Jump to content

AsmoAD

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by AsmoAD

  1. I've been noticing a lot of formatting errors on various webpages and videos failing to load properly, so I checked my firewall and noticed a program in the autorun section with a gibberish name that I didn't allow. There was also a host of unidentified setup.exes in the firewall. I scanned with malwarebytes and it came up clean but I'm still quite concerned. Thanks for any help you can give me DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Mark at 0:18:54 on 2011-11-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8104.5739 [GMT 10:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Online Armor\OAcat.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\windows\system32\taskeng.exe C:\windows\SysWOW64\RunDll32.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe C:\windows\system32\hkcmd.exe C:\windows\system32\igfxtray.exe C:\windows\system32\igfxpers.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\windows\system32\DllHost.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Online Armor\OAreg.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uDefault_Page_URL = hxxp://samsung.msn.com mStart Page = hxxp://samsung.msn.com mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 61.9.211.33 192.168.0.1 TCP: Interfaces\{89A8B879-4601-4828-8C06-8838D4DFFE06} : DhcpNameServer = 61.9.211.33 192.168.0.1 TCP: Interfaces\{89A8B879-4601-4828-8C06-8838D4DFFE06}\24967605F6E64653631454 : DhcpNameServer = 61.9.211.1 61.9.211.33 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll BHO-X64: Samsung BHO Helper - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\o9fs3w2b.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?] R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2011-11-4 59176] R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2011-11-4 38064] R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-16 2009704] R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2011-11-4 207936] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-16 2655768] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 OAnet;OnlineArmor Service;C:\windows\system32\DRIVERS\oanet.sys --> C:\windows\system32\DRIVERS\oanet.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2011-11-4 56648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2011-11-4 4363040] S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-26 14:06:56 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-11-26 13:41:08 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes 2011-11-26 13:41:01 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-26 13:40:57 25416 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-11-26 13:40:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-26 13:39:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1246CBF5-6D4F-468F-8D11-B61D48BC6123}\offreg.dll 2011-11-26 13:39:01 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1246CBF5-6D4F-468F-8D11-B61D48BC6123}\mpengine.dll 2011-11-26 13:36:45 -------- d-----w- C:\Users\Mark\AppData\Local\{D5C98C60-8A32-4B80-A1BC-36C10CE124ED} 2011-11-26 13:36:23 -------- d-----w- C:\Users\Mark\AppData\Local\{AFE6D247-5F10-41D6-B3F8-7CF0621298D9} 2011-11-26 13:22:48 -------- d-----w- C:\ProgramData\SecTaskMan 2011-11-26 05:11:00 -------- d-----w- C:\Users\Mark\AppData\Local\{D9A83EFD-FB4A-414B-9F26-F5B04F1044C2} 2011-11-26 05:10:38 -------- d-----w- C:\Users\Mark\AppData\Local\{6D4B4B00-BBC0-4F85-BA44-502BF6B1C30D} 2011-11-25 17:10:14 -------- d-----w- C:\Users\Mark\AppData\Local\{EACEAC8A-B24A-47EE-8723-BF572CF8792E} 2011-11-25 17:09:52 -------- d-----w- C:\Users\Mark\AppData\Local\{7AA8AC00-13FE-4723-B854-169595CB8382} 2011-11-25 05:09:27 -------- d-----w- C:\Users\Mark\AppData\Local\{961B8AEA-366C-495A-885F-76BEFBB5CA54} 2011-11-25 05:09:06 -------- d-----w- C:\Users\Mark\AppData\Local\{BF642142-5D3C-4B4A-9534-CC2E335C5470} 2011-11-24 17:08:38 -------- d-----w- C:\Users\Mark\AppData\Local\{EF12BA9F-17AB-45AB-B227-D33EE397F84E} 2011-11-24 17:08:28 -------- d-----w- C:\Users\Mark\AppData\Local\{C7FAA298-AD57-42FB-BB90-C6DB3AD4A4C5} 2011-11-23 16:38:58 -------- d-----w- C:\Users\Mark\AppData\Local\{7BFDA953-F20B-40B4-99E5-A4500F8EC4FE} 2011-11-23 16:38:37 -------- d-----w- C:\Users\Mark\AppData\Local\{8F56E6FB-5E67-4408-AE5C-5ED9F64A127F} 2011-11-23 04:38:12 -------- d-----w- C:\Users\Mark\AppData\Local\{AA382517-2F69-42FE-8146-413867C55826} 2011-11-23 04:37:51 -------- d-----w- C:\Users\Mark\AppData\Local\{858536A6-E1D5-4A8D-A6BA-133BC3A5B3CD} 2011-11-22 16:37:26 -------- d-----w- C:\Users\Mark\AppData\Local\{61AB22BD-9168-4A89-BA5A-3FC5569BC6C1} 2011-11-22 16:37:04 -------- d-----w- C:\Users\Mark\AppData\Local\{A2D60CD9-EFD4-49AF-91D8-EEC48D4F8028} 2011-11-22 04:36:33 -------- d-----w- C:\Users\Mark\AppData\Local\{47ECF3B3-6E5A-44E9-A478-4C447F00191B} 2011-11-22 04:36:21 -------- d-----w- C:\Users\Mark\AppData\Local\{B046DF30-FF7E-4357-8440-B6EE0F9BC3DB} 2011-11-21 15:23:51 -------- d-----w- C:\Users\Mark\AppData\Local\{E9090287-9DB4-42E8-9806-B9D5FF455C89} 2011-11-21 15:23:30 -------- d-----w- C:\Users\Mark\AppData\Local\{C262B90B-80A6-44F1-9567-B13E0E814D1E} 2011-11-21 03:23:04 -------- d-----w- C:\Users\Mark\AppData\Local\{74CFA12E-B3E5-4133-AE75-E30B90E66E17} 2011-11-21 03:22:41 -------- d-----w- C:\Users\Mark\AppData\Local\{51207045-3224-418D-AD3D-AF741D186608} 2011-11-20 15:22:16 -------- d-----w- C:\Users\Mark\AppData\Local\{FD2B49A4-1C9B-47A9-AB98-E5E2412356C0} 2011-11-20 15:21:55 -------- d-----w- C:\Users\Mark\AppData\Local\{31511311-806E-40C5-81BA-D825BA167570} 2011-11-20 03:21:24 -------- d-----w- C:\Users\Mark\AppData\Local\{D8F6CD0C-6EE3-4472-A7F8-24F6E02C5981} 2011-11-20 03:21:05 -------- d-----w- C:\Users\Mark\AppData\Local\{52719E36-2013-4762-8C30-731E3DB70723} 2011-11-19 07:12:11 -------- d-----w- C:\Users\Mark\AppData\Local\{4865A590-F78F-4B8A-986F-3C0E0E0DCB82} 2011-11-19 07:12:00 -------- d-----w- C:\Users\Mark\AppData\Local\{0414F21E-A87F-45CE-BB69-12B06F0B33D4} 2011-11-18 15:32:38 -------- d-----w- C:\Users\Mark\AppData\Local\{B5BDA405-5768-4C08-AC51-D0B414FB884A} 2011-11-18 15:32:16 -------- d-----w- C:\Users\Mark\AppData\Local\{E9D0731A-EACE-41F9-9C2E-C48632AB436B} 2011-11-18 03:31:47 -------- d-----w- C:\Users\Mark\AppData\Local\{9D6847B2-9C00-41C7-A832-CA722DBAB932} 2011-11-18 03:31:35 -------- d-----w- C:\Users\Mark\AppData\Local\{EE916EE7-8602-4E1C-9D83-0F2FA436CCF6} 2011-11-17 15:27:46 -------- d-----w- C:\Users\Mark\AppData\Local\{8EB0A935-103E-4835-8A6D-C4087EA90396} 2011-11-17 15:27:24 -------- d-----w- C:\Users\Mark\AppData\Local\{007FC6C9-FD5A-446E-9ADC-94DA627B7091} 2011-11-17 03:26:57 -------- d-----w- C:\Users\Mark\AppData\Local\{C5FAA609-850C-42E5-928F-39DAE1E3E6D6} 2011-11-17 03:26:35 -------- d-----w- C:\Users\Mark\AppData\Local\{FEF5587D-7B02-45C7-B7E7-53F552F7FC8B} 2011-11-16 15:26:09 -------- d-----w- C:\Users\Mark\AppData\Local\{CE0EC381-0C4A-43F4-89D4-4259F9DEE43B} 2011-11-16 15:25:48 -------- d-----w- C:\Users\Mark\AppData\Local\{C605E7A2-33C9-4ECC-AF48-ADFF947995E0} 2011-11-16 03:25:20 -------- d-----w- C:\Users\Mark\AppData\Local\{66AC5CB2-DAE4-4C2D-B5B7-0F24B6AF3C6A} 2011-11-16 03:24:59 -------- d-----w- C:\Users\Mark\AppData\Local\{2D029DF8-8B41-4FB9-A056-ACBDCA87B13E} 2011-11-15 15:24:30 -------- d-----w- C:\Users\Mark\AppData\Local\{FA388D0D-62C8-423D-AC21-4BB21ACC6C08} 2011-11-15 15:24:08 -------- d-----w- C:\Users\Mark\AppData\Local\{7C511A28-E987-4202-8866-DE3113BE25CE} 2011-11-15 03:23:40 -------- d-----w- C:\Users\Mark\AppData\Local\{323EECC1-6815-49EB-A8F6-FA7A8E5BA6D3} 2011-11-15 03:23:19 -------- d-----w- C:\Users\Mark\AppData\Local\{AD752D29-3896-4E7C-B818-D4BD7AA3FCB2} 2011-11-14 15:22:52 -------- d-----w- C:\Users\Mark\AppData\Local\{9B4B3388-68D8-42E2-B792-E05AFB77AC82} 2011-11-14 15:22:31 -------- d-----w- C:\Users\Mark\AppData\Local\{CD34867C-A563-4E8C-967B-2D2823064CB3} 2011-11-14 03:22:02 -------- d-----w- C:\Users\Mark\AppData\Local\{182F2BD3-4657-449C-9DCC-8A942BD98DCD} 2011-11-14 03:21:40 -------- d-----w- C:\Users\Mark\AppData\Local\{4DFF0E65-BA7A-41D8-9103-318FB2E3B5C6} 2011-11-13 15:21:12 -------- d-----w- C:\Users\Mark\AppData\Local\{42336ACF-6D92-4582-A0E6-EB0E5036239D} 2011-11-13 15:20:51 -------- d-----w- C:\Users\Mark\AppData\Local\{CEC6C1C0-1019-46AB-8820-65392DD34010} 2011-11-13 03:20:21 -------- d-----w- C:\Users\Mark\AppData\Local\{5CBCE850-6D94-46C4-82D9-819D77EA061A} 2011-11-13 03:20:00 -------- d-----w- C:\Users\Mark\AppData\Local\{9DA35DEB-D615-46B3-96F8-699419B77344} 2011-11-13 03:20:00 -------- d-----w- C:\Users\Mark\AppData\Local\{661E4120-E381-4DF5-AFEF-2D1703B30CB5} 2011-11-12 15:19:23 -------- d-----w- C:\Users\Mark\AppData\Local\{2A27A928-0FF7-406B-A1DD-4391708C53C8} 2011-11-12 15:19:02 -------- d-----w- C:\Users\Mark\AppData\Local\{A287E7FC-955D-4C1D-BB2C-2070734D6E60} 2011-11-12 03:18:31 -------- d-----w- C:\Users\Mark\AppData\Local\{FA9DFB57-892D-4350-9F35-A825BF6FA2F0} 2011-11-12 03:18:20 -------- d-----w- C:\Users\Mark\AppData\Local\{3DE52FF3-BFA3-4F2D-8870-8027E8EF7A84} 2011-11-11 02:40:00 -------- d-----w- C:\Users\Mark\AppData\Local\{FF0C0E83-FEDD-4E1A-988D-516A56E8FD70} 2011-11-11 02:39:39 -------- d-----w- C:\Users\Mark\AppData\Local\{E733E609-84EE-48E8-AF93-54499D0A4097} 2011-11-11 02:06:50 -------- d-----w- C:\Users\Mark\AppData\Local\Diagnostics 2011-11-10 16:29:09 -------- d-----w- C:\Users\Mark\AppData\Local\Skyrim 2011-11-10 16:27:59 28168 ----a-w- C:\windows\System32\X3DAudio1_3.dll 2011-11-10 16:26:54 3767504 ----a-w- C:\windows\System32\d3dx9_26.dll 2011-11-10 16:26:54 2297552 ----a-w- C:\windows\SysWow64\d3dx9_26.dll 2011-11-10 14:39:09 -------- d-----w- C:\Users\Mark\AppData\Local\{AE2625E6-228F-469F-860A-114F0638EB1D} 2011-11-10 14:38:58 -------- d-----w- C:\Users\Mark\AppData\Local\{910DED84-38A4-49A9-A1B5-238EFF0F4603} 2011-11-10 02:35:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-10 02:35:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-10 02:35:38 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-10 02:35:20 3144704 ----a-w- C:\windows\System32\win32k.sys 2011-11-10 02:25:38 -------- d-----w- C:\Users\Mark\AppData\Local\{CEA78481-F9F0-47C2-86FF-85582C374D82} 2011-11-10 02:25:26 -------- d-----w- C:\Users\Mark\AppData\Local\{40D3BA25-0961-4BCC-8B3E-AD947625598C} 2011-11-08 01:15:58 -------- d-----w- C:\Users\Mark\AppData\Local\{E337F15B-CDA4-411C-B362-0DF68FC8FBA2} 2011-11-06 13:18:05 -------- d-----w- C:\Users\Mark\AppData\Local\{15710B49-49B1-4BB9-9D5C-5F1D3E197C75} 2011-11-06 13:17:54 -------- d-----w- C:\Users\Mark\AppData\Local\{060EF5B6-EA18-45B5-A38F-F916B4D320BD} 2011-11-06 13:17:40 -------- d-----w- C:\Users\Mark\Tracing 2011-11-06 03:32:36 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-06 03:25:05 -------- d-----w- C:\windows\en 2011-11-06 03:19:48 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-11-06 03:14:40 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\368ba0d91cc9c3201\Silverlight.4.0.exe 2011-11-05 14:58:38 -------- d-----w- C:\Users\Mark\AppData\Local\{FCDC2029-1D01-40BA-992F-6DA45C515C2A} 2011-11-05 14:50:47 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4d67a8341cc9bca03\MeshBetaRemover.exe 2011-11-05 14:48:07 -------- d-----w- C:\Users\Mark\AppData\Local\Windows Live 2011-11-05 14:47:40 -------- d-----w- C:\Users\Mark\AppData\Local\{C1BAA8C2-30A7-4E4D-A642-B1CE0DF5EBF0} 2011-11-05 14:38:27 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2011-11-04 19:22:23 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2011-11-04 19:22:21 -------- d-----w- C:\Program Files (x86)\Steam 2011-11-04 19:22:13 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-11-04 19:06:48 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS 2011-11-04 19:06:48 552960 ----a-w- C:\windows\System32\drivers\bthport.sys 2011-11-03 17:09:36 -------- d-----w- C:\windows\SysWow64\Wat 2011-11-03 17:09:36 -------- d-----w- C:\windows\System32\Wat 2011-11-03 16:59:27 -------- d-----w- C:\Users\Mark\AppData\Roaming\SUPERAntiSpyware.com 2011-11-03 16:57:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-11-03 16:57:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-11-03 16:23:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-11-03 16:08:05 -------- d-----w- C:\Users\Mark\AppData\Roaming\OnlineArmor 2011-11-03 16:08:05 -------- d-----w- C:\ProgramData\OnlineArmor 2011-11-03 16:06:05 59176 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys 2011-11-03 16:06:05 56648 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys 2011-11-03 16:06:05 38064 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys 2011-11-03 16:06:05 32920 ----a-w- C:\windows\System32\drivers\OAnet.sys 2011-11-03 16:06:00 -------- d-----w- C:\Program Files (x86)\Online Armor 2011-11-03 15:49:16 2048 ----a-w- C:\windows\System32\tzres.dll 2011-11-03 15:49:15 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2011-11-03 15:41:59 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2011-11-03 15:41:59 1465344 ----a-w- C:\windows\System32\XpsPrint.dll 2011-11-03 15:18:32 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax 2011-11-03 15:18:32 613888 ----a-w- C:\windows\System32\psisdecd.dll 2011-11-03 15:18:32 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll 2011-11-03 15:18:32 108032 ----a-w- C:\windows\System32\psisrndr.ax 2011-11-02 15:28:07 -------- d-----w- C:\Users\Mark\AppData\Local\Power2Go 2011-11-02 15:25:31 -------- d-----r- C:\Program Files (x86)\Skype 2011-11-02 15:25:16 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe 2011-11-02 15:24:13 -------- d-----w- C:\Program Files\Elantech 2011-11-02 15:24:04 -------- d-----w- C:\Users\Mark\AppData\Local\Broadcom 2011-11-02 15:23:20 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore 2011-11-02 15:23:03 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys 2011-11-02 15:23:03 22056 ----a-w- C:\windows\System32\btwcoins.dll 2011-11-02 15:23:03 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys 2011-11-02 15:23:03 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys 2011-11-02 15:23:02 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys 2011-11-02 15:23:02 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys 2011-11-02 15:22:18 -------- d-----w- C:\Program Files\WIDCOMM 2011-11-02 14:56:14 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2011-10-06 01:49:47 15144 ----a-w- C:\windows\SysWow64\drivers\rtport.sys 2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb . ============= FINISH: 0:19:06.56 =============== I've just learned what the mysterious program was (something to do with the adobe reader installation) and that the erratic webpage behaviour was probably related to noscript so I don't think I'll be needing any help after all. Attach.zip
  2. Thanks. I was mostly worried that those processes were there when I had no Internet Explorer windows open. DDS (Ver_10-03-17.01) - NTFSx86 Run by GOODKELL at 3:08:00.02 on Wed 09/06/2010 Internet Explorer: 8.0.6001.18904 Microsoft
  3. Sorry, I'm back I just noticed that I had 2 instances of iexplore.exe in the task manager even though I didn't have any Internet Explorer windows open. Any suggestions? I've been very careful with my browsing lately too.
  4. Sorry Borislav, one last question I forgot to ask: Should I change my bank passwords from another computer?
  5. Ok thanks for the advice. A couple of questions: 1) Should I use defogger to re-enable whatever I turned off? 2) Do you think it would be safe to do internet banking from my computer? 3) I have noticed that there is a loud humming noise coming from the computer for a while now. The performance is still very good though, and the noise tends to come and then stop very suddenly. Do you think this is anything to be concerned about? Could it be related to this problem?
  6. Everything seems good so far today. Thanks for helping me out. McAfee is not turning itself off, I can navigate to the windows update page again and I haven't noticed any unwanted popups. I shall barrack for Manchester United in your honour. P.S, what do you think of mIRC? I would like to download this program but not if it will compromise my computer.
  7. combofix log: ComboFix 10-06-03.01 - GOODKELL 06/06/2010 4:19.1.4 - x86 Microsoft
  8. I have activated hidden folders and there is still no documents and settings folder. I did a search for java and the only thing it came up with, aside from files about JavaRa, was a file called "Jre-6u16-windows-i586-iftw" and it has the Java icon. Should I do anything with this file?
  9. Hello Borislav. Thanks for your help. Here are the logs you requested. JavaRa: JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Jun 06 03:05:25 2010 Found and removed: C:\Users\GOODKELL\AppData\LocalLow\Sun\Java\jre1.6.0_19------------------------------------Finished reporting. Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4170 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 6/06/2010 3:16:10 AM mbam-log-2010-06-06 (03-16-10).txt Scan type: Quick scan Objects scanned: 124403 Time elapsed: 2 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by GOODKELL at 3:16:45.42 on Sun 06/06/2010 Internet Explorer: 8.0.6001.18904 Microsoft
  10. Hello. I followed the advice in the stickied thread and here are the logs. Thanks for any help. Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 6/06/2010 1:57:40 AM mbam-log-2010-06-06 (01-57-40).txt Scan type: Quick scan Objects scanned: 119098 Time elapsed: 3 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------- DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by GOODKELL at 1:41:06.32 on Sun 06/06/2010 Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19 Microsoft attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.