Jump to content

Recommended Posts

I've been noticing a lot of formatting errors on various webpages and videos failing to load properly, so I checked my firewall and noticed a program in the autorun section with a gibberish name that I didn't allow. There was also a host of unidentified setup.exes in the firewall. I scanned with malwarebytes and it came up clean but I'm still quite concerned. Thanks for any help you can give me

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Mark at 0:18:54 on 2011-11-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8104.5739 [GMT 10:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Online Armor\OAcat.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\taskeng.exe

C:\windows\SysWOW64\RunDll32.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

C:\windows\system32\hkcmd.exe

C:\windows\system32\igfxtray.exe

C:\windows\system32\igfxpers.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Online Armor\OAreg.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 61.9.211.33 192.168.0.1

TCP: Interfaces\{89A8B879-4601-4828-8C06-8838D4DFFE06} : DhcpNameServer = 61.9.211.33 192.168.0.1

TCP: Interfaces\{89A8B879-4601-4828-8C06-8838D4DFFE06}\24967605F6E64653631454 : DhcpNameServer = 61.9.211.1 61.9.211.33

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO-X64: Samsung BHO Helper - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\o9fs3w2b.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2011-11-4 59176]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2011-11-4 38064]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-16 2009704]

R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2011-11-4 207936]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-16 2655768]

R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 OAnet;OnlineArmor Service;C:\windows\system32\DRIVERS\oanet.sys --> C:\windows\system32\DRIVERS\oanet.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2011-11-4 56648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2011-11-4 4363040]

S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-11-26 14:06:56 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-26 13:41:08 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes

2011-11-26 13:41:01 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-26 13:40:57 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-26 13:40:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-26 13:39:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1246CBF5-6D4F-468F-8D11-B61D48BC6123}\offreg.dll

2011-11-26 13:39:01 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1246CBF5-6D4F-468F-8D11-B61D48BC6123}\mpengine.dll

2011-11-26 13:36:45 -------- d-----w- C:\Users\Mark\AppData\Local\{D5C98C60-8A32-4B80-A1BC-36C10CE124ED}

2011-11-26 13:36:23 -------- d-----w- C:\Users\Mark\AppData\Local\{AFE6D247-5F10-41D6-B3F8-7CF0621298D9}

2011-11-26 13:22:48 -------- d-----w- C:\ProgramData\SecTaskMan

2011-11-26 05:11:00 -------- d-----w- C:\Users\Mark\AppData\Local\{D9A83EFD-FB4A-414B-9F26-F5B04F1044C2}

2011-11-26 05:10:38 -------- d-----w- C:\Users\Mark\AppData\Local\{6D4B4B00-BBC0-4F85-BA44-502BF6B1C30D}

2011-11-25 17:10:14 -------- d-----w- C:\Users\Mark\AppData\Local\{EACEAC8A-B24A-47EE-8723-BF572CF8792E}

2011-11-25 17:09:52 -------- d-----w- C:\Users\Mark\AppData\Local\{7AA8AC00-13FE-4723-B854-169595CB8382}

2011-11-25 05:09:27 -------- d-----w- C:\Users\Mark\AppData\Local\{961B8AEA-366C-495A-885F-76BEFBB5CA54}

2011-11-25 05:09:06 -------- d-----w- C:\Users\Mark\AppData\Local\{BF642142-5D3C-4B4A-9534-CC2E335C5470}

2011-11-24 17:08:38 -------- d-----w- C:\Users\Mark\AppData\Local\{EF12BA9F-17AB-45AB-B227-D33EE397F84E}

2011-11-24 17:08:28 -------- d-----w- C:\Users\Mark\AppData\Local\{C7FAA298-AD57-42FB-BB90-C6DB3AD4A4C5}

2011-11-23 16:38:58 -------- d-----w- C:\Users\Mark\AppData\Local\{7BFDA953-F20B-40B4-99E5-A4500F8EC4FE}

2011-11-23 16:38:37 -------- d-----w- C:\Users\Mark\AppData\Local\{8F56E6FB-5E67-4408-AE5C-5ED9F64A127F}

2011-11-23 04:38:12 -------- d-----w- C:\Users\Mark\AppData\Local\{AA382517-2F69-42FE-8146-413867C55826}

2011-11-23 04:37:51 -------- d-----w- C:\Users\Mark\AppData\Local\{858536A6-E1D5-4A8D-A6BA-133BC3A5B3CD}

2011-11-22 16:37:26 -------- d-----w- C:\Users\Mark\AppData\Local\{61AB22BD-9168-4A89-BA5A-3FC5569BC6C1}

2011-11-22 16:37:04 -------- d-----w- C:\Users\Mark\AppData\Local\{A2D60CD9-EFD4-49AF-91D8-EEC48D4F8028}

2011-11-22 04:36:33 -------- d-----w- C:\Users\Mark\AppData\Local\{47ECF3B3-6E5A-44E9-A478-4C447F00191B}

2011-11-22 04:36:21 -------- d-----w- C:\Users\Mark\AppData\Local\{B046DF30-FF7E-4357-8440-B6EE0F9BC3DB}

2011-11-21 15:23:51 -------- d-----w- C:\Users\Mark\AppData\Local\{E9090287-9DB4-42E8-9806-B9D5FF455C89}

2011-11-21 15:23:30 -------- d-----w- C:\Users\Mark\AppData\Local\{C262B90B-80A6-44F1-9567-B13E0E814D1E}

2011-11-21 03:23:04 -------- d-----w- C:\Users\Mark\AppData\Local\{74CFA12E-B3E5-4133-AE75-E30B90E66E17}

2011-11-21 03:22:41 -------- d-----w- C:\Users\Mark\AppData\Local\{51207045-3224-418D-AD3D-AF741D186608}

2011-11-20 15:22:16 -------- d-----w- C:\Users\Mark\AppData\Local\{FD2B49A4-1C9B-47A9-AB98-E5E2412356C0}

2011-11-20 15:21:55 -------- d-----w- C:\Users\Mark\AppData\Local\{31511311-806E-40C5-81BA-D825BA167570}

2011-11-20 03:21:24 -------- d-----w- C:\Users\Mark\AppData\Local\{D8F6CD0C-6EE3-4472-A7F8-24F6E02C5981}

2011-11-20 03:21:05 -------- d-----w- C:\Users\Mark\AppData\Local\{52719E36-2013-4762-8C30-731E3DB70723}

2011-11-19 07:12:11 -------- d-----w- C:\Users\Mark\AppData\Local\{4865A590-F78F-4B8A-986F-3C0E0E0DCB82}

2011-11-19 07:12:00 -------- d-----w- C:\Users\Mark\AppData\Local\{0414F21E-A87F-45CE-BB69-12B06F0B33D4}

2011-11-18 15:32:38 -------- d-----w- C:\Users\Mark\AppData\Local\{B5BDA405-5768-4C08-AC51-D0B414FB884A}

2011-11-18 15:32:16 -------- d-----w- C:\Users\Mark\AppData\Local\{E9D0731A-EACE-41F9-9C2E-C48632AB436B}

2011-11-18 03:31:47 -------- d-----w- C:\Users\Mark\AppData\Local\{9D6847B2-9C00-41C7-A832-CA722DBAB932}

2011-11-18 03:31:35 -------- d-----w- C:\Users\Mark\AppData\Local\{EE916EE7-8602-4E1C-9D83-0F2FA436CCF6}

2011-11-17 15:27:46 -------- d-----w- C:\Users\Mark\AppData\Local\{8EB0A935-103E-4835-8A6D-C4087EA90396}

2011-11-17 15:27:24 -------- d-----w- C:\Users\Mark\AppData\Local\{007FC6C9-FD5A-446E-9ADC-94DA627B7091}

2011-11-17 03:26:57 -------- d-----w- C:\Users\Mark\AppData\Local\{C5FAA609-850C-42E5-928F-39DAE1E3E6D6}

2011-11-17 03:26:35 -------- d-----w- C:\Users\Mark\AppData\Local\{FEF5587D-7B02-45C7-B7E7-53F552F7FC8B}

2011-11-16 15:26:09 -------- d-----w- C:\Users\Mark\AppData\Local\{CE0EC381-0C4A-43F4-89D4-4259F9DEE43B}

2011-11-16 15:25:48 -------- d-----w- C:\Users\Mark\AppData\Local\{C605E7A2-33C9-4ECC-AF48-ADFF947995E0}

2011-11-16 03:25:20 -------- d-----w- C:\Users\Mark\AppData\Local\{66AC5CB2-DAE4-4C2D-B5B7-0F24B6AF3C6A}

2011-11-16 03:24:59 -------- d-----w- C:\Users\Mark\AppData\Local\{2D029DF8-8B41-4FB9-A056-ACBDCA87B13E}

2011-11-15 15:24:30 -------- d-----w- C:\Users\Mark\AppData\Local\{FA388D0D-62C8-423D-AC21-4BB21ACC6C08}

2011-11-15 15:24:08 -------- d-----w- C:\Users\Mark\AppData\Local\{7C511A28-E987-4202-8866-DE3113BE25CE}

2011-11-15 03:23:40 -------- d-----w- C:\Users\Mark\AppData\Local\{323EECC1-6815-49EB-A8F6-FA7A8E5BA6D3}

2011-11-15 03:23:19 -------- d-----w- C:\Users\Mark\AppData\Local\{AD752D29-3896-4E7C-B818-D4BD7AA3FCB2}

2011-11-14 15:22:52 -------- d-----w- C:\Users\Mark\AppData\Local\{9B4B3388-68D8-42E2-B792-E05AFB77AC82}

2011-11-14 15:22:31 -------- d-----w- C:\Users\Mark\AppData\Local\{CD34867C-A563-4E8C-967B-2D2823064CB3}

2011-11-14 03:22:02 -------- d-----w- C:\Users\Mark\AppData\Local\{182F2BD3-4657-449C-9DCC-8A942BD98DCD}

2011-11-14 03:21:40 -------- d-----w- C:\Users\Mark\AppData\Local\{4DFF0E65-BA7A-41D8-9103-318FB2E3B5C6}

2011-11-13 15:21:12 -------- d-----w- C:\Users\Mark\AppData\Local\{42336ACF-6D92-4582-A0E6-EB0E5036239D}

2011-11-13 15:20:51 -------- d-----w- C:\Users\Mark\AppData\Local\{CEC6C1C0-1019-46AB-8820-65392DD34010}

2011-11-13 03:20:21 -------- d-----w- C:\Users\Mark\AppData\Local\{5CBCE850-6D94-46C4-82D9-819D77EA061A}

2011-11-13 03:20:00 -------- d-----w- C:\Users\Mark\AppData\Local\{9DA35DEB-D615-46B3-96F8-699419B77344}

2011-11-13 03:20:00 -------- d-----w- C:\Users\Mark\AppData\Local\{661E4120-E381-4DF5-AFEF-2D1703B30CB5}

2011-11-12 15:19:23 -------- d-----w- C:\Users\Mark\AppData\Local\{2A27A928-0FF7-406B-A1DD-4391708C53C8}

2011-11-12 15:19:02 -------- d-----w- C:\Users\Mark\AppData\Local\{A287E7FC-955D-4C1D-BB2C-2070734D6E60}

2011-11-12 03:18:31 -------- d-----w- C:\Users\Mark\AppData\Local\{FA9DFB57-892D-4350-9F35-A825BF6FA2F0}

2011-11-12 03:18:20 -------- d-----w- C:\Users\Mark\AppData\Local\{3DE52FF3-BFA3-4F2D-8870-8027E8EF7A84}

2011-11-11 02:40:00 -------- d-----w- C:\Users\Mark\AppData\Local\{FF0C0E83-FEDD-4E1A-988D-516A56E8FD70}

2011-11-11 02:39:39 -------- d-----w- C:\Users\Mark\AppData\Local\{E733E609-84EE-48E8-AF93-54499D0A4097}

2011-11-11 02:06:50 -------- d-----w- C:\Users\Mark\AppData\Local\Diagnostics

2011-11-10 16:29:09 -------- d-----w- C:\Users\Mark\AppData\Local\Skyrim

2011-11-10 16:27:59 28168 ----a-w- C:\windows\System32\X3DAudio1_3.dll

2011-11-10 16:26:54 3767504 ----a-w- C:\windows\System32\d3dx9_26.dll

2011-11-10 16:26:54 2297552 ----a-w- C:\windows\SysWow64\d3dx9_26.dll

2011-11-10 14:39:09 -------- d-----w- C:\Users\Mark\AppData\Local\{AE2625E6-228F-469F-860A-114F0638EB1D}

2011-11-10 14:38:58 -------- d-----w- C:\Users\Mark\AppData\Local\{910DED84-38A4-49A9-A1B5-238EFF0F4603}

2011-11-10 02:35:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-10 02:35:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-10 02:35:38 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-11-10 02:35:20 3144704 ----a-w- C:\windows\System32\win32k.sys

2011-11-10 02:25:38 -------- d-----w- C:\Users\Mark\AppData\Local\{CEA78481-F9F0-47C2-86FF-85582C374D82}

2011-11-10 02:25:26 -------- d-----w- C:\Users\Mark\AppData\Local\{40D3BA25-0961-4BCC-8B3E-AD947625598C}

2011-11-08 01:15:58 -------- d-----w- C:\Users\Mark\AppData\Local\{E337F15B-CDA4-411C-B362-0DF68FC8FBA2}

2011-11-06 13:18:05 -------- d-----w- C:\Users\Mark\AppData\Local\{15710B49-49B1-4BB9-9D5C-5F1D3E197C75}

2011-11-06 13:17:54 -------- d-----w- C:\Users\Mark\AppData\Local\{060EF5B6-EA18-45B5-A38F-F916B4D320BD}

2011-11-06 13:17:40 -------- d-----w- C:\Users\Mark\Tracing

2011-11-06 03:32:36 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-06 03:25:05 -------- d-----w- C:\windows\en

2011-11-06 03:19:48 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-06 03:14:40 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\368ba0d91cc9c3201\Silverlight.4.0.exe

2011-11-05 14:58:38 -------- d-----w- C:\Users\Mark\AppData\Local\{FCDC2029-1D01-40BA-992F-6DA45C515C2A}

2011-11-05 14:50:47 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4d67a8341cc9bca03\MeshBetaRemover.exe

2011-11-05 14:48:07 -------- d-----w- C:\Users\Mark\AppData\Local\Windows Live

2011-11-05 14:47:40 -------- d-----w- C:\Users\Mark\AppData\Local\{C1BAA8C2-30A7-4E4D-A642-B1CE0DF5EBF0}

2011-11-05 14:38:27 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-11-04 19:22:23 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-11-04 19:22:21 -------- d-----w- C:\Program Files (x86)\Steam

2011-11-04 19:22:13 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-11-04 19:06:48 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS

2011-11-04 19:06:48 552960 ----a-w- C:\windows\System32\drivers\bthport.sys

2011-11-03 17:09:36 -------- d-----w- C:\windows\SysWow64\Wat

2011-11-03 17:09:36 -------- d-----w- C:\windows\System32\Wat

2011-11-03 16:59:27 -------- d-----w- C:\Users\Mark\AppData\Roaming\SUPERAntiSpyware.com

2011-11-03 16:57:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-11-03 16:57:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-11-03 16:23:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-11-03 16:08:05 -------- d-----w- C:\Users\Mark\AppData\Roaming\OnlineArmor

2011-11-03 16:08:05 -------- d-----w- C:\ProgramData\OnlineArmor

2011-11-03 16:06:05 59176 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys

2011-11-03 16:06:05 56648 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys

2011-11-03 16:06:05 38064 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys

2011-11-03 16:06:05 32920 ----a-w- C:\windows\System32\drivers\OAnet.sys

2011-11-03 16:06:00 -------- d-----w- C:\Program Files (x86)\Online Armor

2011-11-03 15:49:16 2048 ----a-w- C:\windows\System32\tzres.dll

2011-11-03 15:49:15 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-11-03 15:41:59 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2011-11-03 15:41:59 1465344 ----a-w- C:\windows\System32\XpsPrint.dll

2011-11-03 15:18:32 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax

2011-11-03 15:18:32 613888 ----a-w- C:\windows\System32\psisdecd.dll

2011-11-03 15:18:32 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll

2011-11-03 15:18:32 108032 ----a-w- C:\windows\System32\psisrndr.ax

2011-11-02 15:28:07 -------- d-----w- C:\Users\Mark\AppData\Local\Power2Go

2011-11-02 15:25:31 -------- d-----r- C:\Program Files (x86)\Skype

2011-11-02 15:25:16 -------- d-----w- C:\Users\Mark\AppData\Local\Adobe

2011-11-02 15:24:13 -------- d-----w- C:\Program Files\Elantech

2011-11-02 15:24:04 -------- d-----w- C:\Users\Mark\AppData\Local\Broadcom

2011-11-02 15:23:20 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore

2011-11-02 15:23:03 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys

2011-11-02 15:23:03 22056 ----a-w- C:\windows\System32\btwcoins.dll

2011-11-02 15:23:03 21416 ----a-w- C:\windows\System32\drivers\btwrchid.sys

2011-11-02 15:23:03 138280 ----a-w- C:\windows\System32\drivers\btwavdt.sys

2011-11-02 15:23:02 348712 ----a-w- C:\windows\System32\drivers\btwampfl.sys

2011-11-02 15:23:02 106536 ----a-w- C:\windows\System32\drivers\btwaudio.sys

2011-11-02 15:22:18 -------- d-----w- C:\Program Files\WIDCOMM

2011-11-02 14:56:14 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2011-10-06 01:49:47 15144 ----a-w- C:\windows\SysWow64\drivers\rtport.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

.

============= FINISH: 0:19:06.56 ===============

I've just learned what the mysterious program was (something to do with the adobe reader installation) and that the erratic webpage behaviour was probably related to noscript so I don't think I'll be needing any help after all.

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.