ysb21189
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Java blackhole exploit
in Resolved Malware Removal Logs
Posted
Hello,
A few weeks ago I received a spam email to my university email which never receives spam. It was right after I used linkedin if that's a possible connection. It was concerning a wire transfer and because I actually had a wire transfer pending at the time I opened the link. (I still have the email and the address saved if it would be helpful)
It was just a blank page but it did ask me for permission to run java which I allowed. (was using google chrome)
After realizing how stupid that was I did a google search and found that similar types of spam mail were linked to java blackhole exploits.
At the time I ran malwarebytes and got rid of one infection (I am not sure if that infection was already there or not) and I uninstalled java, deleted the folder "java", and then installed the latest version.
There has been nothing wrong with the computer but it is one I received to use at work so I wanted to make sure it was clean. I should have followed up sooner but didn't have the time.
I haven't input any information such as passwords for financial institutions. I have been using it for email and I am connected to the company network. Could that be a problem?
If you could take a look and let me know if there is some infection, I would appreciate it very much.
I will attach the malwarebytes log for the scan on the day I clicked the link and the DDS and attach logs for the scan I ran just now.
Thanks for your time
Malwarebytes log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.01.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Daewoo :: DAEWOO-PC [administrator]
6/1/2012 4:01:55 PM
mbam-log-2012-06-01 (16-01-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211881
Time elapsed: 11 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\System32\ssa.dll (Trojan.BHO) -> Quarantined and deleted successfully.
(end)
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Daewoo at 15:46:38 on 2012-06-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2998.1884 [GMT -4:00]
.
AV: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {B5892DA8-3D3D-75E1-6A57-1270334145D3}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AhnLab V3 Internet Security 8.0 *Enabled/Updated* {0EE8CC4C-1B07-7A6F-50E7-290248C60F6E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AhnLab\V3IS80\V3Svc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AhnLab\V3IS80\V3SP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Penta Security Systems\ISign Desktop\isigntr.exe
C:\PROGRA~1\PENTAS~1\ISIGND~1\evtdisp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daewoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://remote.daewoo-usa.com/Citrix/AccessPlatform/site/default.aspx
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [ActivePost Standard] "c:\dwa messenger\DWAMessenger.exe"
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [iSUSPM] "c:\programdata\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\daewoo\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [V3 Session Process] "c:\program files\ahnlab\v3is80\V3SP.exe"
mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Nuance PDF Converter Professional 7-reminder] "c:\program files\nuance\pdf professional 7\ereg\ereg.exe" -r "c:\programdata\nuance\pdf converter professional 7\ereg\Ereg.ini"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\isigns~1.lnk - c:\program files\penta security systems\isign desktop\isigntr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Adobe PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: ?? PDF? ?? ?? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ?? PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: ?? ??? Adobe PDF? ?? - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: daewoo-usa.com
Trusted Zone: daewoo.com
Trusted Zone: dwc.co.kr
DPF: {05D704AA-CDCA-42C4-AAF7-290D1785ACC5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/MultiAttach/$FILE/XMultiAttachment.cab
DPF: {16078A1E-44EF-40CC-AD83-88373B19A20C} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/NamoWec7/$file/NamoWec.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {321FD0B3-C97C-45C1-952E-C6A371E8C4B5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/OrgOCX/$File/XSiteOrg.cab
DPF: {47764ABF-7273-40D7-A659-231ABF656AA6} - hxxp://ep.daewoo.com/portalPage/cab/IeMgr.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/msxml4/$FILE/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {9215AC0E-4181-4DE9-B70C-7EE55767C62E} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/xPrintWise/$File/xPrintWise.cab
DPF: {948FC4BD-3F05-4549-81E7-2C63974F6D17} - hxxp://popeye.samsungpop.com/sscommon/cab/SecuiSFNCOMIE.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://ep.daewoo.com/portalPage/cab/IssacWebProCMS_4_3_0_0.cab
DPF: {BC677953-2A06-482F-B650-37B401ADA89A} - hxxp://ums.samsungfn.com/TMailerSamsungFnDotCom2.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E622CC9C-1790-4395-ABE1-0C1281567A93} - hxxp://ep.daewoo.com/portalPage/cab/ISignDtpSetup-DaewooInternational_2_0_0_5.cab
DPF: {E9F073DF-4D1F-4BEA-A37C-A2BBFA1F90D1} - hxxp://ep.daewoo-usa.com/gw/sys/gwlib.nsf/lookup/SafeZone/$FILE/SafeZoneCtrl.cab
TCP: DhcpNameServer = 64.238.96.12 66.180.96.12
TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B} : DhcpNameServer = 64.238.96.12 66.180.96.12
TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\2375942554635393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\4505D2C494E4B4F5342483542403 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\74D4027457563747 : DhcpNameServer = 12.127.17.72 199.191.128.103
TCP: Interfaces\{C32B15AC-4E27-46BB-8185-D4BE0A6F680B}\775626F43502E4564777F627B6021463A33443A32433 : DhcpNameServer = 10.1.1.11
TCP: Interfaces\{FC26CEF3-5556-4E70-B93E-694CC53589AC} : DhcpNameServer = 64.238.96.12 66.180.96.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AMonTDLH.sys [2011-1-3 100960]
R1 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\ahnlab\v3is80\ATamptNt.sys [2011-1-3 191712]
R1 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2011-1-3 2252728]
R1 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3is80\V3Flt2K.sys [2011-1-3 170080]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-12-29 5120]
R2 V3 Service;V3 Service;c:\program files\ahnlab\v3is80\V3Svc.exe [2011-1-3 264408]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [2011-1-3 53088]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [2011-1-3 20576]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2011-1-3 58592]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2011-1-3 1594040]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3is80\ASZFltNt.sys [2011-1-3 138208]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2011-1-3 19608]
R3 MeDCoreD_V3IS80;MeDCoreD_V3IS80;c:\program files\ahnlab\v3is80\MedCoreD.sys [2011-1-3 310160]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 TfFRegNt;TfFRegNt;c:\program files\ahnlab\v3is80\TFFREGNT.SYS [2011-1-3 55520]
R3 TfProcNt;TfProcNt;c:\program files\ahnlab\v3is80\AHAWKENT.SYS [2011-1-3 29280]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-7 257696]
S3 AhnActNt;AhnActNt;c:\progra~1\ahnlab\v3is80\AhnActNt.sys [2011-1-3 88544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-3 136176]
S3 ISPrxEnt;ISPrxEnt;c:\program files\ahnlab\v3is80\ISPrxENt.sys [2011-1-3 77736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2010-6-24 19384]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-19 52224]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\ahnlab\v3is80\V3Flu2k.sys [2011-1-3 124000]
S3 V3IFt2K;V3IFt2K;c:\progra~1\ahnlab\v3is80\V3IFt2K.sys [2011-1-3 77920]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-3 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-22 14:00:59 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f17b5688-7c4e-4223-a063-9fa8a1d1d156}\mpengine.dll
2012-06-21 13:09:27 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 13:09:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 13:09:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 13:09:01 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 13:10:49 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 13:10:46 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 13:10:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 13:10:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 13:10:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 13:10:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 13:10:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 13:10:37 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 13:10:37 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-03 23:03:07 -------- d-----w- c:\program files\Oracle
2012-06-03 23:02:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-03 22:18:31 -------- d-----w- c:\users\daewoo\appdata\roaming\AVG2012
2012-06-03 22:17:32 -------- d-----w- c:\programdata\AVG2012
2012-06-03 22:16:59 -------- d-----w- c:\program files\AVG
2012-06-03 22:12:21 -------- d--h--w- c:\programdata\Common Files
2012-06-03 22:11:56 -------- d-----w- c:\programdata\MFAData
2012-06-01 20:00:38 -------- d-----w- c:\users\daewoo\appdata\roaming\Malwarebytes
2012-06-01 20:00:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 20:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 20:00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-06-19 03:48:00 2252728 ----a-w- c:\windows\system32\drivers\v3engine.sys
2012-06-19 03:48:00 2215224 ----a-w- c:\windows\system32\BTScan.exe
2012-06-19 03:48:00 1594040 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-07 16:29:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 16:29:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 17:12:49 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 15:46:54.73 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2010 11:56:46 AM
System Uptime: 6/24/2012 6:32:16 AM (9 hours ago)
.
Motherboard: Hewlett-Packard | | 1722
Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 296 GiB total, 240.846 GiB free.
D: is FIXED (FAT32) - 2 GiB total, 1.494 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_1722103C&REV_01\4&214DA77C&0&02E2
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_1722103C&REV_01\4&214DA77C&0&02E2
Service:
.
Class GUID:
Description:
Device ID: USB\VID_138A&PID_0007\1B1191DE2200
Manufacturer:
Name:
PNP Device ID: USB\VID_138A&PID_0007\1B1191DE2200
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_1722103C&REV_01\4&214DA77C&0&01E2
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_1722103C&REV_01\4&214DA77C&0&01E2
Service:
.
==== System Restore Points ===================
.
RP242: 6/1/2012 9:12:12 AM - Windows Update
RP243: 6/3/2012 6:04:01 PM - Removed Java 2 Runtime Environment, SE v1.4.2_19
RP244: 6/3/2012 6:16:38 PM - Installed AVG 2012
RP245: 6/3/2012 6:17:06 PM - Installed AVG 2012
RP246: 6/3/2012 7:01:20 PM - Installed Java 7 Update 4
RP247: 6/3/2012 7:02:43 PM - Installed JavaFX 2.1.0
RP248: 6/4/2012 9:47:32 AM - Removed AVG 2012
RP249: 6/4/2012 9:48:51 AM - Removed AVG 2012
RP250: 6/5/2012 9:50:40 AM - Windows Update
RP251: 6/6/2012 8:58:25 AM - Windows Update
RP252: 6/12/2012 8:55:43 AM - Windows Update
RP253: 6/15/2012 8:52:21 AM - Windows Update
RP254: 6/19/2012 9:22:44 AM - Windows Update
RP255: 6/21/2012 9:08:45 AM - Windows Update
RP256: 6/22/2012 10:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro - Korean
Adobe Flash Player 11 ActiveX
AhnLab V3 Internet Security 8.0
Citrix Presentation Server Client - Web Only
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (December 2004)
DWACS 1.0.4.4
Google Chrome
Google Earth
Google Update Helper
Iomega Product Registration
Iomega QuikProtect
ISign Desktop Uninstall
IssacWebProCMS 4.3.0.0
Java Auto Updater
Java 6 Update 31
Java 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Korean Fonts Support For Adobe Reader X
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Retrospect 7.5
Samsung ML-1740 Series
SAMSUNG USB Driver for Mobile Phones
SAP GUI for Windows 7.20
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Synaptics Pointing Device Driver
TrustNET WebToolKit for SecuiSFNCOM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VNC Mirror Driver 1.8.0
VNC Personal Edition P4.6.0
VNC Printer Driver 1.7.0
WebACS 1.0.0.20
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/22/2012 6:19:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAEWOO-CARD-REA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32B15AC-4E27-46BB-8185-D4. The master browser is stopping or an election is being forced.
6/22/2012 11:38:36 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
6/20/2012 4:23:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DWA-BLYTHE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FC26CEF3-5556-4E70-B93E-694C. The master browser is stopping or an election is being forced.
6/20/2012 3:01:23 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.198 with the system having network hardware address 00-13-FA-01-EC-A2. Network operations on this system may be disrupted as a result.
6/19/2012 4:13:02 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OLIVIA-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32B15AC-4E27-46BB-8185-D4BE0A6F. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================