Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit.JS.Pdfka.ggk found by Kaspersky


  • This topic is locked This topic is locked
10 replies to this topic

#1 Quevvy

Quevvy

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 19 May 2013 - 04:37 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by Owner at 16:34:51 on 2013-05-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.3886 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGGA.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [EPSON NX125 NX127 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGGA.EXE /FU "C:\Windows\TEMP\E_SC512.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{8E6976E9-04C1-4B84-BA53-9078D44DB66F} : DHCPNameServer = 64.233.207.8 64.233.207.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ebti5b0y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-27 55280]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203776]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-27 658656]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-27 320040]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-25 1255736]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
.
=============== Created Last 30 ================
.
2013-05-19 21:28:26 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-19 21:28:26 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-19 21:28:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2013-05-19 21:28:25 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2013-05-19 21:28:23 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-19 21:28:23 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-19 21:28:23 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-19 21:27:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-19 16:03:52 -------- d-----w- C:\Users\Owner\AppData\Local\{3AAFC194-5875-46F2-A3D5-D42306F871BF}
2013-05-18 20:58:50 -------- d-----w- C:\Users\Owner\AppData\Local\{BD52D5DF-337B-40AE-A6FA-C41279076284}
2013-05-17 21:09:59 -------- d-----w- C:\Users\Owner\AppData\Local\{32884227-B5D3-4DB3-83F3-9550CBF75D4B}
2013-05-17 18:31:16 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46D9FC90-4738-4489-9D2A-4A31B7DC7CF1}\offreg.dll
2013-05-17 18:30:22 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46D9FC90-4738-4489-9D2A-4A31B7DC7CF1}\mpengine.dll
2013-05-16 08:02:29 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-16 08:02:29 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 21:24:42 -------- d-----w- C:\Users\Owner\AppData\Local\{E707C2DA-D3E9-4415-ADB6-5C7E83080172}
2013-05-13 00:25:23 -------- d-----w- C:\Users\Owner\AppData\Local\{204166F2-FF21-4CB2-B68B-F9AC62B2F504}
2013-05-11 21:05:06 -------- d-----w- C:\Users\Owner\AppData\Local\{AB98230A-6CE4-4FE4-AF5C-12C63BA35FE9}
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 21:49:46 -------- d-----w- C:\Users\Owner\AppData\Local\{50AB4291-78D7-44AD-8A9A-9E1C515341B9}
2013-05-03 17:50:45 -------- d-----w- C:\Users\Owner\AppData\Local\{B6774A00-081A-4472-AAAE-45BD5BB249BC}
2013-05-03 13:04:58 -------- d-----w- C:\96e38bb0a5c02d1b4d461e118b8a38
2013-04-30 17:56:26 -------- d-----w- C:\Users\Owner\AppData\Local\{86C56F5B-E50C-4423-92F0-EB1819C94FBE}
2013-04-30 07:32:14 -------- d-----w- C:\d63b644ffdc27d8f6286160b313443
2013-04-29 18:40:08 -------- d-----w- C:\Users\Owner\AppData\Local\{62AD18B6-F154-4033-BDFA-F45EEA774627}
2013-04-28 13:27:46 -------- d-----w- C:\Users\Owner\AppData\Local\{6CC102CA-EA0F-4387-A6FB-D5CC360690B3}
2013-04-26 13:16:24 -------- d-----w- C:\Users\Owner\AppData\Local\{3717E153-80B5-4164-B5BC-CDD015FDB66A}
2013-04-26 11:49:18 -------- d-----w- C:\e95f15524b72a3791d56
2013-04-25 21:32:52 -------- d-----w- C:\Users\Owner\AppData\Local\{ECB57342-DA98-4A8F-B4BD-49002AC020B1}
2013-04-24 21:55:41 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-24 02:42:06 -------- d-----w- C:\Users\Owner\AppData\Local\{BDBCC63E-D426-4799-9B13-B57B5D82BB92}
2013-04-23 11:42:43 -------- d-----w- C:\Users\Owner\AppData\Local\{2FC38BBC-6A4A-45C8-8DED-223A394957E1}
2013-04-22 19:07:33 -------- d-----w- C:\Users\Owner\AppData\Local\{D5B9C5BB-18CD-4597-9BA7-88C7AD937A7D}
2013-04-21 22:10:12 -------- d-----w- C:\Users\Owner\AppData\Local\{32FF822D-E437-4C77-B94D-B4DB2EB5A41F}
2013-04-21 10:09:49 -------- d-----w- C:\Users\Owner\AppData\Local\{B264ADB4-47D7-4BB7-8A78-9B0B9A63FDA1}
2013-04-20 21:10:29 -------- d-----w- C:\Users\Owner\AppData\Local\{70C66604-0588-4552-86F5-85E00DC89275}
2013-04-20 05:49:24 -------- d-----w- C:\Users\Owner\AppData\Local\{4BDE78BB-A9BC-4F6A-8E88-FD179D06B079}
.
==================== Find3M  ====================
.
2013-05-19 21:27:02 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-19 21:27:02 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-14 23:14:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:14:21 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-23 14:02:05 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-04-23 14:02:05 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-04-23 14:02:04 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 16:35:18.73 ===============


BC AdBot (Login to Remove)

 


#2 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 22 May 2013 - 05:53 PM

Hi Quevvy,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. Thanks!

 

Oseyerus13



#3 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 23 May 2013 - 11:16 PM

Are there any other scans that I should perform in the meantime?

#4 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 25 May 2013 - 01:57 PM

Your first post mentioned a virus that Kaspersky had found. Please post a copy of the log Kaspersky produced in your next post.


Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Please follow these steps to update Adobe flash:

  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

 

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link

  • Close all open browsers before using, especially FireFox. <-Important!!!
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
  • Notes: On Vista, "Windows Temp" is disabled. To empty Temp, ATF-Cleaner must be Run As Administrator.
    The Prefetch cleaning feature has been disabled for Vista Users. Tabs for applications that are not installed are grayed out.

 

Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



#5 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 25 May 2013 - 02:48 PM

Kaspersky Log:
 
Type: Trojan program (34)
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:12 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:12 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0009// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:12 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0010// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0006// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0004// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f06_b04_crypt_io_copy.tmp// data0008
Exploit.JS.Pdfka.ggk Clean on Quarantine 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0000// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0009// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f06_b04_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp// data0008
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0007// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0001// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0010// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0003// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:11 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0002// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:31:04 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp// data0008
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:18 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0006// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:17 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0004// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:13 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0003// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:12 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0002// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:10 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0001// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:07 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0000// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:06 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f06_b04_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 5:30:01 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f06_b04_crypt_io_copy.tmp// data0008
HEUR:Exploit.Java.CVE-2012-1723.gen Detected; not processed 5/20/2013 5:24:15 PM C:\Documents and Settings\Tommy D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\ 6103586c-1ad3cf2c
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 4:45:13 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f1f64_b1c_crypt_io_copy.tmp//data0007// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 4:04:05 PM C:\Documents and Settings\All Users\Kaspersky Lab\AVP13\Temp\crypt\0C8F1F06_b04_crypt_io_copy.tmp//data0010// PDF
Exploit.JS.Pdfka.ggk Detected; not processed 5/20/2013 4:04:05 PM C:\Documents and Settings\All Users\Kaspersky Lab\AVP13\Temp\crypt\0C8F1F06_b04_crypt_io_copy.tmp//data0009// PDF
Exploit.JS.Pdfka.ggk Deleted 5/20/2013 3:53:21 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f202e_b1c_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Deleted 5/20/2013 3:53:21 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f202e_b1c_crypt_io_copy.tmp//data0010// PDF
Exploit.JS.Pdfka.ggk Deleted 5/20/2013 3:50:52 PM c:\programdata\kaspersky lab\avp13\temp\crypt\0c8f202e_b1c_crypt_io_copy.tmp// data0008
Exploit.JS.Pdfka.ggk Not found 5/20/2013 3:42:54 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f202e_b1c_crypt_io_copy.tmp// data0012
Exploit.JS.Pdfka.ggk Not found 5/20/2013 3:42:54 PM c:\documents and settings\all users\kaspersky lab\avp13\temp\crypt\0c8f202e_b1c_crypt_io_copy.tmp// data0008
Type: Unknown (1)
0c8f202e_b1c_crypt_io_copy.tmp Deleted 5/20/2013 3:53:21 PM c:\programdata\kaspersky lab\avp13\temp\crypt\ 0c8f202e_b1c_crypt_io_copy.tmp
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
 Google Chrome 26.0.1410.64  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by Owner at 14:44:12 on 2013-05-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4286 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGGA.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [EPSON NX125 NX127 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGGA.EXE /FU "C:\Windows\TEMP\E_SC512.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{8E6976E9-04C1-4B84-BA53-9078D44DB66F} : DHCPNameServer = 64.233.207.8 64.233.207.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ebti5b0y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-27 55280]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203776]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-27 658656]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-27 320040]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-25 1255736]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
.
=============== Created Last 30 ================
.
2013-05-24 15:59:50 -------- d-----w- C:\Users\Owner\AppData\Local\{225BD70F-3FA6-4166-8C56-0896AFD37FD1}
2013-05-24 11:58:42 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E4615B3-2F3E-45F5-A07C-52CC96C30466}\offreg.dll
2013-05-24 11:30:01 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E4615B3-2F3E-45F5-A07C-52CC96C30466}\mpengine.dll
2013-05-23 17:03:47 -------- d-----w- C:\Users\Owner\AppData\Local\{F13773FC-CB1D-485E-B138-3FEE7584F68A}
2013-05-22 14:51:34 -------- d-----w- C:\Users\Owner\AppData\Local\{3C9ED789-79EC-40BE-808B-8FAF882B01F4}
2013-05-21 15:29:27 -------- d-----w- C:\Users\Owner\AppData\Local\{3B007870-BB62-4332-BF6A-D2E349A5D87C}
2013-05-20 20:43:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-05-20 20:43:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-05-20 20:43:50 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-05-20 20:43:50 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-05-20 20:43:50 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-05-20 20:43:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-05-20 20:43:49 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-05-20 20:43:49 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-05-20 20:43:49 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-05-20 20:10:29 -------- d-----w- C:\Users\Owner\AppData\Local\{19F340FF-8A67-42F5-A2DD-42805581B556}
2013-05-19 21:28:26 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-19 21:28:26 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-19 21:28:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2013-05-19 21:28:25 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2013-05-19 21:28:23 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-19 21:28:23 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-19 21:28:23 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-19 21:27:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-19 16:03:52 -------- d-----w- C:\Users\Owner\AppData\Local\{3AAFC194-5875-46F2-A3D5-D42306F871BF}
2013-05-18 20:58:50 -------- d-----w- C:\Users\Owner\AppData\Local\{BD52D5DF-337B-40AE-A6FA-C41279076284}
2013-05-17 21:09:59 -------- d-----w- C:\Users\Owner\AppData\Local\{32884227-B5D3-4DB3-83F3-9550CBF75D4B}
2013-05-16 08:02:29 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-16 08:02:29 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 21:24:42 -------- d-----w- C:\Users\Owner\AppData\Local\{E707C2DA-D3E9-4415-ADB6-5C7E83080172}
2013-05-14 18:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-14 18:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-13 00:25:23 -------- d-----w- C:\Users\Owner\AppData\Local\{204166F2-FF21-4CB2-B68B-F9AC62B2F504}
2013-05-11 21:05:06 -------- d-----w- C:\Users\Owner\AppData\Local\{AB98230A-6CE4-4FE4-AF5C-12C63BA35FE9}
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 21:49:46 -------- d-----w- C:\Users\Owner\AppData\Local\{50AB4291-78D7-44AD-8A9A-9E1C515341B9}
2013-05-03 17:50:45 -------- d-----w- C:\Users\Owner\AppData\Local\{B6774A00-081A-4472-AAAE-45BD5BB249BC}
2013-05-03 13:04:58 -------- d-----w- C:\96e38bb0a5c02d1b4d461e118b8a38
2013-04-30 17:56:26 -------- d-----w- C:\Users\Owner\AppData\Local\{86C56F5B-E50C-4423-92F0-EB1819C94FBE}
2013-04-30 07:32:14 -------- d-----w- C:\d63b644ffdc27d8f6286160b313443
2013-04-29 18:40:08 -------- d-----w- C:\Users\Owner\AppData\Local\{62AD18B6-F154-4033-BDFA-F45EEA774627}
2013-04-28 13:27:46 -------- d-----w- C:\Users\Owner\AppData\Local\{6CC102CA-EA0F-4387-A6FB-D5CC360690B3}
2013-04-26 13:16:24 -------- d-----w- C:\Users\Owner\AppData\Local\{3717E153-80B5-4164-B5BC-CDD015FDB66A}
2013-04-26 11:49:18 -------- d-----w- C:\e95f15524b72a3791d56
2013-04-25 21:32:52 -------- d-----w- C:\Users\Owner\AppData\Local\{ECB57342-DA98-4A8F-B4BD-49002AC020B1}
.
==================== Find3M  ====================
.
2013-05-25 19:34:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 19:34:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-19 21:27:02 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-19 21:27:02 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-23 14:02:05 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-04-23 14:02:05 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-04-23 14:02:04 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-31 23:32:04 82600 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2013-03-31 23:32:04 42664 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 14:44:25.38 ===============
 

 

Attached Files



#6 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 27 May 2013 - 10:05 AM

I am looking through your log and will get back to you shortly.



#7 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 28 May 2013 - 11:36 AM

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Also, when you post this scan, I have another question for you. What issues are you having, or are you still having any issues?



#8 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 28 May 2013 - 08:42 PM

I think that Kaspersky is still picking up on it, but I'm running another scan to see if it finds it after this ESET Scan.
 
 
 
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5d149be1-53940b43 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2d5a4e9-3891e3dc a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined
C:\Users\Owner\Documents\GS Backup\Documents and Settings\Bridget\Local Settings\Application Data\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\Documents\GS Backup\Documents and Settings\Bridget\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owner\Documents\GS Backup\Documents and Settings\Bridget\Local Settings\Temp\{FDC17776-2CA4-48FA-964B-C5E8B6BB535B}1\askToolbarInstaller-1.7.0.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\Local\Temp\jar_cache1153169429187130463.tmp a variant of Java/Exploit.CVE-2012-0507.DV trojan cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\Local\Temp\jar_cache4882791563764693648.tmp a variant of Java/Exploit.CVE-2012-0507.DV trojan cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\35a53e6c-3b90c2a2 a variant of Java/Exploit.CVE-2012-1723.FD trojan cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6103586c-1ad3cf2c a variant of Java/Exploit.Agent.NEA trojan cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7a145fef-59650d63 multiple threats cleaned by deleting - quarantined
C:\Users\Tommy D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\772808b4-62b84783 a variant of Java/Exploit.Agent.NEA trojan cleaned by deleting - quarantined


#9 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 31 May 2013 - 09:05 AM

You had said you were running another Kaspersky scan after the ESET scan. Can you please post that log?



#10 Oseyerus13

Oseyerus13

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 AM

Posted 06 June 2013 - 09:09 AM

Quevvy,

 

It has ben a while since your last post. Have you been able to run the scan again? Please message me back if you are still needing help.



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:52 AM

Posted 08 June 2013 - 07:46 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users