Results 1 to 4 of 4

Thread: Exploit: Java/CVE-2013-0422

  1. #1
    Guest
    Join Date
    Mar 2009
    Posts
    32

    Default Exploit: Java/CVE-2013-0422

    Hello,

    I ran a virus scan today with Microsoft Security Essentials and it advised that it detected the following exploit: JAVA/CVE-2013-0422 I requested that it removed the exploit which it seems to have done and but I would like to make sure that nothing else has been left behind on the system. I have enclosed a Hijack this log for an expert to analyse. My OS is Windows 8 Professional 64bit with all the latest Windows updates installed. For security I am using Microsoft Security Essential and the built in Windows Firewall.


    I would be grateful if someone could please check this log and also advise of any other software that I can use to produce an in-depth log of the system?


    Many thanks for your help.


    Attached are the DDS attach.txt

    many thanks.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
    Run by owner at 17:56:54 on 2013-01-21
    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.8190.5959 [GMT 0:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhostex.exe
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\dashost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = about:blank
    uProxyOverride = local
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Steam] "D:\Steam\steam.exe" -silent
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    uRun: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S4588.tmp" /EF "HKCU"
    mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    IE: E&xport to Microsoft Excel - D:\OFFICE~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - D:\OFFICE~1\Office15\ONBttnIE.dll/105
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1353276303604
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{4E27E860-2054-4140-A952-C7159DDAF369} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{D6CA8322-0B15-4778-8E3F-68CD1F0B7496} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = about:blank
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Office 2013 Pro Plus\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office 2013 Pro Plus\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Office 2013 Pro Plus\Office15\GROOVEEX.DLL
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Office 2013 Pro Plus\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Office 2013 Pro Plus\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Office 2013 Pro Plus\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office 2013 Pro Plus\Office15\MSOSB.DLL
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-16 80552]
    R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-16 26280]
    R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\Drivers\vsflt53.sys [2012-12-10 141920]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 398184]
    R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2012-12-3 30624]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\Drivers\CT20XUT.sys [2011-8-22 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\Drivers\CTEXFIFX.sys [2011-8-22 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\Drivers\CTHWIUT.sys [2011-8-22 94808]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\Drivers\LGPBTDD.sys [2009-7-1 30728]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-11-18 24176]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\Drivers\nusb3hub.sys [2012-8-27 107912]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\Drivers\nusb3xhc.sys [2012-8-27 226696]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-3 723088]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-20 58536]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 682344]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-21 104184]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\Drivers\CT20XUT.sys [2011-8-22 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\Drivers\CTEXFIFX.sys [2011-8-22 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\Drivers\CTHWIUT.sys [2011-8-22 94808]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\Drivers\usb80236.sys [2012-7-26 20992]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-18 23552]
    S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-18 79360]
    S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-11-19 130976]
    S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-18 2848168]
    .
    =============== Created Last 30 ================
    .
    2013-01-21 17:17:36 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-21 17:17:35 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-01-21 16:42:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-21 15:20:25 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C92F8693-9C64-4221-BAB2-1CB96DED819C}\mpengine.dll
    2013-01-21 12:35:26 -------- d-----w- C:\Users\owner\AppData\Roaming\Foxit Software
    2013-01-21 10:18:50 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-01-20 14:53:12 58536 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
    2013-01-20 14:50:19 -------- d-----w- C:\Users\owner\AppData\Local\AMD
    2013-01-20 14:50:14 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2013-01-20 14:50:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2013-01-20 14:50:12 -------- d-----w- C:\Program Files (x86)\AMD APP
    2013-01-20 14:49:58 0 ----a-w- C:\Windows\ativpsrm.bin
    2013-01-20 14:49:55 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2013-01-20 14:49:47 -------- d-----w- C:\Windows\LastGood.Tmp
    2013-01-20 14:49:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2013-01-20 14:49:44 -------- d-----w- C:\Program Files\ATI
    2013-01-20 14:49:32 -------- d-----w- C:\Program Files\ATI Technologies
    2013-01-20 14:45:06 -------- d-----w- C:\AMD
    2013-01-16 20:05:35 184000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10189.bin
    2013-01-15 19:14:56 81920 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    2013-01-15 19:14:56 512000 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
    2013-01-15 19:14:56 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
    2013-01-15 19:14:56 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
    2013-01-12 19:46:48 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-12 19:46:48 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-01-12 19:40:58 -------- d-----w- C:\Program Files (x86)\DauDen.vn
    2013-01-12 19:08:36 -------- d-----w- C:\Users\owner\AppData\Roaming\Research In Motion
    2013-01-12 19:08:36 -------- d-----w- C:\Users\owner\AppData\Local\Research In Motion
    2013-01-12 19:08:06 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
    2013-01-12 19:07:59 -------- d-----w- C:\ProgramData\Research In Motion
    2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Research In Motion
    2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
    2013-01-12 19:07:42 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
    2013-01-12 16:28:59 -------- d-----w- C:\Users\owner\AppData\Roaming\Call of Duty Black Ops 2
    2013-01-11 16:08:01 5974528 ----a-w- C:\Windows\System32\mstscax.dll
    2013-01-11 16:08:00 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-01-11 16:08:00 1145856 ----a-w- C:\Windows\System32\winmde.dll
    2013-01-11 16:08:00 1096704 ----a-w- C:\Windows\System32\wmpmde.dll
    2013-01-10 18:34:02 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
    2013-01-10 18:34:02 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
    2013-01-10 18:33:58 2361344 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-10 18:33:58 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2013-01-10 18:33:58 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-01-10 18:33:58 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2013-01-10 18:33:58 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-01-10 18:33:58 1836032 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-10 18:33:58 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-10 18:33:58 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-08 13:26:41 -------- d-----w- C:\Users\owner\AppData\Roaming\Brother
    2013-01-08 13:26:09 -------- d-----w- C:\Program Files (x86)\Common Files\Brother
    2013-01-08 13:26:09 -------- d-----w- C:\Program Files (x86)\Brother
    2013-01-02 20:56:18 -------- d-----w- C:\Users\owner\AppData\Local\SKIDROW
    2012-12-31 19:24:34 -------- d-----w- C:\Users\owner\AppData\Local\NBGI
    2012-12-29 19:25:06 -------- d-----w- C:\Program Files\CPUID
    2012-12-29 19:11:34 -------- d-----w- C:\Program Files (x86)\Microsoft
    2012-12-29 18:45:02 -------- d-----w- C:\Users\owner\AppData\Local\Programs
    2012-12-29 18:03:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2012-12-29 18:02:59 -------- d-----w- C:\Windows\PCHEALTH
    2012-12-29 18:02:59 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2012-12-29 18:02:11 -------- d-----w- C:\Program Files\Microsoft Analysis Services
    2012-12-29 18:02:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-12-29 18:02:09 -------- d-----w- C:\Users\owner\AppData\Local\Microsoft Help
    2012-12-27 14:12:11 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
    2012-12-24 11:22:45 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
    2012-12-24 11:22:45 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
    2012-12-24 11:22:45 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
    2012-12-24 11:22:45 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
    2012-12-24 11:22:45 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
    2012-12-24 11:22:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
    2012-12-24 11:18:52 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
    2012-12-24 11:18:52 17408 ----a-w- C:\Windows\System32\esxcdev.dll
    2012-12-24 11:18:52 128392 ----a-w- C:\Windows\System32\esdevapp.exe
    2012-12-24 11:18:52 -------- d-----w- C:\Program Files (x86)\epson
    2012-12-24 11:13:51 118784 ----a-w- C:\Windows\System32\E_ILMFIE.DLL
    2012-12-24 11:13:51 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
    2012-12-24 11:13:50 81920 ----a-w- C:\Windows\System32\E_IBCBFIE.DLL
    2012-12-24 11:13:26 -------- d-----w- C:\ProgramData\EPSON
    2012-12-23 17:55:00 -------- d--h--w- C:\$WINDOWS.~BT
    2012-12-22 20:41:36 -------- d-----w- C:\Program Files (x86)\NAMCO BANDAI Games
    .
    ==================== Find3M ====================
    .
    2012-12-21 06:46:02 104184 ----a-w- C:\Windows\System32\drivers\AtihdW86.sys
    2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
    2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-12-19 19:33:54 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-12-19 19:33:44 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-12-19 15:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
    2012-12-19 15:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-12-19 15:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-12-19 15:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-12-19 15:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-12-19 15:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-12-19 15:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-12-19 15:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-12-19 15:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-12-18 23:32:58 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-18 23:32:58 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-10 21:59:15 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2012-12-10 21:59:13 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys
    2012-12-10 21:59:13 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
    2012-12-10 21:40:15 227207 ----a-w- C:\ProgramData\1355175577.bdinstall.bin
    2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
    2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
    2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
    2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
    2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
    2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
    2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
    2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
    2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
    2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
    2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
    2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
    2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
    2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
    2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
    2012-11-27 04:19:51 256000 ----a-w- C:\Windows\System32\WSDMon.dll
    2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll
    2012-11-27 04:19:37 955904 ----a-w- C:\Windows\System32\WebcamUi.dll
    2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll
    2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll
    2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll
    2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll
    2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
    2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
    2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    .
    ============= FINISH: 17:57:01.62 ===============
    Last edited by tashi; 2013-01-21 at 22:27. Reason: Removed HJT log, merged two posts

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi wizkid,

    Your post is a few days old if you still need help simply reply back
    How Can I Reduce My Risk?

  3. #3
    Guest
    Join Date
    Mar 2009
    Posts
    32

    Default

    Quote Originally Posted by shelf life View Post
    hi wizkid,

    Your post is a few days old if you still need help simply reply back
    Hi there

    Thanks for your reply.

    Please could you advise if the logs I posted are clean of any leftovers from the Java Exploit ?

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi.

    I dont recognize any malware in your log. Looks ok.
    Another thing you can do is run a updated Malwarebytes and Superantispyware just as another check.
    If all is good, some tips to help you remain malware free:

    No software can think for you. Help yourself. In no special order:

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software are installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

    8) Install and understand the *limitations* of a software firewall.

    9) Your browser risks: The why and how to secure your browser for safer surfing. For added protection disable Java in your browser.

    10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
    More info/tips with pictures, links below

    Happy Safe Surfing.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •