Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

fake app attach: misleading application file download 3 [Closed]


  • This topic is locked This topic is locked
3 replies to this topic

#1 arturox21

arturox21

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 03 February 2014 - 12:07 PM

Hi!
 
I have a problem with fake app attach: misleading application file download 3 that was posted/resolved earlier twice this month. But this time happens on Google chrome, What should I do? , Does anybody can help me out with this?
 
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by ARTURO at 12:15:30.71 on 03/02/2014
Internet Explorer: 9.11.9600.16476 BrowserJavaVersion: 10.51.2
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.52.3082.18.2811.1980 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ARTURO\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = 
uSearch Bar = 
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.2.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: IMinent WebBooster: {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - IMinent WebBooster (BHO)
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [<NO NAME>] 
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\safesa~1\sprote~1.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2013-10-3 70464]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2013-10-3 34624]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2013-6-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2013-6-18 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20140121.001\BHDrvx86.sys [2014-1-23 1098968]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2009-7-1 218176]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20140131.001\IDSvix86.sys [2014-1-31 394456]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2013-6-18 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1207020.003\symnets.sys [2013-6-18 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-6-22 87968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-22 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-7-2 27192]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2013-6-18 130008]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\realtek\rtvosd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-8-9 6380544]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-8-9 221696]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-21 108120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-8-12 669912]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-6-22 30392]
S0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\drivers\amdkmafd.sys [2013-7-5 15968]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
S2 HP Support Assistant Service;HP Support Assistant Service; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-24 257928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2014-1-27 12400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-1-23 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-1-23 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-6-22 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-22 52224]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-9 1343400]
S4 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2012-11-13 2612336]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-02-03 17:31:46 -------- d-----w- c:\windows\Migration
2014-01-27 19:57:00 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-01-27 19:57:00 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-01-27 19:55:40 -------- d-----w- c:\program files\Sony Mobile
2014-01-20 23:09:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 05:47:59 -------- d-----w- c:\users\arturo\appdata\roaming\MPC-HC
2014-01-16 05:40:52 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-16 05:40:50 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-16 05:40:50 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-16 05:40:50 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-16 05:40:50 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-16 05:40:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-16 05:40:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-16 05:40:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-16 05:40:39 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-10 05:04:05 -------- d-----w- c:\users\arturo\appdata\local\Macromedia
2014-01-07 16:21:55 -------- d-----w- c:\windows\system32\sysdir
.
==================== Find3M  ====================
.
2014-01-25 19:01:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 19:01:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-07 16:28:44 87608 ----a-w- c:\users\arturo\appdata\roaming\inst.exe
2014-01-07 16:28:44 47360 ----a-w- c:\users\arturo\appdata\roaming\pcouffin.sys
2013-12-08 02:02:13 2667 ----a-w- c:\progra~2\MainApp.dll
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 12:15:57.58 ===============
 
 

Attached Files


Edited by arturox21, 03 February 2014 - 12:23 PM.

    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 February 2014 - 03:03 AM

:welcome:

Hello arturox21,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


3. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo

#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 06 February 2014 - 01:11 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo

#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 08 February 2014 - 05:31 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users