PDA

View Full Version : Exploit: Java/CVE-2013-0422


wizkid-0
2013-01-21, 19:38
Hello,

I ran a virus scan today with Microsoft Security Essentials and it advised that it detected the following exploit: JAVA/CVE-2013-0422 I requested that it removed the exploit which it seems to have done and but I would like to make sure that nothing else has been left behind on the system. I have enclosed a Hijack this log for an expert to analyse. My OS is Windows 8 Professional 64bit with all the latest Windows updates installed. For security I am using Microsoft Security Essential and the built in Windows Firewall.


I would be grateful if someone could please check this log and also advise of any other software that I can use to produce an in-depth log of the system?


Many thanks for your help.


Attached are the DDS attach.txt

many thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
Run by owner at 17:56:54 on 2013-01-21
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.8190.5959 [GMT 0:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
uProxyOverride = local
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S4588.tmp" /EF "HKCU"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - D:\OFFICE~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\OFFICE~1\Office15\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1353276303604
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4E27E860-2054-4140-A952-C7159DDAF369} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D6CA8322-0B15-4778-8E3F-68CD1F0B7496} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Office 2013 Pro Plus\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office 2013 Pro Plus\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Office 2013 Pro Plus\Office15\GROOVEEX.DLL
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Office 2013 Pro Plus\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Office 2013 Pro Plus\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Office 2013 Pro Plus\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office 2013 Pro Plus\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-16 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-16 26280]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\Drivers\vsflt53.sys [2012-12-10 141920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 398184]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2012-12-3 30624]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\Drivers\CT20XUT.sys [2011-8-22 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\Drivers\CTEXFIFX.sys [2011-8-22 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\Drivers\CTHWIUT.sys [2011-8-22 94808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\Drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-11-18 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\Drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\Drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-3 723088]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-20 58536]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 682344]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-21 104184]
S3 CT20XUT;CT20XUT;C:\Windows\System32\Drivers\CT20XUT.sys [2011-8-22 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\Drivers\CTEXFIFX.sys [2011-8-22 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\Drivers\CTHWIUT.sys [2011-8-22 94808]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\Drivers\usb80236.sys [2012-7-26 20992]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-18 23552]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-18 79360]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-11-19 130976]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-18 2848168]
.
=============== Created Last 30 ================
.
2013-01-21 17:17:36 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-21 17:17:35 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-21 16:42:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-21 15:20:25 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C92F8693-9C64-4221-BAB2-1CB96DED819C}\mpengine.dll
2013-01-21 12:35:26 -------- d-----w- C:\Users\owner\AppData\Roaming\Foxit Software
2013-01-21 10:18:50 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-20 14:53:12 58536 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2013-01-20 14:50:19 -------- d-----w- C:\Users\owner\AppData\Local\AMD
2013-01-20 14:50:14 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-01-20 14:50:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-20 14:50:12 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-20 14:49:58 0 ----a-w- C:\Windows\ativpsrm.bin
2013-01-20 14:49:55 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-01-20 14:49:47 -------- d-----w- C:\Windows\LastGood.Tmp
2013-01-20 14:49:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-01-20 14:49:44 -------- d-----w- C:\Program Files\ATI
2013-01-20 14:49:32 -------- d-----w- C:\Program Files\ATI Technologies
2013-01-20 14:45:06 -------- d-----w- C:\AMD
2013-01-16 20:05:35 184000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10189.bin
2013-01-15 19:14:56 81920 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2013-01-15 19:14:56 512000 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2013-01-15 19:14:56 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2013-01-15 19:14:56 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2013-01-12 19:46:48 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-01-12 19:46:48 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-12 19:40:58 -------- d-----w- C:\Program Files (x86)\DauDen.vn
2013-01-12 19:08:36 -------- d-----w- C:\Users\owner\AppData\Roaming\Research In Motion
2013-01-12 19:08:36 -------- d-----w- C:\Users\owner\AppData\Local\Research In Motion
2013-01-12 19:08:06 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2013-01-12 19:07:59 -------- d-----w- C:\ProgramData\Research In Motion
2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Research In Motion
2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2013-01-12 16:28:59 -------- d-----w- C:\Users\owner\AppData\Roaming\Call of Duty Black Ops 2
2013-01-11 16:08:01 5974528 ----a-w- C:\Windows\System32\mstscax.dll
2013-01-11 16:08:00 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-01-11 16:08:00 1145856 ----a-w- C:\Windows\System32\winmde.dll
2013-01-11 16:08:00 1096704 ----a-w- C:\Windows\System32\wmpmde.dll
2013-01-10 18:34:02 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-01-10 18:34:02 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-01-10 18:33:58 2361344 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-10 18:33:58 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2013-01-10 18:33:58 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-01-10 18:33:58 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2013-01-10 18:33:58 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-01-10 18:33:58 1836032 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-10 18:33:58 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-10 18:33:58 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-08 13:26:41 -------- d-----w- C:\Users\owner\AppData\Roaming\Brother
2013-01-08 13:26:09 -------- d-----w- C:\Program Files (x86)\Common Files\Brother
2013-01-08 13:26:09 -------- d-----w- C:\Program Files (x86)\Brother
2013-01-02 20:56:18 -------- d-----w- C:\Users\owner\AppData\Local\SKIDROW
2012-12-31 19:24:34 -------- d-----w- C:\Users\owner\AppData\Local\NBGI
2012-12-29 19:25:06 -------- d-----w- C:\Program Files\CPUID
2012-12-29 19:11:34 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-12-29 18:45:02 -------- d-----w- C:\Users\owner\AppData\Local\Programs
2012-12-29 18:03:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-12-29 18:02:59 -------- d-----w- C:\Windows\PCHEALTH
2012-12-29 18:02:59 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-12-29 18:02:11 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-12-29 18:02:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-12-29 18:02:09 -------- d-----w- C:\Users\owner\AppData\Local\Microsoft Help
2012-12-27 14:12:11 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
2012-12-24 11:22:45 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2012-12-24 11:22:45 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2012-12-24 11:22:45 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2012-12-24 11:22:45 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2012-12-24 11:22:45 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2012-12-24 11:22:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-12-24 11:18:52 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-12-24 11:18:52 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2012-12-24 11:18:52 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2012-12-24 11:18:52 -------- d-----w- C:\Program Files (x86)\epson
2012-12-24 11:13:51 118784 ----a-w- C:\Windows\System32\E_ILMFIE.DLL
2012-12-24 11:13:51 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2012-12-24 11:13:50 81920 ----a-w- C:\Windows\System32\E_IBCBFIE.DLL
2012-12-24 11:13:26 -------- d-----w- C:\ProgramData\EPSON
2012-12-23 17:55:00 -------- d--h--w- C:\$WINDOWS.~BT
2012-12-22 20:41:36 -------- d-----w- C:\Program Files (x86)\NAMCO BANDAI Games
.
==================== Find3M ====================
.
2012-12-21 06:46:02 104184 ----a-w- C:\Windows\System32\drivers\AtihdW86.sys
2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:54 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:44 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 15:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-19 15:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-19 15:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 15:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-19 15:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-19 15:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-19 15:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-19 15:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-19 15:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-18 23:32:58 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 23:32:58 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 21:59:15 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-12-10 21:59:13 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-12-10 21:59:13 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
2012-12-10 21:40:15 227207 ----a-w- C:\ProgramData\1355175577.bdinstall.bin
2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-27 04:19:51 256000 ----a-w- C:\Windows\System32\WSDMon.dll
2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll
2012-11-27 04:19:37 955904 ----a-w- C:\Windows\System32\WebcamUi.dll
2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll
2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll
2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll
2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
.
============= FINISH: 17:57:01.62 ===============
shelf life
2013-01-25, 00:24
hi wizkid,

Your post is a few days old if you still need help simply reply back
wizkid-0
2013-01-25, 00:30
hi wizkid,

Your post is a few days old if you still need help simply reply back

Hi there

Thanks for your reply.

Please could you advise if the logs I posted are clean of any leftovers from the Java Exploit ?
shelf life
2013-01-25, 04:24
hi.

I dont recognize any malware in your log. Looks ok.
Another thing you can do is run a updated Malwarebytes and Superantispyware just as another check.
If all is good, some tips to help you remain malware free:

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. ( http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software are installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks. (http://www.fraud.org/tips/internet/phishing.htm)

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Your browser risks: The why and how (http://www.cert.org/tech_tips/securing_browser/) to secure your browser for safer surfing. For added protection disable Java (http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse) in your browser.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
More info/tips with pictures, links below

Happy Safe Surfing.