Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old September 25th, 2010, 03:04 PM
blewweyezz blewweyezz is offline
Senior Member
 
Join Date: Jun 2009
Posts: 102
Any Idea what this is?

Hi Experts...
I found this weird file in my startup and I am worried it might be something icky.... OA009Cfg.exe
I have no idea what it is or where it came from. So I thought I might be able to have someone here take a look for me. Thanks in advance for any help...
Wendy
Reply With Quote


  #2  
Old September 25th, 2010, 05:15 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


If you are using Firefox, when you click the link, it will open on screen as a text file. Just go to the toolbar and click File. Then scroll down to Save as and click on it.

Save as dds.scr
Save as Type: all files


--------------------------
Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.46.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
Reply With Quote
  #3  
Old September 25th, 2010, 06:39 PM
blewweyezz blewweyezz is offline
Senior Member
 
Join Date: Jun 2009
Posts: 102
Thanks for your help...
Here is the "DDS" one....


DDS (Ver_10-03-17.01) - NTFSx86
Run by Wendy at 10:37:16.10 on Sat 09/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1885 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\SftService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\vds.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_Ac tiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Wendy\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine (beta): {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: Conduit Engine (beta): {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [OA009Cfg.exe] OA009Cfg.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
StartupFolder: c:\users\wendy\appdata\roaming\micros~1\windows\st artm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://www.gamehouse.com/games/NightshiftJaguarsEye.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/11 19:20:16];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-11 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filereposi tory\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSr v.exe [2009-12-11 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-13 312152]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-9-2 176408]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-8-15 648432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-11 143968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PermissionResearch;PermissionResearch;c:\program files\permissionresearch\prservice.exe /service --> c:\program files\permissionresearch\prservice.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-10-11 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssflt r.sys [2010-3-14 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1343400]

=============== Created Last 30 ================

2010-09-25 17:33:25 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-25 17:33:25 22288 ----a-w- c:\windows\system32\temp.00B
2010-09-25 17:33:25 143632 ----a-w- c:\windows\system32\temp.00A
2010-09-25 17:33:25 118784 ----a-w- c:\windows\system32\vbalNCSM6.dll
2010-09-25 17:33:24 614672 ----a-w- c:\windows\system32\temp.008
2010-09-25 17:33:24 16896 ----a-w- c:\windows\system32\temp.006
2010-09-25 17:33:24 164112 ----a-w- c:\windows\system32\temp.007
2010-09-25 17:33:24 1453 ----a-w- c:\windows\system32\Project2.INF
2010-09-25 17:33:24 1384448 ----a-w- c:\windows\system32\temp.009
2010-09-25 17:33:23 70088 ----a-w- c:\windows\system32\Project2-1.ocx
2010-09-25 17:33:23 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2010-09-25 17:33:04 0 d-----w- c:\program files\eGames
2010-09-25 17:26:28 0 d-----w- c:\program files\FreshGames
2010-09-25 17:03:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-25 17:03:09 0 d-----w- c:\program files\GameSpy Arcade
2010-09-25 17:02:09 306688 ----a-w- c:\windows\IsUninst.exe
2010-09-25 15:21:11 0 d-----w- c:\programdata\Friends Games
2010-09-25 15:20:53 0 d-----w- c:\program files\AOL Games
2010-09-25 12:34:21 0 d-----w- c:\users\wendy\appdata\roaming\Magic3
2010-09-25 11:12:22 0 d-----w- c:\programdata\Zylom
2010-09-25 11:10:44 0 d-----w- c:\programdata\Enkord
2010-09-25 10:34:35 0 d-----w- c:\programdata\Casual Box
2010-09-25 10:17:55 0 d-----w- c:\programdata\Arowx Games
2010-09-25 09:18:08 42 ----a-w- c:\windows\system32\scud.udf
2010-09-25 07:56:06 632 --sha-r- c:\users\wendy\ntuser.pol
2010-09-25 06:30:18 0 d-----w- c:\programdata\PlayFirst
2010-09-25 04:42:14 0 d-----w- c:\users\wendy\appdata\roaming\EnchantedCavern
2010-09-25 04:34:14 0 d-----w- c:\users\wendy\appdata\roaming\Dekovir
2010-09-25 03:56:52 0 d-----w- c:\users\wendy\appdata\roaming\funkitron
2010-09-25 03:24:08 0 d-----w- c:\programdata\Friday's games
2010-09-25 00:23:22 0 d-----w- c:\users\wendy\appdata\roaming\Cat's Eye Games
2010-09-24 23:18:08 0 d-----w- c:\users\wendy\appdata\roaming\TMInc
2010-09-24 17:32:55 0 d-----w- c:\programdata\Beanbag Studios
2010-09-24 17:21:26 0 d-----w- c:\users\wendy\appdata\roaming\CannyGames
2010-09-24 17:12:30 0 d-----w- c:\users\wendy\appdata\roaming\Magic Match
2010-09-24 12:55:49 0 d-----w- c:\programdata\Alawar Stargaze
2010-09-24 12:21:31 0 d-----w- c:\programdata\Meridian93
2010-09-24 12:21:00 0 d-----w- c:\users\wendy\appdata\roaming\Meridian93
2010-09-24 12:20:19 0 d-----w- c:\users\wendy\appdata\roaming\iWin
2010-09-24 11:53:03 0 d-----w- c:\users\wendy\appdata\roaming\Pirateville
2010-09-24 11:43:36 0 d-----w- c:\users\wendy\appdata\roaming\Gold Casual Games
2010-09-24 11:43:36 0 d-----w- c:\programdata\Gold Casual Games
2010-09-24 10:30:57 0 d-----w- c:\program files\iWin Games
2010-09-17 23:55:29 0 d-----w- c:\program files\LimeWire
2010-09-15 18:43:27 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-12 08:56:20 0 d-----w- c:\program files\common files\xing shared
2010-09-12 08:55:47 0 d-----w- c:\program files\common files\Real
2010-09-12 08:55:46 0 d-----w- c:\programdata\Real
2010-09-03 17:55:50 2267648 ----a-w- c:\windows\system32\prinstaller.msi
2010-09-03 08:16:24 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-09-02 10:00:27 0 d-----w- c:\users\wendy\appdata\roaming\FreeFileViewer
2010-09-02 09:42:51 0 d-----w- c:\users\wendy\appdata\roaming\WeatherBug
2010-09-02 09:42:32 0 d-----w- c:\program files\Free Offers from Freeze.com
2010-09-02 09:42:04 0 d-----w- c:\program files\PriceGong
2010-09-02 09:42:01 0 d-----w- c:\programdata\WeCareReminder
2010-09-01 18:17:59 0 d-----w- c:\users\wendy\appdata\roaming\JoyBits
2010-09-01 11:18:03 0 d-----w- c:\programdata\JollyBear
2010-09-01 11:05:58 0 d-----w- c:\programdata\NeoEdge Networks
2010-09-01 11:03:09 0 d-----w- c:\program files\iWin.com
2010-09-01 10:56:31 0 d-----w- c:\programdata\iWin Games
2010-08-31 16:47:23 0 d-----w- c:\users\wendy\appdata\roaming\SunRay Games
2010-08-31 12:31:10 0 d-----w- c:\users\wendy\appdata\roaming\Arkadium
2010-08-31 12:26:35 0 d-----w- c:\programdata\Sony Online Entertainment
2010-08-31 10:53:05 0 d-----w- c:\program files\Shockwave.com
2010-08-31 10:09:01 0 d-----w- c:\users\wendy\appdata\roaming\Playrix Entertainment
2010-08-31 10:02:20 0 d-----w- c:\users\wendy\appdata\roaming\Big Fish Games
2010-08-31 09:10:25 0 d-sh--w- c:\windows\ftpcache
2010-08-31 09:06:31 0 d-----w- c:\programdata\Slapdash Games
2010-08-31 07:08:39 0 d-----w- c:\programdata\1912 Titanic Mystery
2010-08-31 07:08:34 0 d-----w- c:\users\wendy\appdata\roaming\TitanicMystery
2010-08-31 00:48:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 09_00.Wdf

==================== Find3M ====================

2010-09-12 08:55:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-12 08:55:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-11 17:50:44 75 --sha-r- c:\windows\CT4CET.bin
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-02 19:25:52 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\ro aming\microsoft\windows\ietldcache\index.dat
2010-02-12 09:44:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\l ocal\microsoft\windows\history\history.ie5\mshist0 12010021220100213\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 10:37:56.74 ===============
Reply With Quote
  #4  
Old September 25th, 2010, 06:41 PM
blewweyezz blewweyezz is offline
Senior Member
 
Join Date: Jun 2009
Posts: 102
2nd part...

here is the "Attach" part...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 6:52:46 PM
System Uptime: 9/25/2010 10:24:02 AM (0 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 159.322 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP251: 8/31/2010 4:26:11 PM - Windows Update
RP252: 9/1/2010 9:27:18 PM - Windows Update
RP253: 9/2/2010 1:52:22 AM - Installed WinZip 14.5
RP254: 9/2/2010 2:42:28 AM - Installed WeatherBug
RP255: 9/2/2010 2:43:58 AM - Removed My.Freeze.com NetAssistant
RP256: 9/2/2010 3:13:02 AM - Removed WeatherBug
RP257: 9/3/2010 10:03:14 AM - Windows Update
RP258: 9/4/2010 11:10:27 AM - Windows Update
RP259: 9/6/2010 6:11:18 PM - Windows Update
RP260: 9/7/2010 7:24:23 PM - Windows Update
RP261: 9/7/2010 9:08:15 PM - Windows Update
RP262: 9/9/2010 10:03:56 AM - Windows Update
RP263: 9/10/2010 10:26:34 AM - Windows Update
RP264: 9/11/2010 10:49:58 AM - Windows Update
RP265: 9/12/2010 10:44:54 AM - Windows Update
RP266: 9/13/2010 9:22:31 PM - Windows Update
RP267: 9/14/2010 3:06:42 PM - Installed PermissionResearch
RP268: 9/15/2010 3:12:16 AM - Windows Update
RP269: 9/15/2010 3:57:54 AM - Removed Ning Network Archiver
RP270: 9/16/2010 3:00:21 AM - Windows Update
RP271: 9/16/2010 6:59:48 AM - Windows Update
RP272: 9/17/2010 7:03:05 AM - Windows Update
RP273: 9/18/2010 12:15:03 AM - Windows Update
RP274: 9/19/2010 1:51:52 PM - Windows Update
RP275: 9/20/2010 3:50:28 PM - Windows Update
RP276: 9/22/2010 12:50:56 PM - Windows Update
RP277: 9/23/2010 9:36:51 PM - Windows Update
RP278: 9/24/2010 8:53:07 PM - Installed Java(TM) 6 Update 21
RP279: 9/25/2010 12:54:52 AM - Windows Update
RP281: 9/25/2010 1:17:27 AM - Installed DirectX
RP282: 9/25/2010 7:54:18 AM - Windows Update
RP284: 9/25/2010 10:32:19 AM - Application kill.
RP286: 9/25/2010 10:32:46 AM - Installation

==== Installed Programs ======================

1912 Titanic Mystery (remove only)
7 Wonders 2 (remove only)
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced SystemCare 3
Adventure Inlay Safari Ed (remove only)
Aerial Mahjong (remove only)
Age of Oracles: Tara's Journey (remove only)
AIM 7
Amazonia
Arctic Quest 2 (remove only)
Are You Smarter Than A 5th Grader (remove only)
ASPCA Reminder XPV7-SF by We-Care.com
Bass Audio Decoder (remove only)
Bejeweled Twist (remove only)
Big City Adventure San Francisco (remove only)
Big Fish Games: Game Manager
Big Kahuna Words (remove only)
Cafe Mahjongg (remove only)
Canon Utilities My Printer
CCleaner
Charm Tale (remove only)
COLLAPSE (remove only)
Compatibility Pack for the 2007 Office system
Conduit Engine (beta)
Consumer In-Home Service Agreement
Coupon Printer for Windows
Cubis Gold 2
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Central
eGames Master's Edition 151
Enchanted Cavern (remove only)
Family Feud Hollywood Ed (remove only)
Family Feud™ II (remove only)
ffdshow [rev 2527] [2008-12-19]
Fishdom (remove only)
Fishdom H2O: Hidden Odyssey (remove only)
Game Booster
Geisha: The Secret Garden (remove only)
Hexagon Mahjongg (remove only)
Hidden Magic (remove only)
Hidden Wonders of the Depths (remove only)
Hotel Mahjong (remove only)
IDT Audio
ieSpell
Integrated Webcam Driver (1.02.01.0320)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Intuit SiteBuilder
IObit Security 360
iWin Games (remove only)
Java Auto Updater
Java(TM) 6 Update 21
Jewel Quest (remove only)
Junk Mail filter update
Little Shop - Road Trip
Little Shop: Memories (remove only)
Live! Cam Avatar Creator
Magic Encyclopedia: Illusions (remove only)
Mah Jong Quest (remove only)
Mah Jong Quest II (remove only)
Mah Jong Quest III (remove only)
Mah Jongg Challenge (remove only)
Mahjong Journey of Enlightenment (remove only)
Mahjong Memoirs (remove only)
Mahjongg Championship (remove only)
Mahjongg Dimensions (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
MSVCRT
Mystery of Unicorn Castle (remove only)
Mythic Mahjong (remove only)
Norton Internet Security
OGA Notifier 2.0.0048.0
OpenSource Flash Video Splitter (remove only)
PaltalkScene
PhotoMail Maker
Pirateville (remove only)
PowerDVD DX
Quick Brick v1.62
QuickSet
RealPlayer
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Skype™ 4.2
Slingo Mystery (remove only)
Spelling Dictionaries Support For Adobe Reader 9
The Enchanting Islands (remove only)
The Hidden Object Show (remove only)
The Hidden Object Show 2 (remove only)
The Hidden Prophecies of Nostradamus (remove only)
The Poppit Show (remove only)
Treasure Masters, Inc. (remove only)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Winamp
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinZip 14.5
WorldJongg (remove only)
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

9/25/2010 2:11:07 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
9/25/2010 10:24:16 AM, Error: volmgr [46] - Crash dump initialization failed!

==== End Of File ===========================
Reply With Quote
  #5  
Old September 25th, 2010, 06:51 PM
blewweyezz blewweyezz is offline
Senior Member
 
Join Date: Jun 2009
Posts: 102
Malware bytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4693

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/25/2010 10:50:52 AM
mbam-log-2010-09-25 (10-50-52).txt

Scan type: Quick scan
Objects scanned: 148403
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #6  
Old September 26th, 2010, 05:18 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
I'm getting mixed results on whether or not that file is malware.

Let's start by having you look for the file. Search for
OA009Cfg.exe

When you find it, right click on it and click properties.

On the properties page click the details tab. Can you make a note of what is listed on that page please.


Then let's scan the file using an online site which uses many scanners.

http://www.virscan.org/

At the top of the page, there is a form for use to upload the file. Do that and then please copy and paste the results.

Are you having any issues? Or did that file name just strike you as being odd?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:54 AM.