Jump to content

ysb21189

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ysb21189
    Hello, A few weeks ago I received a spam email to my university email which never receives spam. It was right after I used linkedin if that's a possible connection. It was concerning a wire transfer and because I actually had a wire transfer pending at the time I opened the link. (I still have the email and the address saved if it would be helpful) It was just a blank page but it did ask me for permission to run java which I allowed. (was using google chrome) After realizing how stupid that was I did a google search and found that similar types of spam mail were linked to java blackhole exploits. At the time I ran malwarebytes and got rid of one infection (I am not sure if that infection was already there or not) and I uninstalled java, deleted the folder "java", and then installed the latest version. There has been nothing wrong with the computer but it is one I received to use at work so I wanted to make sure it was clean. I should have followed up sooner but didn't have the time. I haven't input any information such as passwords for financial institutions. I have been using it for email and I am connected to the company network. Could that be a problem? If you could take a look and let me know if there is some infection, I would appreciate it very much. I will attach the malwarebytes log for the scan on the day I clicked the link and the DDS and attach logs for the scan I ran just now. Thanks for your time Malwarebytes log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.01.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Daewoo :: DAEWOO-PC [administrator] 6/1/2012 4:01:55 PM mbam-log-2012-06-01 (16-01-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211881 Time elapsed: 11 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\ssa.dll (Trojan.BHO) -> Quarantined and deleted successfully. (end) DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1 Run by Daewoo at 15:46:38 on 2012-06-24 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2998.1884 [GMT -4:00] . AV: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {B5892DA8-3D3D-75E1-6A57-1270334145D3} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {0EE8CC4C-1B07-7A6F-50E7-290248C60F6E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Iomega\QuikProtect\QpMonitor.exe C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AhnLab\V3IS80\V3Svc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AhnLab\V3IS80\V3SP.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Penta Security Systems\ISign Desktop\isigntr.exe C:\PROGRA~1\PENTAS~1\ISIGND~1\evtdisp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://remote.daewoo-usa.com/Citrix/AccessPlatform/site/default.aspx uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s uRun: [ActivePost Standard] "c:\dwa messenger\DWAMessenger.exe" uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [iSUSPM] "c:\programdata\flexnet\connect\11\ISUSPM.exe" -scheduler uRun: [Google Update] "c:\users\daewoo\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [V3 Session Process] "c:\program files\ahnlab\v3is80\V3SP.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Nuance PDF Converter Professional 7-reminder] "c:\program files\nuance\pdf professional 7\ereg\ereg.exe" -r "c:\programdata\nuance\pdf converter professional 7\ereg\Ereg.ini" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\isigns~1.lnk - c:\program files\penta security systems\isign desktop\isigntr.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Adobe PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: ?? PDF? ?? ?? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: ?? PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: ?? ??? Adobe PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: daewoo-usa.com Trusted Zone: daewoo.com Trusted Zone: dwc.co.kr DPF: {05D704AA-CDCA-42C4-AAF7-290D1785ACC5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/MultiAttach/$FILE/XMultiAttachment.cab DPF: {16078A1E-44EF-40CC-AD83-88373B19A20C} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/NamoWec7/$file/NamoWec.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab DPF: {321FD0B3-C97C-45C1-952E-C6A371E8C4B5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/OrgOCX/$File/XSiteOrg.cab DPF: {47764ABF-7273-40D7-A659-231ABF656AA6} - hxxp://ep.daewoo.com/portalPage/cab/IeMgr.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/msxml4/$FILE/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {9215AC0E-4181-4DE9-B70C-7EE55767C62E} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/xPrintWise/$File/xPrintWise.cab DPF: {948FC4BD-3F05-4549-81E7-2C63974F6D17} - hxxp://popeye.samsungpop.com/sscommon/cab/SecuiSFNCOMIE.cab DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://ep.daewoo.com/portalPage/cab/IssacWebProCMS_4_3_0_0.cab DPF: {BC677953-2A06-482F-B650-37B401ADA89A} - hxxp://ums.samsungfn.com/TMailerSamsungFnDotCom2.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E622CC9C-1790-4395-ABE1-0C1281567A93} - hxxp://ep.daewoo.com/portalPage/cab/ISignDtpSetup-DaewooInternational_2_0_0_5.cab DPF: {E9F073DF-4D1F-4BEA-A37C-A2BBFA1F90D1} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/SafeZone/$FILE/SafeZoneCtrl.cab TCP: DhcpNameServer = 64.238.96.12 66.180.96.12 TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B} : DhcpNameServer = 64.238.96.12 66.180.96.12 TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\2375942554635393 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\4505D2C494E4B4F5342483542403 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\74D4027457563747 : DhcpNameServer = 12.127.17.72 199.191.128.103 TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\775626F43502E4564777F627B6021463A33443A32433 : DhcpNameServer = 10.1.1.11 TCP: Interfaces\{FC26CEF3-5556-4E70-B93E-694CC53589AC} : DhcpNameServer = 64.238.96.12 66.180.96.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AMonTDLH.sys [2011-1-3 100960] R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\ahnlab\v3is80\ATamptNt.sys [2011-1-3 191712] R1 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2011-1-3 2252728] R1 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3is80\V3Flt2K.sys [2011-1-3 170080] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168] R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-12-29 5120] R2 V3 Service;V3 Service;c:\program files\ahnlab\v3is80\V3Svc.exe [2011-1-3 264408] R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [2011-1-3 53088] R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [2011-1-3 20576] R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2011-1-3 58592] R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2011-1-3 1594040] R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3is80\ASZFltNt.sys [2011-1-3 138208] R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2011-1-3 19608] R3 MeDCoreD_V3IS80;MeDCoreD_V3IS80;c:\program files\ahnlab\v3is80\MedCoreD.sys [2011-1-3 310160] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 TfFRegNt;TfFRegNt;c:\program files\ahnlab\v3is80\TFFREGNT.SYS [2011-1-3 55520] R3 TfProcNt;TfProcNt;c:\program files\ahnlab\v3is80\AHAWKENT.SYS [2011-1-3 29280] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-7 257696] S3 AhnActNt;AhnActNt;c:\progra~1\ahnlab\v3is80\AhnActNt.sys [2011-1-3 88544] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176] S3 ISPrxEnt;ISPrxEnt;c:\program files\ahnlab\v3is80\ISPrxENt.sys [2011-1-3 77736] S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2010-6-24 19384] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-19 52224] S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\ahnlab\v3is80\V3Flu2k.sys [2011-1-3 124000] S3 V3IFt2K;V3IFt2K;c:\progra~1\ahnlab\v3is80\V3IFt2K.sys [2011-1-3 77920] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-3 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-06-22 14:00:59 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f17b5688-7c4e-4223-a063-9fa8a1d1d156}\mpengine.dll 2012-06-21 13:09:27 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 13:09:11 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 13:09:01 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 13:09:01 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-14 13:10:49 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-14 13:10:46 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 13:10:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 13:10:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 13:10:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 13:10:43 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 13:10:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 13:10:37 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 13:10:37 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-03 23:03:07 -------- d-----w- c:\program files\Oracle 2012-06-03 23:02:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-03 22:18:31 -------- d-----w- c:\users\daewoo\appdata\roaming\AVG2012 2012-06-03 22:17:32 -------- d-----w- c:\programdata\AVG2012 2012-06-03 22:16:59 -------- d-----w- c:\program files\AVG 2012-06-03 22:12:21 -------- d--h--w- c:\programdata\Common Files 2012-06-03 22:11:56 -------- d-----w- c:\programdata\MFAData 2012-06-01 20:00:38 -------- d-----w- c:\users\daewoo\appdata\roaming\Malwarebytes 2012-06-01 20:00:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-01 20:00:33 -------- d-----w- c:\programdata\Malwarebytes 2012-06-01 20:00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-06-19 03:48:00 2252728 ----a-w- c:\windows\system32\drivers\v3engine.sys 2012-06-19 03:48:00 2215224 ----a-w- c:\windows\system32\BTScan.exe 2012-06-19 03:48:00 1594040 ----a-w- c:\windows\system32\drivers\ahnsze.sys 2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll 2012-05-07 16:29:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-07 16:29:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-27 17:12:49 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 15:46:54.73 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2010 11:56:46 AM System Uptime: 6/24/2012 6:32:16 AM (9 hours ago) . Motherboard: Hewlett-Packard | | 1722 Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 296 GiB total, 240.846 GiB free. D: is FIXED (FAT32) - 2 GiB total, 1.494 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_1722103C&REV_01\4&214DA77C&0&02E2 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_1722103C&REV_01\4&214DA77C&0&02E2 Service: . Class GUID: Description: Device ID: USB\VID_138A&PID_0007\1B1191DE2200 Manufacturer: Name: PNP Device ID: USB\VID_138A&PID_0007\1B1191DE2200 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_1722103C&REV_01\4&214DA77C&0&01E2 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_1722103C&REV_01\4&214DA77C&0&01E2 Service: . ==== System Restore Points =================== . RP242: 6/1/2012 9:12:12 AM - Windows Update RP243: 6/3/2012 6:04:01 PM - Removed Java 2 Runtime Environment, SE v1.4.2_19 RP244: 6/3/2012 6:16:38 PM - Installed AVG 2012 RP245: 6/3/2012 6:17:06 PM - Installed AVG 2012 RP246: 6/3/2012 7:01:20 PM - Installed Java 7 Update 4 RP247: 6/3/2012 7:02:43 PM - Installed JavaFX 2.1.0 RP248: 6/4/2012 9:47:32 AM - Removed AVG 2012 RP249: 6/4/2012 9:48:51 AM - Removed AVG 2012 RP250: 6/5/2012 9:50:40 AM - Windows Update RP251: 6/6/2012 8:58:25 AM - Windows Update RP252: 6/12/2012 8:55:43 AM - Windows Update RP253: 6/15/2012 8:52:21 AM - Windows Update RP254: 6/19/2012 9:22:44 AM - Windows Update RP255: 6/21/2012 9:08:45 AM - Windows Update RP256: 6/22/2012 10:00:15 AM - Windows Update . ==== Installed Programs ====================== . Adobe Acrobat 9 Pro - Korean Adobe Flash Player 11 ActiveX AhnLab V3 Internet Security 8.0 Citrix Presentation Server Client - Web Only D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX for Managed Code Update (December 2004) DWACS 1.0.4.4 Google Chrome Google Earth Google Update Helper Iomega Product Registration Iomega QuikProtect ISign Desktop Uninstall IssacWebProCMS 4.3.0.0 Java Auto Updater Java 6 Update 31 Java 7 Update 4 JavaFX 2.1.0 Junk Mail filter update Korean Fonts Support For Adobe Reader X Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft IntelliType Pro 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Standard 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft redistributable runtime DLLs VS2005 SP1(x86) Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Retrospect 7.5 Samsung ML-1740 Series SAMSUNG USB Driver for Mobile Phones SAP GUI for Windows 7.20 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Synaptics Pointing Device Driver TrustNET WebToolKit for SecuiSFNCOM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VNC Mirror Driver 1.8.0 VNC Personal Edition P4.6.0 VNC Printer Driver 1.7.0 WebACS 1.0.0.20 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 6/22/2012 6:19:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAEWOO-CARD-REA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32B15AC-4E27-46BB-8185-D4. The master browser is stopping or an election is being forced. 6/22/2012 11:38:36 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 6/20/2012 4:23:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DWA-BLYTHE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FC26CEF3-5556-4E70-B93E-694C. The master browser is stopping or an election is being forced. 6/20/2012 3:01:23 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.198 with the system having network hardware address 00-13-FA-01-EC-A2. Network operations on this system may be disrupted as a result. 6/19/2012 4:13:02 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OLIVIA-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32B15AC-4E27-46BB-8185-D4BE0A6F. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.