Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV2012 and possible blaster worm.


  • This topic is locked This topic is locked
9 replies to this topic

#1 JDMThoughts

JDMThoughts

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 17 November 2011 - 01:37 AM

So this is the 2nd laptop I have gotten in the last couple months. I use it primarily for school and car stuff. I was looking at pics of cars and saving the images to use on my revolving background. Then I got hit with the AV 2012 non-sense. I am unsure of how this came up. I have my firewall up and working. I have Avast up and running and always updated. I also have MBAM as well. My computer was acting up, but I was able to do an Avast scan which came up empty. The MBAM found 2 threats and removed them. I then ran the Avast boot scan and came up with nothing. I am praying for the moment that everything is good. Computer seems to be running fine. Is there a better firewall to use, or something, I just want this to stop happening, this AV guard destroyed my PC and 1st laptop. I have asked others who frequent the same forums and they have never had the problem. Is something wrong with my settings?

Right now the same thing is happened. I was on cars.com and a little dumb pop up came up and I x'ed it out, then this damn AV 2012 came up. I have MBAM running and it has already found 5 objects.Why the hell isn't Avast doing anything? This is really getting to become frustrating, since I can't figure out where this crap keeps coming from.

The site is a site I have used for years. Never had an issue till these last two months. It's also not the only site I go to either. I have friends who frequent this site as well and they have never had this issue. Trust me, If I knew where this was coming from I wouldn't go there. When I boot the computer, my Norton's comes up saying that the computer hasn't activated it and I am at risk. I don't plan on using Nortons anytime soon. Then little popups in the corner come up saying smartwall has been disabled and the adware has been out of date. Those are just those things that nortons provides. I am using Avast, MBAM, and SAS so I think I have the basics covered do far. Again, the laptop seems to be running fine now after that crap that happened last night, but I don't want to be doing this every couple days.

So that's how this whole thing started, and I was told to post in here by Broni, I will attach the DDS logs next. I can't run GMER since my setup is 64 bit. Thanks in advance for helping me and I look forward to your response.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by John at 1:25:43 on 2011-11-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2319 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BOINC\boinc.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [XEEL9ggTZqjYw] C:\Users\John\AppData\Roaming\dwme.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6} : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6}\34F66666565614275616 : DhcpNameServer = 75.75.75.75 76.76.75.75 192.168.1.1
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6}\6457E6E69764963786D27657563747 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6}\7457563747 : DhcpNameServer = 4.2.2.2 4.2.2.1 4.2.2.3
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6}\74D454E4 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{E4E4CBB4-48D5-4F37-B66D-2081EA3329C6}\F43434F53747574656E64737 : DhcpNameServer = 172.16.129.64 172.16.129.67
TCP: Interfaces\{F94991DE-8B39-45B6-ACFC-90EDFAC80681} : DhcpNameServer = 192.53.104.29
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d166gchb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111028.030\IDSviA64.sys [2011-10-29 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-24 44768]
R2 BOINC;WORLDC~1|World Community Grid;C:\Program Files (x86)\BOINC\boinc.exe [2010-5-27 529152]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-24 1817088]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-10-23 130008]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-24 259192]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-9-24 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-24 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-25 136824]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-9-24 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-17 06:22:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AF30F98-82E5-4154-9375-E34B308F551B}\offreg.dll
2011-11-16 06:02:20 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2011-11-16 06:02:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-16 06:02:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-16 05:20:48 -------- d-----w- C:\Users\John\AppData\Roaming\O55ssWJ7dEL8gZh
2011-11-16 05:20:48 -------- d-----w- C:\Users\John\AppData\Roaming\fXXwwkUUVeOBt
2011-11-16 05:20:40 -------- d-----w- C:\Users\John\AppData\Roaming\GmGG5sQQJ6EK8RZ
2011-11-16 05:20:35 -------- d-----w- C:\Users\John\AppData\Roaming\JcAA11uvD
2011-11-16 05:20:35 -------- d-----w- C:\Users\John\AppData\Roaming\cssQQJ6ddK8fR9T
2011-11-15 21:47:17 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AF30F98-82E5-4154-9375-E34B308F551B}\mpengine.dll
2011-11-09 21:56:20 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:56:19 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:56:17 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:56:12 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-06 14:59:00 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-06 14:59:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-06 14:59:00 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-06 14:59:00 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-06 14:58:59 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-03 19:41:32 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2011-11-03 00:53:22 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-10-31 19:30:46 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-30 21:10:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-29 23:26:51 -------- d-----w- C:\Users\John\AppData\Local\ArcSoft
2011-10-27 23:36:21 -------- d-----w- C:\Users\John\AppData\Local\Diagnostics
2011-10-27 19:57:18 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2011-10-26 20:31:37 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-26 20:31:37 -------- d-----w- C:\Windows\System32\Wat
2011-10-26 03:40:31 -------- d-----w- C:\Users\John\AppData\Roaming\GlarySoft
2011-10-26 02:36:09 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
2011-10-26 02:35:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-26 02:35:53 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-26 02:35:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-26 02:24:01 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-10-25 04:50:24 -------- d-----w- C:\Users\John\AppData\Local\Google
2011-10-25 04:50:07 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-10-25 04:50:06 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-25 04:49:04 41184 ----a-w- C:\Windows\avastSS.scr
2011-10-25 04:48:53 -------- d-----w- C:\ProgramData\AVAST Software
2011-10-25 04:48:53 -------- d-----w- C:\Program Files\AVAST Software
2011-10-24 23:30:59 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-10-24 23:29:59 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-10-24 00:15:30 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys
2011-10-24 00:15:30 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys
2011-10-24 00:15:30 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-10-24 00:15:29 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys
2011-10-24 00:15:29 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys
2011-10-24 00:15:29 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys
2011-10-24 00:15:18 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D
2011-10-23 23:54:21 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-23 21:17:00 -------- d-----w- C:\Update
2011-10-23 20:08:53 -------- d-----w- C:\Users\John\AppData\Roaming\Intel Corporation
2011-10-23 20:06:13 -------- d-----w- C:\Users\John\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-10-24 00:15:30 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-24 21:58:28 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-24 21:58:12 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-24 21:58:12 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-24 21:57:54 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-24 21:57:49 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-24 21:57:41 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-09-24 21:26:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-24 21:25:06 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 1:29:01.17 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 21 November 2011 - 01:50 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 JDMThoughts

JDMThoughts
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 21 November 2011 - 04:56 PM

ComboFix 11-11-21.01 - John 11/21/2011 15:26:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1886 [GMT -5:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\John\Desktop\AV Protection 2011.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-18 20:48 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ED70846-8CC3-430B-8211-873E377AF318}\mpengine.dll
2011-11-16 06:02 . 2011-11-16 06:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-16 06:02 . 2011-11-16 06:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-14 20:39 . 2011-11-14 20:39 -------- d-----w- c:\windows\system32\Macromed
2011-11-09 21:56 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:56 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:56 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 14:59 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-11-06 14:59 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-11-06 14:59 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-06 14:59 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-06 14:58 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-03 19:41 . 2011-11-03 19:41 -------- dc-h--w- c:\programdata\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2011-11-03 00:53 . 2011-11-03 00:53 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-10-30 21:10 . 2011-11-14 20:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 20:31 . 2011-10-26 20:31 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-26 20:31 . 2011-10-26 20:31 -------- d-----w- c:\windows\system32\Wat
2011-10-26 02:35 . 2011-10-26 02:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-26 02:35 . 2011-11-17 06:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-26 02:35 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 02:24 . 2011-10-26 02:24 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-10-25 04:50 . 2011-10-25 04:50 -------- d-----w- c:\program files (x86)\Google
2011-10-25 04:50 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-25 04:50 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-25 04:50 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-25 04:50 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-25 04:50 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-25 04:50 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-25 04:50 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-25 04:49 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-25 04:49 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-25 04:48 . 2011-10-25 04:48 -------- d-----w- c:\programdata\AVAST Software
2011-10-25 04:48 . 2011-10-25 04:48 -------- d-----w- c:\program files\AVAST Software
2011-10-24 23:30 . 2011-05-04 05:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-10-24 23:29 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-10-24 00:15 . 2011-10-25 00:28 -------- d-----w- c:\windows\system32\drivers\NISx64\1206000.01D
2011-10-23 23:54 . 2011-11-21 20:16 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-23 21:17 . 2011-10-25 00:31 -------- d-----w- C:\Update
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\users\Public\Symantec
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2011-10-23 16:04 . 2011-11-17 06:24 -------- d-----w- c:\users\John
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 21:04 . 2011-11-21 21:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ED70846-8CC3-430B-8211-873E377AF318}\offreg.dll
2011-10-24 00:15 . 2011-09-24 22:33 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-23 16:04 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-24 21:58 . 2011-09-24 21:58 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-24 21:58 . 2011-09-24 21:58 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-24 21:58 . 2011-09-24 21:58 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-24 21:57 . 2011-09-24 21:57 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-24 21:57 . 2011-09-24 21:57 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-24 21:57 . 2011-09-24 21:57 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-09-24 21:26 . 2011-09-24 21:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 21:25 . 2011-09-24 21:25 521448 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-05-27 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-05-27 58112]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-15 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111028.030\IDSvia64.sys [2011-10-21 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BOINC;WORLDC~1|World Community Grid;c:\program files (x86)\BOINC\boinc.exe [2010-05-27 529152]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-28 1817088]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-13 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-24 136824]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 04:50]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-28 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-28 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-28 418328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d166gchb.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EffRRZ99hT - c:\users\John\AppData\Roaming\dwme.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2011-11-21 16:12:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 21:12
.
Pre-Run: 448,501,972,992 bytes free
Post-Run: 449,050,963,968 bytes free
.
- - End Of File - - AEA9DA39D41CF85F78AD3ADAA5F9845F

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 22 November 2011 - 09:02 AM

Your ComboFix log is clean.

Please run the Security Check tool and submit the log.

Let me know what problem remains.

#5 JDMThoughts

JDMThoughts
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 22 November 2011 - 03:22 PM

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox (7.0.1) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

#6 JDMThoughts

JDMThoughts
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 22 November 2011 - 09:19 PM

I still have the AV 2011 icon on my desktop and in my start menu. My Avast pulled up 3 virus threats containing the AV2011. I forgot that I only set my av to restart once the computer rebooted after the combofix. Not sure if that affects anything.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 23 November 2011 - 11:33 AM

I still have the AV 2011 icon on my desktop and in my start menu

Delete both.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the correct version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22

===

How is it now?

#8 JDMThoughts

JDMThoughts
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 23 November 2011 - 06:24 PM

Ok, I removed the older version of Java, and have it updated with the most current one. My firefox hasn't prompted me to update it, so I am not sure if there is a newer version available. Is there any other things I should run to make sure everything is clear to go. I haven't spent a lot of time on this laptop with the holiday week being here.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 24 November 2011 - 08:02 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 27 November 2011 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users