Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on a website that prompted java update and I believe i was infected


  • Please log in to reply
3 replies to this topic

#1 tacotuesdays

tacotuesdays

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 August 2014 - 12:26 AM

My wife was browsing a few months ago and while clicking through gossip websites she "click here to see the rest of the pics on the list" links and I think she infected the computer that way.  I usually do all the removal of my malware by following guides like the ones your website provides but this time I feel like I didn't remove the malware completely. I ran malwarebytes and I just want to make sure my computer is completely clean. I will be defragmenting tonight and running some of the procedures from your site in order to get the pc running smoothly.  See logs attached please.

 

Thank you in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.60.2
Run by secondary at 22:06:53 on 2014-08-30
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.6058.4032 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\WpcMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\WINDOWS\system32\srtasks.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleChromeAutoLaunch_35EFDA2BFBA0E3BC3FB0441C7D8EE40C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0384AF13-9DB6-4A9E-A7F8-5353433CFCBF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFCE0CD1-C230-411D-8BA8-E22E184078AB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFCE0CD1-C230-411D-8BA8-E22E184078AB}\7516272796F62737027427F657E646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFCE0CD1-C230-411D-8BA8-E22E184078AB}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\msosb.dll
AppInit_DLLs= c:\progra~2\common~1\system\1032\biapp.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 FPWinIo;FPWinIo;C:\WINDOWS\System32\Drivers\FPWinIo.sys [2012-8-7 84824]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-20 2356912]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-7-17 3377904]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\WINDOWS\System32\Drivers\FPSensor.sys [2012-8-7 36696]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-10-28 169752]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2013-3-12 342528]
R3 NETwNe64;@oem20.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\Drivers\NETwew00.sys [2013-6-12 3343840]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-2-11 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [2013-4-14 44344]
S2 29850aa3;SO_Sustainer;C:\WINDOWS\System32\rundll32.exe [2012-7-25 51712]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-1 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-1 860472]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-1-7 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2014-7-1 64216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-7-17 273136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2013-7-17 178760]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2012-11-16 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-08-31 04:37:33 -------- d-----w- C:\Downloads
2014-08-31 04:37:15 -------- d-----w- C:\Users\secondary\AppData\Roaming\BitComet
2014-08-31 04:37:07 -------- d-----w- C:\Program Files (x86)\BitComet
2014-08-21 20:47:21 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76A5080A-8BFC-43CB-8664-3515B32A2F51}\mpengine.dll
2014-08-21 20:32:16 71168 ----a-w- C:\WINDOWS\System32\drivers\hdaudbus.sys
2014-08-21 20:28:51 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2014-08-21 20:28:51 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2014-08-21 19:52:30 199680 ----a-w- C:\WINDOWS\System32\cdd.dll
2014-08-21 19:52:30 1453400 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2014-08-21 19:50:54 94552 ----a-w- C:\WINDOWS\System32\drivers\mountmgr.sys
2014-08-21 19:50:54 328024 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2014-08-16 05:48:08 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-07 21:11:42 1031560 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{986982D8-B4D6-438B-B8CA-5D08C729D3B9}\gapaengine.dll
2014-08-07 19:55:39 -------- d-----w- C:\af9370abb096fbd209534002b872be29
.
==================== Find3M  ====================
.
2014-08-31 04:28:33 122584 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-08-02 00:15:04 704480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15:04 105440 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-07-24 12:10:54 2240000 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-07-24 12:10:46 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2014-07-24 12:10:46 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-07-24 10:52:20 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-07-24 08:03:01 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2014-07-14 05:46:22 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-06-19 23:35:37 1312768 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2014-06-19 22:24:17 694272 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\WINDOWS\SysWow64\osk.exe
2014-06-17 23:24:48 1557504 ----a-w- C:\WINDOWS\System32\osk.exe
2014-06-11 04:18:14 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-06-06 14:06:38 596480 ----a-w- C:\WINDOWS\System32\qedit.dll
2014-06-06 10:17:56 497152 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2014-06-05 17:56:51 112984 ----a-w- C:\WINDOWS\System32\consent.exe
2014-06-05 17:30:38 10116608 ----a-w- C:\WINDOWS\System32\twinui.dll
2014-06-05 17:29:42 393216 ----a-w- C:\WINDOWS\System32\msihnd.dll
2014-06-05 17:29:42 2885632 ----a-w- C:\WINDOWS\System32\msi.dll
2014-06-05 17:28:30 2306560 ----a-w- C:\WINDOWS\System32\authui.dll
2014-06-05 17:28:25 2146304 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2014-06-05 13:12:09 8857600 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2014-06-05 13:11:28 295424 ----a-w- C:\WINDOWS\SysWow64\msihnd.dll
2014-06-05 13:11:27 2416128 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2014-06-05 13:10:41 2037760 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2014-06-05 13:10:36 754176 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2014-06-02 22:33:45 265216 ----a-w- C:\WINDOWS\System32\InkEd.dll
.
============= FINISH: 22:10:00.10 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:46 PM

Posted 31 August 2014 - 01:55 PM

hi tacotuesdays,

 

At a glance I dont recogonize any malware, but that dosnt mean its not there. Did Malwarebytes come up clean?  I see you have Windows Defender installed. Its not a antivirus application. Do you have a active/resident AV installed? Many good free ones are available.


How Can I Reduce My Risk to Malware?


#3 tacotuesdays

tacotuesdays
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 01 September 2014 - 12:35 AM

I ran it a few times and it did bring back a few things that I quarantined but I have not ran it again.  I don't have antivirus installed although I do have access to Norton 360 through work. Is that a recommended a/v??  Which free ones do you recommend? 



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:46 PM

Posted 01 September 2014 - 02:56 PM

As was pointed out to me you do have AV installed. In Windows 8, Windows Defender is a Antivirus/Antimalware application. So you are covered in that area. Dont recognize anything to be concerned about in the log.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users