at 18:37:48 on 2013-04-21
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.1783.485 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.pl/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN198410TN05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRunOnce: [Report] \AdwCleaner[S3].txt
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\EUGENI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3EFDF6D3-57E3-4538-BEAA-FD1E32EF10B9} : DHCPNameServer = 194.204.152.34 194.204.159.1
TCP: Interfaces\{7B91E52B-DFE9-4C7D-AFB7-9FBDA2FEFE8C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7B91E52B-DFE9-4C7D-AFB7-9FBDA2FEFE8C}\14761647F5135373 : DHCPNameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{7B91E52B-DFE9-4C7D-AFB7-9FBDA2FEFE8C}\35B4955373634373 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 DLACDBHE;DLACDBHE;C:\Windows\System32\Drivers\DLACDBHE.SYS [2013-2-3 17776]
R0 DRVECDB;DRVECDB;C:\Windows\System32\Drivers\DRVECDB.SYS [2013-2-3 124112]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-2-3 53488]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1403010.016\symds64.sys [2013-4-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1403010.016\symefa64.sys [2013-4-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-13 1390680]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1403010.016\ccsetx64.sys [2013-4-16 168096]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\Drivers\DLARTL_E.SYS [2013-2-3 41072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130419.001\IDSviA64.sys [2013-4-20 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1403010.016\ironx64.sys [2013-4-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1403010.016\symnets.sys [2013-4-16 432800]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\Drivers\DLABMFSE.SYS [2013-2-3 46448]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\Drivers\DLABOIOE.SYS [2013-2-3 42352]
R2 DLADResE;DLADResE;C:\Windows\System32\Drivers\DLADResE.SYS [2013-2-3 9968]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\Drivers\DLAIFS_E.SYS [2013-2-3 146672]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\Drivers\DLAOPIOE.SYS [2013-2-3 35056]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\Drivers\DLAPoolE.SYS [2013-2-3 19824]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\Drivers\DLAUDF_E.SYS [2013-2-3 144112]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\Drivers\DLAUDFAE.SYS [2013-2-3 135152]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-4-19 2074760]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\Drivers\DRVEDDM.SYS [2013-2-3 63984]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-21 168384]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-30 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1403010.016\symelam.sys [2013-4-16 23448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-21 16:42:52 -------- d-----w- C:\Program Files\CCleaner
2013-04-21 00:52:18 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-20 18:23:12 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-20 18:22:53 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-20 16:35:21 -------- d-----w- C:\Program Files\HitmanPro
2013-04-20 16:34:02 -------- d-----w- C:\ProgramData\HitmanPro
2013-04-20 15:39:23 -------- d-----w- C:\Users\Eugeniusz\AppData\Roaming\SUPERAntiSpyware.com
2013-04-20 14:46:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-20 13:34:32 -------- d-----w- C:\CCE_Quarantine
2013-04-20 11:35:58 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0
2013-04-19 12:55:04 -------- d-----w- C:\Users\Eugeniusz\AppData\Roaming\QuickScan
2013-04-19 12:47:56 -------- d--h--w- C:\Windows\AxInstSV
2013-04-19 12:42:00 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-04-19 12:42:00 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-04-16 09:02:37 796248 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtsp64.sys
2013-04-16 09:02:37 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys
2013-04-16 09:02:37 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys
2013-04-16 09:02:37 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\srtspx64.sys
2013-04-16 09:02:37 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1403010.016\symelam.sys
2013-04-16 09:02:37 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys
2013-04-16 09:02:37 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys
2013-04-16 09:02:37 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys
2013-04-16 09:02:09 -------- d-----w- C:\Windows\System32\drivers\N360x64\1403010.016
2013-04-11 15:16:51 220952 ----a-w- C:\Users\Eugeniusz\AppData\Local\lps_setup.exe
2013-04-07 15:18:09 -------- d-----w- C:\Users\Eugeniusz\AppData\Local\Comodo
2013-04-07 15:17:52 -------- d-----w- C:\Program Files (x86)\Comodo
2013-04-07 15:04:16 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-04-07 09:38:59 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-07 09:38:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-01 14:49:24 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-04-01 14:49:24 -------- d-----w- C:\Windows\SysWow64\drivers\pl-PL
2013-04-01 14:48:13 -------- d-----w- C:\Windows\SysWow64\wbem\pl-PL
2013-04-01 14:48:13 -------- d-----w- C:\Windows\SysWow64\pl
2013-04-01 14:47:56 -------- d-----w- C:\Windows\pl-PL
2013-04-01 14:47:23 -------- d-----w- C:\Windows\System32\drivers\pl-PL
2013-04-01 14:43:55 -------- d-----w- C:\Windows\System32\wbem\pl-PL
2013-04-01 14:43:54 -------- d-----w- C:\Windows\System32\pl
2013-04-01 14:20:59 5120 ----a-w- C:\Windows\System32\drivers\pl-PL\fltmgr.sys.mui
2013-03-29 22:57:56 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2013-03-29 22:38:06 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-03-29 22:29:28 -------- d-----w- C:\Windows\pss
2013-03-28 19:37:34 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-28 19:37:33 -------- d-----w- C:\Program Files\Symantec
2013-03-28 19:37:33 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-03-28 19:33:38 -------- d-----w- C:\Windows\System32\drivers\N360x64
2013-03-28 19:33:36 -------- d-----w- C:\Program Files (x86)\Norton 360
2013-03-28 19:25:54 -------- d-----w- C:\ProgramData\PCSettings
2013-03-25 21:24:32 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-25 21:08:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-24 15:34:57 -------- d-----w- C:\Users\Eugeniusz\AppData\Local\NPE
.
==================== Find3M  ====================
.
2013-04-20 18:22:24 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-03 20:30:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-02-03 20:30:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
.
============= FINISH: 18:38:00.45 ===============
 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 23 April 2013 - 07:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Posted Image
m0le is a proud member of UNITE

#5 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 24 April 2013 - 01:12 AM

Hi m0le

 

 

Thank you for the  response.

 

I am here, waiting for instructions :-)

 

eugen_pl



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 24 April 2013 - 08:15 PM

Could be a false positive but let's see

 

Please download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it

  • Click the Scan button to start the scan

  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

 


Posted Image
m0le is a proud member of UNITE

#7 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 25 April 2013 - 03:19 PM

Hi m0le.

 

aswMBR not finish scanning. Has always stop at the scan:  Scanning: service winDefend C: \ Program File             sys      A message appears: A Problem Caused the program stop working correctlt. .
Windows will close the program and notify if a solution is available.



#8 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 25 April 2013 - 03:22 PM

rkill log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/25/2013 09:21:15 PM in x64 mode.
Windows Version: Windows 8 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * WinDefend => "%ProgramFiles%\Windows Defender\MsMpEng.exe" [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost

Program finished at: 04/25/2013 09:21:29 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 25 April 2013 - 06:31 PM

Can you disable Windows Defender before you run aswMBR?

 

Instructions here


Posted Image
m0le is a proud member of UNITE

#10 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 25 April 2013 - 06:53 PM

Windows Defender is turned off completely ( all time ). Before aswMBR disable  Norton 360 also.



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 25 April 2013 - 07:41 PM

Strange that aswMBR is being stopped by a program which is turned off

 

Let's try Gmer

 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

 


Posted Image
m0le is a proud member of UNITE

#12 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 April 2013 - 05:32 AM

Hi,

 

Gmer log:

 

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-26 11:29:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 Hitachi_HTS545025B9A300 rev.PB2OC60F 232.89GB
Running: rr1dp3hn.exe; Driver: C:\Users\EUGENI~1\AppData\Local\Temp\pglyipow.sys

---- User code sections - GMER 2.1 ----

.text   C:\Windows\System32\spoolsv.exe[1232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                    000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Windows\System32\spoolsv.exe[1232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                    000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                    000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                    000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Windows\Explorer.EXE[2716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                            000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Windows\Explorer.EXE[2716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                            000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[3320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[3320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Windows\system32\RunDll32.exe[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fc286e1532 4 bytes [6E, 28, FC, 07]
.text   C:\Windows\system32\RunDll32.exe[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fc286e153a 4 bytes [6E, 28, FC, 07]
.text   C:\Windows\system32\RunDll32.exe[3596] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fc286e165a 4 bytes [6E, 28, FC, 07]
.text   C:\Windows\system32\RunDll32.exe[3596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Windows\system32\RunDll32.exe[3596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe[3928] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fc3664177a 4 bytes [64, 36, FC, 07]
.text   C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe[3928] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fc36641782 4 bytes [64, 36, FC, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fc286e1532 4 bytes [6E, 28, FC, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fc286e153a 4 bytes [6E, 28, FC, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4740] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fc286e165a 4 bytes [6E, 28, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [508:540]                                                                                                               fffff960008575e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                     -942374782
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                       3420
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                      1650

---- EOF - GMER 2.1 ----

 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 26 April 2013 - 08:21 PM

There doesn't seem to be anything amiss there.

 

Can you run an online scan with ESET

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 


Posted Image
m0le is a proud member of UNITE

#14 eugen_pl

eugen_pl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 27 April 2013 - 09:19 AM

Hi m0le

 

ESET OnlineScan " said " :-)

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

 

C:\CCE_Quarantine\{4F118634-FFFB-4D7B-9C78-5D191FAAC187} a variant of Win32/InstallBrain application cleaned by deleting - quarantined

C:\Users\Eugeniusz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWUZLHQQ\pack[1].7z multiple threats deleted - quarantined

C:\Users\Eugeniusz\AppData\Local\Temp\7ED837E8-BAB0-7891-9DAB-D5868702EFF0\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C application cleaned by deleting - quarantined

C:\Users\Eugeniusz\AppData\Local\Temp\7ED837E8-BAB0-7891-9DAB-D5868702EFF0\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined

C:\Users\Eugeniusz\AppData\Local\Temp\7ED837E8-BAB0-7891-9DAB-D5868702EFF0\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined

C:\Users\Eugeniusz\Downloads\Open Office\openoffice setup.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined

C:\Users\eugen_pl\Downloads\FreeOCR.net(12517).exe Win32/InstallCore.BL application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Norton\{NBRT50-B26-Retail-4abb-B07C-C084B04B4F12}\bleep\driver_fusion_1.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined

 

 

;-( , ;-( 

 

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:10 AM

Posted 28 April 2013 - 03:45 AM

;-( , ;-(

 

Why the sad faces? ESET has removed some remnants of adware like OpenCandy and Babylon but none of the tools have flagged the item that Comodo has. However, files in the Servicing/Packages folder are system files and the K numbers are updates. I believe Comodo has flagged a hidden file (such as they are) and catalogued it as hidden file or rootkit which is a bit ambiguous. It is a hidden file and a legitimate one at that.

 

Your machine is clean, so, are you having any problems with it at present?

 

 

 

 


Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users