Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan Infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 Psirus

Psirus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 10 August 2014 - 02:10 PM

Hi,

 

Since Thursday, NIS has been warning me daily about potential infection by Trojan.ADH (it started after I removed Norton Web Safe extension from Chrome as it was slowing down the browser). Norton says that it has removed the file and no action is required. Malwarebytes doesn't detect anything. I've run the ESET online scanner and it didn't detect the Trojan.ADH, but found other things:

 

 

Win32/TopMedia potentially unwanted application

PHP/agent.DY trojan These were found in local copy of the website

PHP/agent.DY trojan These were found in local copy of the website

PHP/agent.DY trojan These were found in local copy of the website

PHP/agent.DY trojan These were found in local copy of the website

Win32/Somot.E potentially unwanted application

Win32/SmartFileAdvisor.A potentially unwanted application

 

I'm confused as to why NIS or Malwarebytes didn't detect them. Are they legitimate threats or false positives? ESET has removed them, but I'm worried that there might be some other crap on my machine hiding somewhere.

 

See log from DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.65.2
Run by Filipek at 20:06:44 on 2014-08-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.353.1033.18.3582.1057 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\V0530Mon.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Filipek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071205
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071205
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Live! Central 3] "c:\program files\creative\creative live! cam\live! central 3\CTLVCentral3.exe" /mode2
mRun: [FastAccess Web Alert] c:\program files\creative\creative live! cam\live! central 3\fainstaller\FATRY.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [V0530Mon.exe] c:\windows\V0530Mon.exe
mRun: [V0530Pin.dll] RunDLL32.exe V0530Pin.dll,RunDLL32EP 514,/d:0
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\filipek\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
TCP: NameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{4CAC8421-A627-4BC6-BFBA-7D9E2736ED7D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D363904F-FB9B-4AEA-AF7D-50529E3A9370} : DHCPNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{F2ED7CB6-CA01-41D3-B667-11D8B6C3D439} : DHCPNameServer = 172.16.10.16 172.16.10.26 172.16.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\filipek\appdata\roaming\mozilla\firefox\profiles\iwm7q5pt.default\
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\filipek\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-7 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-7 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140801.001\BHDrvx86.sys [2014-8-5 1101616]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-7 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140808.002\IDSvix86.sys [2014-8-9 395992]
R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2013-1-27 358240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-7 206936]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys [2014-8-7 384728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-1-26 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-7 276376]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2013-2-11 150176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-2-8 209016]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-2-8 112640]
S3 V0530Dev;Creative Camera VF0530 Driver;c:\windows\system32\drivers\V0530Vid.sys [2009-12-14 273728]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-08-10 13:45:10 -------- d-----w- c:\program files\ESET
2014-08-07 20:28:59 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-07 20:28:59 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-07 20:28:59 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-07 20:28:59 384728 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys
2014-08-07 20:28:59 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-07 20:28:59 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-07 20:28:59 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-07 20:28:58 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-07 20:28:58 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-07 20:28:47 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-07 20:28:47 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-07-26 23:53:12 -------- d-----w- c:\users\filipek\appdata\roaming\com.adobe.dmp.contentviewer
2014-07-20 11:02:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-08-08 20:04:21 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-08 18:53:46 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 18:53:45 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 20:08:39.71 ===============

Edited by Psirus, 10 August 2014 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 AM

Posted 15 August 2014 - 09:00 AM

Hello Psirus,

 

My name is Dave and I'll be helping you with your concerns here.  Please allow me some time to review the materials you provided.  I will post back here with instructions when I have them.

 

In the mean time, please refrain from making additional changes to the computer as this can make it difficult for me to help you.

 

Thanks, and welcome to BleepingComputer :)


//Dave

#3 Psirus

Psirus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 16 August 2014 - 09:44 AM

Hi Dave,

 

Thanks a lot. I really appreciate it. Things have improved since then (no strange warnings or errors).



#4 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 AM

Posted 16 August 2014 - 07:43 PM

Psirus,

 

Things have improved since then (no strange warnings or errors).

Good to hear, if you'd like we'll still look around just to make sure things are ok.  In looking over your logs, it seems to me as though the problem may have been resolved by the action that you took.

 

I'm confused as to why NIS or Malwarebytes didn't detect them. Are they legitimate threats or false positives?

 

As for this, different Anti-Virus/Anti-Malware programs detect in different ways.  Some programs are also more aggressive than others.  Most lay people judge the quality of an anti-virus product by whether or not it detects anything.  For this reason, many anti-virus will detect lots of things (many of which are of negligible importance) to at least appear as though they are doing a good job (i.e. tracking cookies).

 

To get back to the point, what I'm really trying to say is that it is not unusual for different programs to detect different things.  While some products arguably do a better job than others, the measure of a good Anti-Malware program is what it detects, not how many items shows up in a scan.

 

In order to see if your system is in fact clean, please generate a new DDS log for me.  If you're unclear as to how, here are some instructions:

Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


//Dave

#5 Psirus

Psirus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 17 August 2014 - 10:29 AM

Thanks Dave. Here's a new DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16563  BrowserJavaVersion: 10.65.2
Run by Filipek at 16:27:09 on 2014-08-17
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.353.1033.18.3582.1473 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\V0530Mon.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Filipek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071205
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071205
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Live! Central 3] "c:\program files\creative\creative live! cam\live! central 3\CTLVCentral3.exe" /mode2
mRun: [FastAccess Web Alert] c:\program files\creative\creative live! cam\live! central 3\fainstaller\FATRY.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [V0530Mon.exe] c:\windows\V0530Mon.exe
mRun: [V0530Pin.dll] RunDLL32.exe V0530Pin.dll,RunDLL32EP 514,/d:0
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\filipek\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\filipek\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
TCP: NameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{4CAC8421-A627-4BC6-BFBA-7D9E2736ED7D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D363904F-FB9B-4AEA-AF7D-50529E3A9370} : DHCPNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{F2ED7CB6-CA01-41D3-B667-11D8B6C3D439} : DHCPNameServer = 172.16.10.16 172.16.10.26 172.16.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\filipek\appdata\roaming\mozilla\firefox\profiles\iwm7q5pt.default\
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\filipek\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-7 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-7 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140801.001\BHDrvx86.sys [2014-8-5 1101616]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-7 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140815.001\IDSvix86.sys [2014-8-16 395992]
R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2013-1-27 358240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-7 206936]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys [2014-8-7 384728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-1-26 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-7 276376]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2013-2-11 150176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-2-8 209016]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-2-8 112640]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 V0530Dev;Creative Camera VF0530 Driver;c:\windows\system32\drivers\V0530Vid.sys [2009-12-14 273728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-08-14 18:41:03 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 18:41:03 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 18:41:02 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 18:40:57 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 18:41:00 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-13 18:41:00 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2014-08-13 18:41:00 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2014-08-13 18:38:34 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-13 18:38:34 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 18:38:34 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-13 18:38:34 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-13 18:38:34 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-13 18:33:02 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 18:33:02 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-13 18:32:59 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 18:22:52 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 18:22:52 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-10 13:45:10 -------- d-----w- c:\program files\ESET
2014-08-07 20:28:59 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-07 20:28:59 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-07 20:28:59 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-07 20:28:59 384728 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys
2014-08-07 20:28:59 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-07 20:28:59 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-07 20:28:59 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-07 20:28:58 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-07 20:28:58 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-07 20:28:47 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-07 20:28:47 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-07-26 23:53:12 -------- d-----w- c:\users\filipek\appdata\roaming\com.adobe.dmp.contentviewer
2014-07-20 11:02:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-08-15 23:25:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-24 17:58:33 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-07-24 17:51:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-07-24 17:51:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-24 17:49:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-24 17:48:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-24 17:48:21 11776 ----a-w- c:\windows\system32\mshta.exe
2014-07-08 18:53:46 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 18:53:45 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 16:28:36.02 ===============


#6 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 AM

Posted 18 August 2014 - 12:27 PM

Psirus,

 

Okay, the new log looks similar to the old one which leads me to believe what I initially suspected - your computer is all clean :)

 

The only items I had questions  about were some programs you have installed on your computer (listed below).  I am unfamiliar with these programs, and in doing some cursory research, they seem to be legitimate, but I'd like to verify that you installed them intentionally and that they are things that you use.  If not, I can assist you with removing them.

  • KeyScrambler
  • SpyShelter Personal Free
  • Gadu-Gadu
  • G Data CloudSecurity

//Dave

#7 Psirus

Psirus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 18 August 2014 - 01:41 PM

Hi Dave,

 

Thanks for your time and help. I really appreciate. Yes, all the software you've mentioned was installed by me :)

 

Thanks again,

 

F



#8 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 AM

Posted 18 August 2014 - 04:04 PM

Psirus,

 

Glad to hear that everything is working normally, and you're most welcome!  You may go ahead and delete DDS and any log files that it has generated.  If there's no further issues here, I'll have a moderator close this topic.  If all is good, then good luck to you and stay safe!


//Dave

#9 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:01:12 AM

Posted 22 August 2014 - 07:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users