Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem after installing "Super"


  • This topic is locked This topic is locked
12 replies to this topic

#1 SafeDragon

SafeDragon

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 21 July 2012 - 01:28 PM

Hi, I have a Sony Vaio all-in-one, Windows 7 Home Premium, 64bit desktop, with service pack 1, with 4G RAM and DVD-RW/BD-ROM drive.

There are two user accounts on it, and installed is the Comodo Internet Security suite.

I was helped before here with a Happili redirect problem, and everything has been working great (thanks for that, by the way!) but my sister (whose computer this is) needed some conversion/editing software, and since "Super" worked well for that for me (though it's been a few years), that's what I recommended. After she installed it (here's a screenshot) the computer started acting funny, and constantly tried to stick a program into the startup processes (as seen in this screenshot). WinPatrol recommended a technique for stopping that, but something is preventing WinPatrol from opening.

I ran Malwarebytes (with the results in this screenshot) and deleted everything on the list (not just the selected ones) and reran it after a restart, finding nothing. WinPatrol still won't open, and the popup still keeps popping up.

So, per the topic-starting rules, I ran Defogger, and DDS, and GMER, and am posting the logs below.

Thank you again so much for whatever help or advice you can share, I really appreciate it :)


[DDS Log:]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421

BrowserJavaVersion: 1.6.0_31
Run by Ja K at 7:53:00 on 2012-07-21
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.3943.2298 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-

2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-

831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-

051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-

1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security

\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k

LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal

Edition\mainserv.exe
C:\Program Files (x86)\Bluetooth Suite

\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite

\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Services\IPT

\jhi_service.exe
C:\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center

\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal

Edition\dataserv.exe
C:\Program Files (x86)\Sony\VAIO Control Center

\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center

\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink

\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft

Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update

\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update

\1.3.21.115\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security

\cfp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol

\WinPatrol.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Ja K\AppData\Roaming\Dropbox\bin

\Dropbox.exe
C:\Program Files (x86)\APC\APC PowerChute Personal

Edition\apcsystray.exe
C:\Program Files\Sony\VAIO Smart Network

\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network

\VSNClient.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management

Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service

\Oasis2Service.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts

\KeyboardShortcuts.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual

Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management

\SPMService.exe
C:\Program Files (x86)\Symantec\VIP Access Client

\VIPAppService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management

Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink

\InputPersonalization.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-

a596-fa578c2ebdc3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {22c85e5e-3be9-

7a1a-7239-3e5961f46544} - C:\Windows

\SysWOW64\remoteppg.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-

d30e9a66b6ba} - C:\Program Files (x86)\AVG

\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-

4e65e497c8c0} - C:\Program Files (x86)\AVG

\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22

-b7f9-0bbc1d38a37e} - C:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-

462c-b6eb-d4daf1d92d43} - C:\Program Files

(x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-

11ac1fdf8126} - C:\Program Files (x86)\Bluetooth

Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02

-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-

8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-

4959-ba22-42b3008e02ff} - C:

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-

4d49-a4f7-d6f88a917be6} - C:\Program Files

(x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-

435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone

\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel

\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PMBVolumeWatcher] C:\Program Files

(x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG

\AVG2012\avgtray.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP

Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\JA_K~1\AppData\Roaming

\MICROS~1\Windows\STARTM~1\Programs\Startup

\Dropbox.lnk - C:\Users\Ja K\AppData\Roaming

\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program

Files (x86)\APC\APC PowerChute Personal Edition

\Display.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5

(0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3

(0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:

\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} -

res://C:\Program Files (x86)\Evernote\Evernote

\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program

Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program

Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} -

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program

Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -

{FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program

Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-

windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5A7F6C92-AF34-4702-BE94-

CA2AD7A94DC1} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-

00B0D022E945} - C:\Program Files (x86)\Common Files

\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-

FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-

B298-07617B9B86A8} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-

83F89B8E6324} - C:\Program Files (x86)\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6

-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283

-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {22C85E5E-

3BE9-7A1A-7239-3E5961F46544} - C:\Windows

\SysWOW64\remoteppg.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-

AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG

\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-

4E65E497C8C0} - C:\Program Files (x86)\AVG

\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter -

No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-

4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-

D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-

8601-11AC1FDF8126} - C:\Program Files

(x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-

8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-

0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Symantec VIP Access Add-On: {C63CD127-

A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files

(x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO-X64: IEPlugin - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-

A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No

File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel

\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [PMBVolumeWatcher] C:\Program Files

(x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG

\AVG2012\avgtray.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP

Studios\WinPatrol\winpatrol.exe -expressboot
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} -

res://C:\Program Files (x86)\Evernote\Evernote

\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-

DDA6-4420-B3BA-52453494E6CD} - C:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ja K\AppData\Roaming

\Mozilla\Firefox\Profiles\ntyjd5ms.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:

\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:

\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader

10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin

\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin

\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft

Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go

\npmediago.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth

3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live

\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS

\avgidsha.sys --> C:\Windows\system32\DRIVERS

\avgidsha.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows

\system32\DRIVERS\avgtdia.sys --> C:\Windows

\system32\DRIVERS\avgtdia.sys [?]
R1 cmderd;COMODO Internet Security Eradication

Driver;C:\Windows\system32\DRIVERS\cmderd.sys -->

C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox

Driver;C:\Windows\system32\DRIVERS\cmdguard.sys -->

C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:

\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows

\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:

\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:

\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows

\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:

\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe [2012-1-3 63928]
R2 APC Data Service;APC Data Service;C:\Program

Files (x86)\APC\APC PowerChute Personal Edition

\dataserv.exe [2010-9-14 21880]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex

Agent;C:\Program Files (x86)\Bluetooth Suite

\Ath_CoexAgent.exe [2011-6-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files

(x86)\Bluetooth Suite\AdminService.exe [2011-6-15

91296]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG

\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage

Technology;C:\Program Files (x86)\Intel\Intel®

Rapid Storage Technology\IAStorDataMgrSvc.exe [2011

-8-14 13336]
R2 jhi_service;Intel® Identity Protection

Technology Host Interface Service;C:\Program Files

(x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24

212944]
R2 Oasis2Service;Oasis2Service;C:\Program Files

(x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-6-

15 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:

\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 rimspci;rimspci;C:\Windows\system32\drivers

\rimssne64.sys --> C:\Windows\system32\drivers

\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers

\risdsnxc64.sys --> C:\Windows\system32\drivers

\risdsnxc64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:

\Program Files\Sony\VAIO Care\VCPerfService.exe

[2011-7-22 259512]
R2 uCamMonitor;CamMonitor;C:\Program Files

(x86)\ArcSoft\Magic-i Visual Effects

2\uCamMonitor.exe [2011-2-23 105024]
R2 UNS;Intel® Management and Security Application

User Notification Service;C:\Program Files

(x86)\Intel\Intel® Management Engine Components

\UNS\UNS.exe [2011-8-14 2656536]
R2 VAIO Power Management;VAIO Power Management;C:

\Program Files\Sony\VAIO Power Management

\SPMService.exe [2011-8-14 552584]
R2 VIPAppService;VIPAppService;C:\Program Files

(x86)\Symantec\VIP Access Client\VIPAppService.exe

[2011-4-13 84088]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO

Smart Network\VSNService.exe [2011-8-14 969352]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual

Effect;C:\Windows\system32\DRIVERS

\ArcSoftKsUFilter.sys --> C:\Windows

\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:

\Windows\system32\DRIVERS\btath_flt.sys --> C:

\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:

\Windows\system32\drivers\btath_a2dp.sys --> C:

\Windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:

\Windows\system32\drivers\btath_avdt.sys --> C:

\Windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows

\system32\drivers\btath_bus.sys --> C:\Windows

\system32\drivers\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:

\Windows\system32\drivers\btath_hcrp.sys --> C:

\Windows\system32\drivers\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows

\system32\DRIVERS\btath_lwflt.sys --> C:\Windows

\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows

\system32\drivers\btath_rcp.sys --> C:\Windows

\system32\drivers\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS

\btfilter.sys --> C:\Windows\system32\DRIVERS

\btfilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows

\system32\DRIVERS\IntcDAud.sys --> C:\Windows

\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:

\Windows\system32\drivers\HECIx64.sys --> C:

\Windows\system32\drivers\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub

Driver;C:\Windows\system32\drivers\nusb3hub.sys -->

C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host

Controller Driver;C:\Windows\system32\drivers

\nusb3xhc.sys --> C:\Windows\system32\drivers

\nusb3xhc.sys [?]
R3 NWVoltron;NextWindow Voltron Touch Screen;C:

\Windows\system32\drivers\NWVoltron.sys --> C:

\Windows\system32\drivers\NWVoltron.sys [?]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker

(V);C:\Windows\system32\drivers\NWWakeFilterV.sys

--> C:\Windows\system32\drivers\NWWakeFilterV.sys

[?]
R3 pneteth;PdaNet Broadband;C:\Windows

\system32\DRIVERS\pneteth.sys --> C:\Windows

\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows

\system32\DRIVERS\Rt64win7.sys --> C:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows

\system32\drivers\SFEP.sys --> C:\Windows

\system32\drivers\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO

Care\VCService.exe [2011-7-24 53176]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update

Common\VUAgent.exe [2011-6-30 1380480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET

Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET

Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2012-4-27 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files

(x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player

Update Service;C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows

\system32\Drivers\AthDfu.sys --> C:\Windows

\system32\Drivers\AthDfu.sys [?]
S3 e1yexpress;Intel® Gigabit Network Connections

Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys -->

C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2012-4-27 116648]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:

\Windows\system32\drivers\hidkmdf.sys --> C:

\Windows\system32\drivers\hidkmdf.sys [?]
S3 Microsoft SharePoint Workspace Audit

Service;Microsoft SharePoint Workspace Audit

Service;C:\Program Files\Microsoft Office

\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance

Service;C:\Program Files (x86)\Mozilla Maintenance

Service\maintenanceservice.exe [2012-4-26 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files

\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:

\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010

-1-9 4925184]
S3 PTAPCBUS;Pantech Android USB Composite Device

(PTAPC);C:\Windows\system32\DRIVERS\PTAPCBUS.sys -->

C:\Windows\system32\DRIVERS\PTAPCBUS.sys [?]
S3 PTAPCMDM;Pantech Android USB Modem Drivers

(PTAPC);C:\Windows\system32\DRIVERS\PTAPCMDM.sys -->

C:\Windows\system32\DRIVERS\PTAPCMDM.sys [?]
S3 PTAPCVSP;Pantech Android USB Serial Port

(PTAPC);C:\Windows\system32\DRIVERS\PTAPCVSP.sys -->

C:\Windows\system32\DRIVERS\PTAPCVSP.sys [?]
S3 SOHCImp;VAIO Content Importer;C:\Program Files

(x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

[2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files

(x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

[2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:

\Program Files\Common Files\Sony Shared\VAIO

Entertainment Platform\SPF\SpfService64.exe [2011-1

-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers

\tsusbflt.sys --> C:\Windows\system32\drivers

\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:

\Windows\system32\drivers\TsUsbGD.sys --> C:

\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files

(x86)\Common Files\Sony Shared\VAIO Content Folder

Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent

Analyzing Manager;C:\Program Files\Sony\VCM

Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-

5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent

Network Service Manager;C:\Program Files\Sony\VCM

Intelligent Network Service Manager\VcmINSMgr.exe

[2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML

Interface;C:\Program Files\Common Files\Sony Shared

\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies

Service;C:\Windows\system32\Wat\WatAdminSvc.exe -->

C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections

service;C:\Program Files\Windows Live\Mesh

\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-17 20:21:08 719872 ----a-w- C:

\Windows\SysWow64\devil.dll
2012-07-17 20:21:08 70656 ----a-w- C:

\Windows\SysWow64\yv12vfw.dll
2012-07-17 20:21:08 70656 ----a-w- C:

\Windows\SysWow64\i420vfw.dll
2012-07-17 20:21:08 369152 ----a-w- C:

\Windows\SysWow64\avisynth.dll
2012-07-17 20:21:08 32256 ----a-w- C:

\Windows\SysWow64\AVSredirect.dll
2012-07-17 20:21:05 -------- d-----w-

C:\Program Files (x86)\AviSynth 2.5
2012-07-17 20:16:44 -------- d-----w-

C:\Program Files (x86)\eRightSoft
2012-07-12 07:14:07 9822920 ----a-w- C:

\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-10 22:30:52 3148800 ----a-w- C:

\Windows\System32\win32k.sys
2012-07-10 21:19:50 2004480 ----a-w- C:

\Windows\System32\msxml6.dll
2012-07-05 13:19:00 -------- d-----w-

C:\Program Files (x86)\Evernote
2012-06-25 23:04:24 1394248 ----a-w- C:

\Windows\SysWow64\msxml4.dll
2012-06-23 09:35:09 -------- d-----w-

C:\Users\Ja K\AppData\Local\Macromedia
2012-06-21 17:35:58 2622464 ----a-w- C:

\Windows\System32\wucltux.dll
2012-06-21 17:35:44 99840 ----a-w- C:

\Windows\System32\wudriver.dll
2012-06-21 17:35:31 36864 ----a-w- C:

\Windows\System32\wuapp.exe
2012-06-21 17:35:31 186752 ----a-w- C:

\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 07:14:12 70344 ----a-w- C:

\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:14:12 426184 ----a-w- C:

\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:

\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 1881600 ----a-w- C:

\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:

\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:

\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:

\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:

\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:

\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:

\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:

\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:

\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:

\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:

\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:

\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:

\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:

\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:

\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:

\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:

\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:

\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:

\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:

\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:

\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:

\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:

\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:

\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:

\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:

\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:

\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:

\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:

\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:

\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:

\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:

\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:

\Windows\System32\rdrmemptylst.exe
2012-04-26 01:16:31 472808 ----a-w- C:

\Windows\SysWow64\deployJava1.dll
2012-04-24 05:37:37 184320 ----a-w- C:

\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:

\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:

\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:

\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:

\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:

\Windows\SysWow64\cryptnet.dll
2006-05-03 19:06:54 163328 --sha-r- C:

\Windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- C:

\Windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- C:

\Windows\SysWOW64\nbDX.dll
2010-01-07 07:00:00 107520 --sha-r- C:

\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 7:56:16.00 ===============


[GMER Log:]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-21 09:31:29
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ed47716
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78da75d4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ed47716 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78da75d4 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPER \xa9\SUPER \xa9.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER \xa9\SUPER \xa9.lnk 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\17721745-89B2-48EB-B97F-FE3460B0F781.data 136192 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\17721745-89B2-48EB-B97F-FE3460B0F781.data.info 166 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\198EAA29-6CEA-48A2-A209-58C66F042E83.data 4475037 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\198EAA29-6CEA-48A2-A209-58C66F042E83.data.info 156 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\65A31ECB-55CE-48AD-A076-CBA4C372D4EA.data 607260 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\65A31ECB-55CE-48AD-A076-CBA4C372D4EA.data.info 126 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B390932-7F55-4CB5-8E1F-79B4CCC339A3.data 607260 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B390932-7F55-4CB5-8E1F-79B4CCC339A3.data.info 130 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C5BF3E2-F6AB-4B61-8119-D4459DDE7A45.data 4731392 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C5BF3E2-F6AB-4B61-8119-D4459DDE7A45.data.info 120 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CCA7FE26-855B-4DA8-998D-C7BA64AD8F3E.data 131072 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CCA7FE26-855B-4DA8-998D-C7BA64AD8F3E.data.info 158 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 26 July 2012 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461777 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 July 2012 - 04:03 PM

Hi!

The helper bot might be silly, but it's cute as a button!

Here's the info it asked me to supply:

Computer Specs:
Sony Vaio all-in-one desktop with touch screen, running Windows 7 Home Premium SP1 64-bit version. Intel Core i3-2330M CPU @ 2.20GHz. 4 GB RAM.
There are two user accounts on it, and the main A/V is Comodo Internet Security suite, though it has Malwarebytes, and WinPatrol also.

The Problem:
- WinPatrol won't launch.
- There seems to be lingering malware
After installing the video conversion tool "Super" (as seen in this screen shot) the computer began acting "off" and WinPatrol detected that a weird thing was trying to put it self into the start-up process. But telling WinPatrol not to do so didn't work, and the alert keeps popping open, as well as a browser page explaining how to get this to stop (as seen in this screen shot).

However, when I tried to open WinPatrol, as instructed on its own webpage, it wouldn't launch.

Done so far:
1.
I ran a Malwarebytes scan, which found some malware (as seen in this screen shot) and deleted everything in the list (not just the ones selected).
2.
I did not yet run a Comodo scan, though it does seem to have detected something from around the same time (as seen in this screen shot) but I can run a full Comodo scan if requested.
3.
I was instructed by a Malware Response Team member in a PM to start a topic here to deal with the WinPatrol-blocking problem and something called "Codec-V".
4.
I ran defogger and DDS, as per the "before you post" guidelines (log is in first post of this topic) but I have run it again, as per the helper bot's instructions. (the new log is posted below -- please note that the first time I ran DDS, I did not have Comodo "exited", nor did I have my internet disconnected, because these steps are unique to the helper bot instructions, as far as I can tell). Also, even though the guidelines said to attach the "attach" log, DDS's instructions said to only do so if requested, so I can if it is.
5.
I ran GMER and posted the log, however I missed where it said to skip the step if your Windows is 64-bit, but it was more clearly labelled in the helper bot instructions, so I have not run GMER again. However, the GMER window from the first scan is still open (I have kept the PC in sleep mode) in case anything needs to be done with it before it's closed.
6.
I do not think the Vaio came with a separate Windows CD/DVD, though I can try digging the box out of the garage if it's necessary. I have not made a recovery disc for it either.


Okay, I think that's everything. The helper bot message apologized for things taking so long, but it's absolutely no problem, since I know how swamped you guys are. You're awesome, and I appreciate anything you can help me with :)

Thanks,
SD


[DDS log:]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ja K at 12:36:37 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2521 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Ja K\Desktop\gmer.exe
C:\Windows\splwow64.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {22c85e5e-3be9-7a1a-7239-3e5961f46544} - C:\Windows\SysWOW64\remoteppg.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\JA_K~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5A7F6C92-AF34-4702-BE94-CA2AD7A94DC1} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {22C85E5E-3BE9-7A1A-7239-3E5961F46544} - C:\Windows\SysWOW64\remoteppg.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO-X64: IEPlugin - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-6-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-6-15 91296]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-14 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-6-15 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsnxc64.sys --> C:\Windows\system32\drivers\risdsnxc64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-7-22 259512]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-14 2656536]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-8-14 552584]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-8-14 969352]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 NWVoltron;NextWindow Voltron Touch Screen;C:\Windows\system32\drivers\NWVoltron.sys --> C:\Windows\system32\drivers\NWVoltron.sys [?]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\Windows\system32\drivers\NWWakeFilterV.sys --> C:\Windows\system32\drivers\NWWakeFilterV.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-7-24 53176]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-6-30 1380480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 116648]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\drivers\hidkmdf.sys --> C:\Windows\system32\drivers\hidkmdf.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);C:\Windows\system32\DRIVERS\PTAPCBUS.sys --> C:\Windows\system32\DRIVERS\PTAPCBUS.sys [?]
S3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);C:\Windows\system32\DRIVERS\PTAPCMDM.sys --> C:\Windows\system32\DRIVERS\PTAPCMDM.sys [?]
S3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);C:\Windows\system32\DRIVERS\PTAPCVSP.sys --> C:\Windows\system32\DRIVERS\PTAPCVSP.sys [?]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-27 15:15:29 9821896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-24 04:32:11 -------- d-----w- C:\c81fd924239d2888da
2012-07-17 20:21:08 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2012-07-17 20:21:08 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2012-07-17 20:21:08 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2012-07-17 20:21:08 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2012-07-17 20:21:08 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2012-07-17 20:21:05 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-07-17 20:16:44 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-07-10 22:30:52 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 21:19:50 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-05 13:19:00 -------- d-----w- C:\Program Files (x86)\Evernote
.
==================== Find3M ====================
.
2012-07-27 15:15:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 15:15:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 23:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2006-05-03 19:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 07:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 12:39:44.77 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 28 July 2012 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 28 July 2012 - 02:32 PM

Hi nasdaq!

I really appreciate your taking the time to help me out!

A new WinPatrol popup has appeared today (as seen in this screen shot) but it may be unrelated to this problem. Do you know if it's safe to allow?

Also, I'd like to know if I have to do anything with the GMER window before I close it (the program is still open from when I ran it -- I did this mistakenly because I wasn't supposed to with 64-bit systems, sorry).

The two logs are below, and thank you so much :)


[ComboFix log:]

ComboFix 12-07-27.03 - Ja K 07/28/2012 11:49:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2503 [GMT -7:00]
Running from: c:\users\Ja K\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ja K\AppData\Local\{1d110fc1-2ebf-80c7-41ca-c7d16dd58017}
c:\users\Ja K\AppData\Local\{1d110fc1-2ebf-80c7-41ca-c7d16dd58017}\@
c:\users\Ja K\AppData\Local\{1d110fc1-2ebf-80c7-41ca-c7d16dd58017}\n
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome.manifest
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\background.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\browser.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossrider.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossriderapi.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\dialog.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\search_dialog.xul
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\update.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\defaults\preferences\prefs.js
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\install.rdf
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\locale\en-US\translations.dtd
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button1.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button2.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button3.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button4.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button5.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\crossrider_statusbar.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon24.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon48.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\panelarrow-up.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.css
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup_binding.xml
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\skin.css
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\update.css
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Je K\AppData\Roaming\6375db8a
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 18:59 . 2012-07-28 18:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-28 18:59 . 2012-07-28 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 15:15 . 2012-07-27 15:15 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-24 04:32 . 2012-07-24 04:32 -------- d-----w- C:\c81fd924239d2888da
2012-07-17 20:34 . 2012-07-17 20:34 -------- d-----w- c:\windows\Sun
2012-07-17 20:21 . 2009-09-27 16:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2012-07-17 20:21 . 2005-07-14 19:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2012-07-17 20:21 . 2004-02-22 17:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2012-07-17 20:21 . 2004-01-25 07:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2012-07-17 20:21 . 2004-01-25 07:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2012-07-17 20:21 . 2012-07-17 20:21 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-07-17 20:16 . 2012-07-17 20:18 -------- d-----w- c:\program files (x86)\eRightSoft
2012-07-10 22:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-05 13:19 . 2012-07-05 13:19 -------- d-----w- c:\program files (x86)\Evernote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 15:15 . 2012-03-30 19:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 15:15 . 2011-08-14 08:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 22:26 . 2011-11-02 17:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2012-01-15 20:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-21 17:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 17:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 21:57 . 2012-05-14 21:57 485576 ----a-w- c:\users\Je K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-05-04 11:06 . 2012-06-13 02:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 02:13 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 02:13 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 02:13 209920 ----a-w- c:\windows\system32\profsvc.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
.
c:\users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-06-16 51872]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-05-03 16152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [2011-06-24 103040]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [2011-06-24 183424]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [2011-06-24 183424]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 22696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-22 279616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-16 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-16 91296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-06-16 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-06-02 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-06-02 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-07-22 259512]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-06 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-06-16 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-06-16 259744]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-06-16 109216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-06-16 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-06-16 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-06-16 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-06-16 283296]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-06-16 289440]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-07-25 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-06-06 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys [2011-05-03 28440]
S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys [2011-05-03 16152]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-19 471144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-07-24 53176]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:15]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 08:19]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 08:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-03 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-16 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-16 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-25 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-25 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-25 416024]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{22C85E5E-3BE9-7A1A-7239-3E5961F46544} - c:\windows\SysWOW64\remoteppg.dll
HKLM-Run-msplo - c:\users\Ja K\AppData\Roaming\msplo.dll
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1114595451-408832447-3388839214-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1114595451-408832447-3388839214-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1114595451-408832447-3388839214-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*m*.]
@Allowed: (Read) (RestrictedCode)
"0"=hex:50,00,61,00,72,00,74,00,6e,00,65,00,72,00,73,00,20,00,49,00,6e,00,20,
00,43,00,72,00,69,00,6d,00,65,00,20,00,31,00,78,00,30,00,33,00,20,00,2d,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-28 12:05:11
ComboFix-quarantined-files.txt 2012-07-28 19:05
.
Pre-Run: 195,512,983,552 bytes free
Post-Run: 196,725,727,232 bytes free
.
- - End Of File - - 671BBDCAB22F2E38F15BD1BF91ABD6F6


[Checkup log:]

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 29 July 2012 - 07:55 AM

You are looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 6 Update 31


===

Please let me know what problem persists.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#7 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 29 July 2012 - 12:58 PM

Okay, great, I will do that, but first I'd like to know if:

Should I say yes or no to the prompt shown in this screen shot?

And, the two self-supporting programs (as referred to in this screen shot) have been disabled, but they are in WinPatrol's list of startup programs, so should I remove them from that list before I do the things in your most current post?

Thank you :)

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 01 August 2012 - 06:47 AM

Sorry for this long delay.
I had some techincal difficulties. I'm back.

The Google update is good.

===

The second picture, re wspin.dll does not look good unless you know what it it.

Do not remove them. Wait for my next instructions.

#9 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 01 August 2012 - 03:45 PM

Hey, no worries :)

Okay, I'll allow the Google thing.

===

Sorry, I don't know what wspin.dll is, so I'd like to double check before I follow the instructions (you posted here).

Or did you literally mean to do nothing until you post again?

Sorry for being so fussy!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 02 August 2012 - 07:44 AM

Then delete the wspin.dllfile.

If all is well then we are done.

#11 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 02 August 2012 - 02:07 PM

Hi, sorry, but I've gotten a little confused.

Do you mind addressing each question below separately?

1. I do not know what wspin.dll is, and I don't see anything called that in the screen shot I assumed you were talking about.

2. If there is something like this to delete (for example, msplo.dll) do I do it before or after the instructions you gave me in this post?

Thank you :)

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 AM

Posted 03 August 2012 - 07:30 AM

1. I do not know what wspin.dll is, and I don't see anything called that in the screen shot I assumed you were talking about.

Yes I was referring to the screen shot. If the file was not installed then you will not find it.

2. If there is something like this to delete (for example, msplo.dll) do I do it before or after the instructions you gave me in this post?

It does not matter. Just do it when you have time.

#13 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 August 2012 - 11:32 PM

Okay, I allowed the Google Update process (via WinPatrol's pop up window).
I updated Java.
I ran the ComboFix uninstall.

If nothing bad seems to be happening right away, I'll wait for a small while and then check back with a new report a little later, unless you have some further instructions for right now.

Thank you :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users