Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concerned about malware.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mistah Toad

Mistah Toad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 June 2014 - 09:10 PM

I've been using DefenderPro, Malwarebytes Anti-Malware and AdwCleaner. And I always get one result in my AppData with AdwCleaner and every now and again I'll find some Malware with AntiMalware Bytes. I'm concerned there's something deeper on my system that needs to be removed. Please help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Owner at 20:55:21 on 2014-06-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6608 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Defender Pro\DefenderPro.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Defender Pro\DefenderProWatcher.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Defender Pro\DefenderProUpdater.exe
C:\Program Files (x86)\Defender Pro\DefenderProAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Defender Pro] C:\Program Files (x86)\Defender Pro\DefenderPro.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{03BEDA24-B993-46BD-A1BB-4721D2644F69} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{5EEC47AA-96F5-430A-B5FB-2862E3A0E0BB}\051657C696560235472756473686 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{934404AE-6F6C-4CD9-B257-7FD6EA99F098} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{A85B2758-CA22-4FC9-8E9B-B4FAD1AFFF9C} : DHCPNameServer = 192.168.42.129
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v1f557.default-1401127247508\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v1f557.default-1401127247508\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2013-6-11 174872]
R2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2014-3-13 1727768]
R2 DefenderProAgentSvc;Defender Pro Agent;C:\Program Files (x86)\Defender Pro\DefenderProAgent.exe [2014-3-10 38088]
R2 DefenderProUpdateSvc;Defender Pro Update Service;C:\Program Files (x86)\Defender Pro\DefenderProUpdater.exe [2014-3-10 19144]
R2 DefenderProWatcher;Defender Pro Protection Service;C:\Program Files (x86)\Defender Pro\DefenderProWatcher.exe [2014-3-10 14024]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-6 411936]
R2 vseamps;vseamps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [2013-6-11 122136]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [2013-6-11 119576]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [2013-6-11 181528]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2014-4-16 21704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2011-8-27 62464]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-6 122584]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-8-27 1349232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-5 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-6-7 692768]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-20 14544]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
.
=============== Created Last 30 ================
.
2014-06-15 01:38:55    --------    d-----w-    C:\Windows\ERUNT
2014-06-15 01:03:53    208896    ----a-w-    C:\Windows\MBR.exe
2014-06-15 01:03:51    98816    ----a-w-    C:\Windows\sed.exe
2014-06-15 01:03:51    256000    ----a-w-    C:\Windows\PEV.exe
2014-06-15 01:03:47    --------    d-----w-    C:\ComboFix
2014-06-11 08:17:10    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-06-11 08:17:10    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-06-11 08:17:08    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 08:17:08    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-11 08:17:06    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-06-11 08:17:04    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-06-11 08:17:04    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-06-11 08:17:02    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2014-06-11 08:17:02    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2014-06-11 08:17:02    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-06-11 08:17:01    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-06-11 08:17:01    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-06-06 13:15:33    599840    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-06-06 13:04:35    1889112    ----a-w-    C:\Windows\System32\nvdispco6433788.dll
2014-06-06 13:04:35    1541576    ----a-w-    C:\Windows\System32\nvdispgenco6433788.dll
2014-06-06 13:02:58    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-06-06 13:02:58    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-06-06 12:56:42    --------    d-----w-    C:\Users\Owner\AppData\Local\NVIDIA
2014-06-06 12:35:24    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-06 12:20:00    --------    d-sh--w-    C:\Users\Owner\AppData\Local\EmieUserList
2014-06-06 12:20:00    --------    d-sh--w-    C:\Users\Owner\AppData\Local\EmieSiteList
2014-06-06 06:15:42    122584    ----a-w-    C:\Windows\System32\drivers\48230029.sys
2014-06-06 05:47:15    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-06-06 05:45:36    --------    d-----w-    C:\AdwCleaner
2014-06-05 23:07:56    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-06-05 23:06:10    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-06-05 23:06:10    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-06-05 23:06:09    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-06-05 23:06:08    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-06-05 22:59:04    --------    d-----w-    C:\Windows\Migration
2014-06-05 22:53:34    30208    ----a-w-    C:\Windows\System32\drivers\TsUsbGD.sys
2014-06-05 22:53:34    19456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2014-06-05 22:53:31    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-06-05 22:53:31    228864    ----a-w-    C:\Windows\System32\rdpendp_winip.dll
2014-06-05 22:53:31    192000    ----a-w-    C:\Windows\SysWow64\rdpendp_winip.dll
2014-06-05 22:27:48    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-06-05 22:27:48    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-06-05 22:27:48    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-06-05 22:27:48    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-06-05 22:27:47    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-06-05 22:27:33    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2014-06-05 22:27:31    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-06-05 22:27:30    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-06-05 22:27:30    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2014-06-05 22:27:25    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-06-05 22:27:24    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-06-05 22:26:25    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-05 22:26:25    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-05 22:23:20    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-06-05 22:22:58    205824    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2014-06-05 22:22:57    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-06-05 22:22:55    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
2014-06-05 22:22:55    140800    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2014-06-05 22:22:55    102400    ----a-w-    C:\Windows\System32\davclnt.dll
2014-06-05 22:18:01    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-06-01 19:38:39    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-05-26 18:26:08    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-26 18:26:08    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-26 17:35:17    439296    ----a-w-    C:\Windows\System32\plsapp64.dll
2014-05-26 17:34:51    --------    d-----w-    C:\Program Files (x86)\IZArc
2014-05-20 16:16:21    --------    d-----w-    C:\Windows\pss
2014-05-18 16:55:54    --------    d-----w-    C:\Program Files (x86)\Microsoft F#
2014-05-18 07:19:20    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-05-18 07:19:20    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2014-05-18 07:19:18    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-05-18 07:19:18    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-05-18 06:43:54    --------    d-----w-    C:\ProgramData\VS
2014-05-17 17:34:02    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2014-05-17 17:31:51    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-05-17 17:31:51    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-05-17 17:31:51    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-05-17 17:31:50    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-05-17 17:31:50    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-05-17 17:31:50    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-05-17 17:30:34    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-05-17 17:30:34    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-05-17 16:43:43    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-05-17 16:43:43    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-05-17 16:43:08    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2014-05-17 16:43:08    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2014-05-17 16:42:21    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-05-17 16:42:21    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-05-17 16:41:56    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2014-05-17 16:41:55    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2014-05-17 16:41:37    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-05-17 16:41:37    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-05-17 16:40:33    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-17 16:39:07    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2014-05-17 16:39:07    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2014-05-17 16:39:05    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-05-17 16:33:16    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-05-17 16:33:16    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-05-17 16:33:16    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-05-17 16:33:15    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-05-17 16:20:49    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-05-17 16:20:48    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-05-17 16:20:48    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-05-17 16:20:48    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-05-17 16:20:48    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
.
==================== Find3M  ====================
.
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-25 19:34:12    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-25 19:34:12    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-24 17:31:02    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-24 17:31:02    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-05-22 17:14:28    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-15 01:13:43    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-10 13:47:46    21704    ----a-w-    C:\Windows\System32\drivers\easytthr.sys
2014-03-21 04:03:06    18302384    ----a-w-    C:\Windows\System32\nvwgf2umx.dll
2014-03-21 04:03:06    15783992    ----a-w-    C:\Windows\SysWow64\nvwgf2um.dll
2014-03-21 04:03:02    947808    ----a-w-    C:\Windows\System32\nvumdshimx.dll
2014-03-21 04:03:02    832936    ----a-w-    C:\Windows\SysWow64\nvumdshim.dll
2014-03-21 04:03:00    9690424    ----a-w-    C:\Windows\SysWow64\nvopencl.dll
2014-03-21 04:03:00    11589272    ----a-w-    C:\Windows\System32\nvopencl.dll
2010-07-08 15:37:14    101544    ----a-w-    C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 20:55:36.78 ===============
 

Attached Files

  • Attached File  dds.txt   21.13KB   2 downloads

Edited by Noviciate, 16 June 2014 - 12:30 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:27 AM

Posted 16 June 2014 - 12:33 PM

Good evening. :)
 

I always get one result in my AppData with AdwCleaner and every now and again I'll find some Malware with AntiMalware Bytes.

 

Will you let me have the logs for both scanners that list the detections you are referring to.

 

The MBAM logs can be fund under the Logs Tab - where else - and the logs fro ADWCleaner are in the folder C:\AdwCleaner - again, where else.


So long, and thanks for all the fish.

 

 


#3 Mistah Toad

Mistah Toad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 June 2014 - 05:17 PM

Hello and thank you for your help. I've not had any detections from MBAM in quite some time. None of the recent logs show anything. I'm running another scan now and will post the results later this afternoon.

 

Downloaded Emsisoft Anti-Malware, Hitman Pro, SUPERAntiSpyware, RogueKiller, ComboFix and Shortcut Cleaner the other day. I've also been recently using the Ghostery and NoScript Addons for Firefox. I just feel like the internet is more vulnerable than ever these days and I'm a bit paranoid.

 

# AdwCleaner v3.212 - Report created 15/06/2014 at 02:57:59
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v1f557.default-1401127247508\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4124 octets] - [06/06/2014 00:45:38]
AdwCleaner[R1].txt - [1021 octets] - [07/06/2014 12:21:46]
AdwCleaner[R2].txt - [1142 octets] - [08/06/2014 05:09:59]
AdwCleaner[R3].txt - [1262 octets] - [10/06/2014 10:22:24]
AdwCleaner[R4].txt - [1381 octets] - [12/06/2014 00:13:47]
AdwCleaner[R5].txt - [1501 octets] - [14/06/2014 16:05:28]
AdwCleaner[R6].txt - [1621 octets] - [14/06/2014 21:43:11]
AdwCleaner[R7].txt - [1741 octets] - [14/06/2014 21:46:46]
AdwCleaner[R8].txt - [1241 octets] - [15/06/2014 02:57:59]
AdwCleaner[S0].txt - [4080 octets] - [06/06/2014 00:48:27]
AdwCleaner[S1].txt - [1083 octets] - [07/06/2014 12:23:48]
AdwCleaner[S2].txt - [1204 octets] - [08/06/2014 05:11:43]
AdwCleaner[S3].txt - [1324 octets] - [10/06/2014 10:26:08]
AdwCleaner[S4].txt - [1442 octets] - [12/06/2014 00:16:35]
AdwCleaner[S5].txt - [1562 octets] - [14/06/2014 19:52:15]
AdwCleaner[S6].txt - [1682 octets] - [14/06/2014 21:43:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1721 octets] ##########
 

Attached Files


Edited by Noviciate, 16 June 2014 - 05:23 PM.
Log added from attachment.


#4 Mistah Toad

Mistah Toad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 June 2014 - 05:38 PM

Just finished the MBAM scan. Nada. Clean.



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:27 AM

Posted 16 June 2014 - 05:50 PM

And I always get one result in my AppData with AdwCleaner and every now and again I'll find some Malware with AntiMalware Bytes. I'm concerned there's something deeper on my system that needs to be removed.

 

Let's start with what you are seeing in the AdwCleaner log that bothers you. Also, you need to post some logs from MBAM that list whatever it is finding.


So long, and thanks for all the fish.

 

 


#6 Mistah Toad

Mistah Toad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 June 2014 - 06:02 PM

 

And I always get one result in my AppData with AdwCleaner and every now and again I'll find some Malware with AntiMalware Bytes. I'm concerned there's something deeper on my system that needs to be removed.

 

Let's start with what you are seeing in the AdwCleaner log that bothers you. Also, you need to post some logs from MBAM that list whatever it is finding.

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v2v1f557.default-1401127247508\prefs.js ]

 

^ What is this?

Attached Files



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:27 AM

Posted 17 June 2014 - 10:37 AM

Good afternoon. :)

When AdwCleaner scans Firefox it lists the various user profiles that it finds, as well as the default one, and then any detections that it finds in those profiles. You can find a little information about them here.

In my case, as well as the profile file location I get a few entries, including:

 

Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

 

The line you see is for information only and is not a warning of impending doom.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

All the items in the MBAM logs were for PUP's - Potentially Unwanted Items. These are things that some people wouldn't want but others do. These are usually items that come bundled with free software as the price of having the software - "Accept this toolbar and you can have this program for nothing". These items aren't a serious threat to your PC but they aren't necessarily things that you would have unless you got "something for nothing".

 

If you are not downloading and installing anything then I would be concerned about the detections. If you are, then i'd be concerned about you installing things without perhaps reading the small print or doing the research on the applications before installing them to see what might come bundled with them.

 

Unless it's the first option i'd consider that nothing is really wrong with your system, unless you tell me otherwise.


So long, and thanks for all the fish.

 

 


#8 Mistah Toad

Mistah Toad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 17 June 2014 - 04:10 PM

Hello again. Thank you for giving me some insight on everything. I need to do more research and take more care when downloading things. Thank you for your help.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:27 AM

Posted 22 June 2014 - 03:21 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users