Comprev Posted December 16, 2010 ID:361596 Share Posted December 16, 2010 OkayToday I was looking up pictures of medieval Europe when I clicked on a picture, and I got an alert saying that av8 had detected suspicious files and needed to scan my computer. I am pretty smart about these things, so I didn't trust it and clicked on the red x (not the smart part )and the online scanner went up anyway. I quickly closed out, so nothing downloaded. Neither MBAM nor Avast detected anything, but I am posting just in case.GMER refused to downloadI should also mention that Adobe Flash has been crashing lately, and I had gone to a bad IP before today.Any help is extremely appreciated,ComprevDDS (Ver_10-12-12.02) - NTFSx86 Run by Jacob at 20:22:16.41 on Wed 12/15/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.276 [GMT -5:00]AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\windows\System32\svchost.exe -k HPZ12C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exeC:\windows\system32\rundll32.exeC:\windows\System32\svchost.exe -k HPZ12C:\windows\SYSTEM32\Rezip.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\taskhost.exeC:\windows\system32\taskeng.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\windows\system32\igfxsrvc.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\windows\system32\igfxext.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k HPServicec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Jacob\Desktop\dds.scrC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsnuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsnuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exeStartupFolder: c:\users\jacob\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\users\jacob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - igfxdev.dll================= FIREFOX ===================FF - ProfilePath - c:\users\jacob\appdata\roaming\mozilla\firefox\profiles\vska8ed1.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisorFF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}============= SERVICES / DRIVERS ===============R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-6 165584]R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-14 10752]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-6 17744]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-6 50768]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-7 40384]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-7-2 93320]R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-12-30 44312]R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-9-14 311296]R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-7 40384]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-7 40384]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-14 187392]R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-9-14 538624]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-22 135664]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 DXYOTS;DXYOTS;c:\users\jacob\appdata\local\temp\DXYOTS.exe [2010-11-22 576384]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]S3 INGBY;INGBY;c:\users\jacob\appdata\local\temp\INGBY.exe [2010-11-22 514944]S3 NJJXINZ;NJJXINZ;c:\users\jacob\appdata\local\temp\NJJXINZ.exe [2010-11-18 523136]S3 SCLKDXPUJFM;SCLKDXPUJFM;c:\users\jacob\appdata\local\temp\SCLKDXPUJFM.exe [2010-11-22 560000]S3 XKD;XKD;c:\users\jacob\appdata\local\temp\XKD.exe [2010-11-18 494464]=============== Created Last 30 ================2010-12-14 21:00:50 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f944883a-d26d-4254-b4f5-79f9038223f4}\mpengine.dll2010-12-14 20:59:27 2327552 ----a-w- c:\windows\system32\win32k.sys2010-11-30 01:03:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-11-30 01:03:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-30 01:03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-11-24 13:23:18 7680 ----a-w- c:\program files\internet explorer\iecompat.dll2010-11-17 03:29:37 -------- d-----w- c:\users\jacob\appdata\roaming\Windows Live Writer2010-11-17 03:29:37 -------- d-----w- c:\users\jacob\appdata\local\Windows Live Writer==================== Find3M ====================2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe2010-09-23 05:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll2010-09-23 05:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR2010-09-21 19:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL2010-09-20 12:51:40 499712 ----a-w- c:\windows\system32\msvcp71.dll2010-09-20 12:51:40 348160 ----a-w- c:\windows\system32\msvcr71.dll============= FINISH: 20:23:57.56 ===============Attach.txt Link to post Share on other sites More sharing options...
Comprev Posted December 16, 2010 Author ID:361599 Share Posted December 16, 2010 Sorry for double post Link to post Share on other sites More sharing options...
Gammo Posted December 19, 2010 ID:362927 Share Posted December 19, 2010 Hi,Please go to: VirusTotalClick the Browse button and search for the following file: c:\users\jacob\appdata\local\temp\DXYOTS.exeClick OpenThen click Send FilePlease be patient while the file is scanned.Once the scan results appear, please provide them in your next reply.If it says already scanned -- click "reanalyze now"Please post the results in your next reply.Do the same with these files:c:\users\jacob\appdata\local\temp\INGBY.exec:\users\jacob\appdata\local\temp\NJJXINZ.exec:\users\jacob\appdata\local\temp\SCLKDXPUJFM.exec:\users\jacob\appdata\local\temp\XKD.exe Link to post Share on other sites More sharing options...
Staff screen317 Posted February 8, 2011 Staff ID:386265 Share Posted February 8, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts