3 replies to this topic

[arturox21]

Hi!

 

I have a problem with fake app attach: misleading application file download 3 that was posted/resolved earlier twice this month. But this time happens on Google chrome, What should I do? , Does anybody can help me out with this?

 

.

DDS (Ver_11-03-05.01) - NTFSx86  

Run by ARTURO at 12:15:30.71 on 03/02/2014

Internet Explorer: 9.11.9600.16476 BrowserJavaVersion: 10.51.2

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.52.3082.18.2811.1980 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\ARTURO\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = 

uSearch Bar = 

uInternet Settings,ProxyServer = http=;ftp=;https=;

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.2.3\ips\IPSBHO.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: IMinent WebBooster: {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - IMinent WebBooster (BHO)

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [<NO NAME>] 

uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray

uRun: [ares] "c:\program files\ares\Ares.exe" -h

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s

mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe

mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>] 

mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar a Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~1\safesa~1\sprote~1.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2013-10-3 70464]

R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2013-10-3 34624]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2013-6-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2013-6-18 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20140121.001\BHDrvx86.sys [2014-1-23 1098968]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2009-7-1 218176]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20140131.001\IDSvix86.sys [2014-1-31 394456]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2013-6-18 136312]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1207020.003\symnets.sys [2013-6-18 299640]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-6-22 87968]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-22 176128]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-7-2 27192]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2013-6-18 130008]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\realtek\rtvosd\RtVOsdService.exe [2010-4-19 315392]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-8-9 6380544]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-8-9 221696]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-21 108120]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-8-12 669912]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-6-22 30392]

S0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\drivers\amdkmafd.sys [2013-7-5 15968]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]

S2 HP Support Assistant Service;HP Support Assistant Service; [x]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-24 257928]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-3 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2014-1-27 12400]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-1-23 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-1-23 8576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-6-22 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-22 52224]

S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-9 1343400]

S4 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2012-11-13 2612336]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2014-02-03 17:31:46 -------- d-----w- c:\windows\Migration

2014-01-27 19:57:00 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2014-01-27 19:57:00 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2014-01-27 19:55:40 -------- d-----w- c:\program files\Sony Mobile

2014-01-20 23:09:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2014-01-16 05:47:59 -------- d-----w- c:\users\arturo\appdata\roaming\MPC-HC

2014-01-16 05:40:52 240576 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-16 05:40:50 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-16 05:40:50 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-16 05:40:50 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-16 05:40:50 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-16 05:40:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-16 05:40:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-16 05:40:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-16 05:40:39 2349056 ----a-w- c:\windows\system32\win32k.sys

2014-01-10 05:04:05 -------- d-----w- c:\users\arturo\appdata\local\Macromedia

2014-01-07 16:21:55 -------- d-----w- c:\windows\system32\sysdir

.

==================== Find3M  ====================

.

2014-01-25 19:01:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-25 19:01:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-07 16:28:44 87608 ----a-w- c:\users\arturo\appdata\roaming\inst.exe

2014-01-07 16:28:44 47360 ----a-w- c:\users\arturo\appdata\roaming\pcouffin.sys

2013-12-08 02:02:13 2667 ----a-w- c:\progra~2\MainApp.dll

2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 12:15:57.58 ===============

 

 

Attached Files

•  Attach.txt   13.21KB   314 downloads
•  Attach.txt   13.21KB   313 downloads

Edited by arturox21, 03 February 2014 - 12:23 PM.

[Jo*]

Hello arturox21,

my name is Jo and I will help you with your computer problems.

Please follow these guidelines:

• Logs can take a while to research, so please be patient.
• Read and follow the instructions in the sequence they are posted.
• print or copy & save instructions.
• back up all your private data / important files on another (external) drive before using our tools.
• Do not install / uninstall any applications, unless otherwise instructed.
• Use only that tools you have been instructed to use.
• Copy and Paste the log files inside your post, unless otherwise instructed.
• Ask for clarification, if you have any questions.
• Stay with this topic til you get the all clean post.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***

1. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  Vista / Windows 7/8 users right-click and select Run As Administrator.

• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page.
• Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
• Scan your system for malware

With some infections, you may see two messages boxes.

• 'Could not load protection driver'. Click 'OK'.
• 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

• If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
• If there is no malware found, please let me know as well.

***

3. Download OTL to your desktop.

• Double click on the icon to run it.
  Vista / Windows 7/8 users right-click and select Run As Administrator.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***

[Jo*]

still need help?

[Jo*]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic