Seven trojans found so far...

writhziden

writhziden

Administrator, .NET/UWP Developer
Staff member
Joined
May 23, 2012
Posts
2,943
Location
Colorado
I was visiting a website to learn strategy steps for a new game I installed, and I received a message to install an Adobe Flash update. When installing, Windows Defender (Windows 8) blocked a trojan from running on the system. I am still not sure if the Adobe Flash update was a real update and just happened to coincide with another malicious item finding its way onto the system or if it was a fake update that resulted in trojans getting on the system. Either is possible.

Defender removed four trojans and Malwarebytes removed two more: an application file in the %TEMP% directory with a Shockwave icon and a dll file. An ESET online scan removed a java exploit trojan that has probably been on the system for some time in the java cache.

I have removed java and Adobe Flash Player and installed the latest version of Adobe Flash from Adobe. I'll worry about installing java again if and when I need it for software development and/or my office tools.


EDIT:

Just realized java had an x86 and x64 version installed. Windows Programs and Features only removed the 64-bit version. That was the reason for the out of date java message in the logs I pasted. I have now installed the latest versions of both. The news logs now show the following for java:

Java 7 Update 17​


Results of screen317's Security Check version 0.99.62
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java version out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Mike at 12:13:19 on 2013-04-13
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.6143.4370 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\dashost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NPVR\NTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~2.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.garfield.com/comics/todayscomic.html
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [LaunchList] C:\Program Files (x86)\Pinnacle\Studio 11\LaunchList2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HAUPPA~1.LNK - C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HAUPPA~2.LNK - C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{6E08B59C-96CE-4014-BD24-F9F0E631CDED} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BFF77763-ACB2-4349-A9F4-61ED2E6CAC74} : DHCPNameServer = 75.75.76.76 75.75.75.75
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uk35nhd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.garfield.com/comics/todayscomic.html
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\Drivers\uim_vimx64.sys [2012-6-4 389968]
R2 DTBService;DTBService;C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe [2011-11-20 9728]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-3-12 390672]
R2 ShowAnalyzerMaster;ShowAnalyzerMaster;C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2010-2-8 2074112]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 hcw49swt;Hauppauge HD PVR Tuner Device;C:\Windows\System32\Drivers\hcw49swt.sys [2012-12-8 95872]
R3 HcwDevCentralService;HcwDevCentralService;C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~2.EXE [2013-3-21 401232]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-9-7 1958984]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-7-19 683664]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 HcwMceSvc;Hauppauge Media Center Service;C:\Program Files (x86)\Hauppauge\MediaCenterService\HcwMceSvc.exe [2012-12-8 116552]
S2 NPVR Recording Service;NPVR Recording Service;"C:\Program Files (x86)\NPVR\NRecord.exe" --> C:\Program Files (x86)\NPVR\NRecord.exe [?]
S3 hcwE5bda;Hauppauge Siena Video Capture;C:\Windows\System32\Drivers\hcwE5bda.sys [2013-3-21 792320]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\Drivers\hcwhdpvr.sys [2012-12-8 192072]
S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\Drivers\RAMDiskVE.sys [2012-11-29 73552]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\Drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\cedt.exe="C:\Program Files (x86)\Emerald Editor Community\Crimson Editor SVN286M\cedt.exe" "%1" [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-13 16:37:32 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91723444-5EDC-4574-81B4-804D417B237D}\mpengine.dll
2013-04-13 15:47:41 -------- d-----w- C:\Program Files (x86)\ESET
2013-04-13 15:43:58 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-13 14:24:11 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-13 14:24:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-13 14:24:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-12 09:55:05 1161728 ----a-w- C:\Windows\System32\sppobjs.dll
2013-04-12 02:00:00 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-11 00:44:51 206000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10198.bin
2013-03-30 15:29:54 -------- d-----w- C:\ProgramData\Package Cache
2013-03-21 18:35:13 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-21 12:54:20 -------- d-----w- C:\Program Files (x86)\Hauppauge Capture
2013-03-21 12:50:04 393216 ----a-w- C:\Windows\SysWow64\MSLUP60.dll
2013-03-21 12:50:04 256768 ----a-w- C:\Windows\SysWow64\MSLURT.dll
2013-03-21 12:47:29 98304 ----a-w- C:\Windows\System32\hcwCP.ax
2013-03-21 12:47:29 96256 ----a-w- C:\Windows\SysWow64\hcwCP.ax
2013-03-21 12:47:29 792320 ----a-w- C:\Windows\System32\drivers\hcwE5bda.sys
2013-03-21 12:47:29 46080 ----a-w- C:\Windows\System32\hcwD1ep.ax
2013-03-21 12:47:29 42496 ----a-w- C:\Windows\SysWow64\hcwD1ep.ax
2013-03-21 12:47:29 4063232 ----a-w- C:\Windows\System32\drivers\HcwE5ENC_t22_24.bin
2013-03-21 12:47:29 2359296 ----a-w- C:\Windows\System32\drivers\HcwE5CPU_MIPS.bin
2013-03-21 12:47:29 146432 ----a-w- C:\Windows\System32\hcwECPPP.ax
2013-03-21 12:47:29 139264 ----a-w- C:\Windows\SysWow64\hcwECPPP.ax
2013-03-21 12:47:29 126464 ----a-w- C:\Windows\SysWow64\hcwE5prx.ax
2013-03-21 12:47:29 125440 ----a-w- C:\Windows\System32\hcwE5prx.ax
2013-03-20 15:38:05 -------- d-----w- C:\Program Files (x86)\ImageMagick-6.7.4-Q16
2013-03-20 00:53:34 -------- d-----w- C:\Users\Mike\AppData\Roaming\MiKTeX
2013-03-20 00:53:20 -------- d-----w- C:\Users\Mike\AppData\Local\MiKTeX
2013-03-20 00:53:08 -------- d-----w- C:\Users\Mike\AppData\Roaming\benibela
2013-03-20 00:52:06 -------- d-----w- C:\Program Files (x86)\TexMakerX
2013-03-20 00:21:25 -------- d-----w- C:\ProgramData\MiKTeX
2013-03-20 00:05:45 -------- d-----w- C:\Program Files (x86)\MiKTeX 2.9
.
==================== Find3M ====================
.
2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 22:19:24 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-03-12 07:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-07 06:50:56 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:56 1011200 ----a-w- C:\Windows\System32\reseteng.dll
2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29 1151488 ----a-w- C:\Windows\System32\mcmde.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl
2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys
2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe
.
============= FINISH: 12:13:37.77 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 11/5/2012 12:32:45 PM
System Uptime: 4/13/2013 9:39:21 AM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | CPU 1 | 2003/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 139.692 GiB free.
D: is FIXED (NTFS) - 150 GiB total, 138.641 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 196 GiB total, 156.05 GiB free.
M: is FIXED (NTFS) - 120 GiB total, 86.915 GiB free.
V: is Removable
W: is Removable
Y: is Removable
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP40: 3/27/2013 7:09:17 AM - Installed PowerDirector
RP41: 3/30/2013 9:29:42 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP42: 4/6/2013 6:11:30 PM - Scheduled Checkpoint
RP43: 4/10/2013 1:49:41 PM - Windows Update
RP44: 4/13/2013 9:52:58 AM - Removed Java(TM) 6 Update 37
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Any Video Converter 3.3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz
AutoUpdate
Bing Bar
Bonjour
BufferChm
Crimson Editor SVN286M
crimsonEditor
CyberLink MediaEspresso 6.7
CyberLink PhotoNow
CyberLink PowerDirector 11
CyberLink WaveEditor 2
D110
Destinations
DeviceDiscovery
DivX Codec
DVRMSToolbox
Geeks3D.com FurMark 1.10.1
Google Chrome
Google Update Helper
GPBaseService2
Hauppauge Device Central
Hauppauge HD PVR Media Center Support
Hollywood FX Volumes 1-3
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6
HP SoftPaq Download Manager
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
HTML Help Workshop
ImageMagick 6.7.4-0 Q16 (2011-12-15)
ImgBurn
iTunes
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
KEL CHM Creator
Knight Rider
LibreOffice 3.6
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Compatibility Toolkit 5.6
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
MiKTeX 2.9
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 Parser and SDK
NBA 2K11
Network64
Newblue Art Effects for PowerDirector
NewBlue Motion and Paint Effects for PowerDirector
Paragon Backup & Recovery™ 2012 Free
PDF reDirect (remove only)
Pinnacle Instant DVD Recorder
Pinnacle TVCenter Pro
PlayReady PC Runtime amd64
PowerDirector
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Scan
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Shop for HP Supplies
ShowAnalyzerSuite
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SolutionCenter
Speccy
SpeedFan (remove only)
Sql Server Customer Experience Improvement Program
Status
Steam
Studio 11
TexMakerX 2.1
Toolbox
TrayApp
VLC media player 2.0.5
WebReg
X64 Debuggers And Tools
Xvid Video Codec
Yahoo! Desktop Login
.
==== Event Viewer Messages From Past Week ========
.
4/13/2013 9:40:02 AM, Error: Service Control Manager [7023] -
4/13/2013 8:45:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LINK-VB7 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E08B59C-96CE-4014-BD24-F9F0E631CDED}. The master browser is stopping or an election is being forced.
4/13/2013 8:32:40 AM, Error: Service Control Manager [7034] - The Net Driver HPZ12 service terminated unexpectedly. It has done this 2 time(s).
4/13/2013 8:30:56 AM, Error: Service Control Manager [7034] - The Net Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
4/13/2013 10:07:04 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCHOOL-T that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E08B59C-96CE-4014-BD24-F9F0E631CDED}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 
Last edited:
I was visiting a website to learn strategy steps for a new game I installed, and I received a message to install an Adobe Flash update. When installing, Windows Defender (Windows 8) blocked a trojan from running on the system. I am still not sure if the Adobe Flash update was a real update and just happened to coincide with another malicious item finding its way onto the system or if it was a fake update that resulted in trojans getting on the system. Either is possible.
Click to expand...

Hi, Mike.

There isn't anything showing in your logs that appears to be a problem. However, your OS is Windows 8 which handles Adobe Flash Player updates differently from all other Windows operating systems. Flash Player is included in the Patch Tuesday (second Tuesday of the month) security updates, as KB 2833510 as the "Internet Explorer Flash Player for Windows 8".

It was likely a Java exploit that resulted in the fake Adobe Flash update, particularly in view of the dll with the Shockwave icon in temp files that MBAM removed.

It appears that Screen317 hasn't updated SecurityCheck as the log is showing IE9 instead of IE10.

Edit: Since the top of the SecurityCheck log was cut off, did it identify the OS correctly?
 
Last edited:
All security scans are now coming up clean, so the system is probably clean. Any further scans you would recommend?

I didn't know the SecurityCheck was supposed to identify the OS. I'm guessing it failed to identify Windows 8 Pro. The checkup.txt file was copied and pasted exactly as I received it.

Results of screen317's Security Check version 0.99.62
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 17
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Thanks, Mike. I'll find out if the developer is planning on updating SecurityCheck.

The recommendation I have relates to Java, since you elected to keep it installed. Are you using both 32-bit and 64-bit browsers? If not, there is absolutely no need to have both installed.

Although Oracle changed Java security settings to “high” by default, it is advised that users of Java confirm the setting. (Changing the setting to "Very High" will result in unsigned (sandboxed) apps not being able to run.) With the setting at high, you will be prompted to authorize the execution of applets which are either unsigned or are self-signed, thus providing the ability to deny the execution of a potentially malicious applet.

1) In the Java Control Panel, ensure the setting is at high or change to very high.
2) Keep Java disabled until needed. Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Expect the next Java update on April 16, 2013.
 
No problem, and thank you for the help.

I use 64-bit Explorer, but I have some applications that require the 32-bit version of Java in order to run. Java is set to high (recommended) for browsers. I'll be more aware now going forward that I need to update both versions when I update one. I thought Java updates took care of both 32-bit and 64-bit, but I found out today that I was mistaken. Thanks for info about the next likely update, too.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top