Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winpatrol keeps asking about something suspicious...should I be worried?


  • This topic is locked This topic is locked
10 replies to this topic

#1 PersonaUser314

PersonaUser314

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 18 February 2014 - 05:20 AM

I've had the program WinPatrol for quite a while now, as a safety measure in case something tries to run itself on my computer without my knowledge. Since last night though, I've been getting a rather odd alert from the program, which basically starts out normally, telling me that a new auto startup program has been detected and asking if I want to allow it to run when I login to or restart my computer.

 

The wierd part comes when the program that Winpatrol has detected has no icon, no company name, no discription, nothing to tell me what it is. Assumng it was something bad, I told Winpatrol not to allow it to do anything. However, five minutes later, I got the same alert about the same program, and no matter how many times I tell Winpatrol to not let it run on startup, the alert comes back 5 minutes later.

 

I ran a full scan on a recently updated Malwarebytes, which detected no malicious items at all, so I'm at a bit of a loss as to what to do. Should I allow this program to run? It still seems pretty suspicious to me, but Winpatrol asking me what to do with it every 5 minutes is driving me crazy.

 

(also, I took a quick screenshot of the alert as it appears, so people can get a better idea of what I mean when I say the program has no icon, e.t.c.)

ncksq0.png


Edited by PersonaUser314, 18 February 2014 - 05:21 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 18 February 2014 - 04:47 PM

Hello -

Can we please check a few things first to find some more information.

Download all of these to Desktop and not to any other folder.

Please Copy and Paste all of the logs produced back to here.

Try to run the programs in the order that they are listed.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop to run it.

Close any Firefox browser that may be open.
Checkmark following boxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the result. (result.txt)

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At most the tool will run for about 2 minutes

Please post the log back here

 

Important: Do not reboot your computer until you complete the next program.

 

Next -

* Please download AdwCleaner by Xplode and save to your Desktop.

* Close all other programs as your computer will be Automatically rebooted at the end.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Now :Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

No log is produced or expected.



#3 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 18 February 2014 - 07:36 PM

Thanks for the reply. Here are the logs you asked for:

 

Security Check

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java™ 6 Update 38  
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.44  
 Adobe Reader XI  
 Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Lauren (administrator) on 19-02-2014 at 00:13:29
Running from "C:\Users\Lauren\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015

Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015

Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004


System errors:
=============
Error: (02/18/2014 10:33:09 AM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (02/18/2014 10:33:09 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (02/18/2014 10:33:09 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (02/18/2014 10:31:48 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/18/2014 10:31:48 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/18/2014 10:31:47 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/18/2014 10:31:39 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2014 10:31:27 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
MpFilter
RapportKELL
spldr
Wanarpv6

Error: (02/18/2014 10:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%31

Error: (02/18/2014 10:31:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015

Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015

Error: (02/18/2014 00:43:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (02/18/2014 00:43:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (02/18/2014 00:43:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2014 00:43:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004


CodeIntegrity Errors:
===================================
  Date: 2012-01-20 18:36:37.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:36:37.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:36:37.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:36:30.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:36:30.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:36:30.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:35:59.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:35:59.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:35:59.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-20 18:35:15.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

????????????? for PlayStation® (Version: 3.00.7187.47)
7-Zip 4.65
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Akamai NetSession Interface Service
Alon Audio Extractor 3.0
Amazon MP3 Downloader 1.0.9
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Audiosurf
Avidemux 2.5 (32-bit) (Version: 2.5.6.7716)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
Comical 0.8
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Consolas Font Family (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
ESET Online Scanner v3
GameMaker-Studio 1.2
GIMP 2.8.0 (Version: 2.8.0)
Google Update Helper (Version: 1.3.22.5)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
IsoBuster 2.8.5 (Version: 2.8.5)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 38 (Version: 6.0.380)
JavaFX 2.1.1 (Version: 2.1.1)
Katawa Shoujo
K-Lite Mega Codec Pack 7.7.0 (Version: 7.7.0)
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.287.1)
MELTY BLOOD Act Cadenza Ver.B WindowsӁ
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
mkv2vob (Version: 2.4.9)
Mozilla Firefox 27.0.1 (x86 en-GB) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Origin (Version: 8.5.0.4550)
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.74.80.86)
Rapport (Version: 3.5.1304.46)
RPG MAKER VX Ace RTP (Version: 1.00)
RPS CRT (Version: 9.0.34)
SEGA Genesis & Mega Drive Classics
Skype™ 6.11 (Version: 6.11.102)
Steam (Version: 1.0.0.0)
StepMania 3.9a (remove only)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.5.1.0)
Terraria
Trusteer Endpoint Protection (Version: 3.5.1304.46)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VoiceOver Kit (Version: 1.42.128.0)
Vuze (Version: 4.7)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinPatrol (Version: 24.6.2012)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
yWriter5

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3317.18 MB
Available physical RAM: 2352.54 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 5500.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.72 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:100.91 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:14.03 GB) NTFS
3 Drive e: (FIREFLY_DISC2) (CDROM) (Total:6.89 GB) (Free:0 GB) UDF
7 Drive j: (MBACverB) (CDROM) (Total:2.36 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\LAUREN-PC

Administrator            Guest                    Lauren                   


**** End of log ****
 

 

RKill

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/19/2014 12:15:00 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/19/2014 12:15:47 AM
Execution time: 0 hours(s), 0 minute(s), and 46 seconds(s)
 

 

AdwCleaner

 

# AdwCleaner v3.019 - Report created 19/02/2014 at 00:17:47
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Lauren - LAUREN-PC
# Running from : C:\Users\Lauren\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\Vuze
Folder Found C:\ProgramData\Ask

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sony-vegas-video_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2231 octets] - [19/02/2014 00:17:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2291 octets] ##########
 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:36 PM

Posted 18 February 2014 - 08:12 PM

FYI if you don't find malware.

Repeating Alerts Driving You Crazy?

Frequently, unwanted programs come with partners or in groups which are designed to protect and reactivate each other. Even if you tell Scotty to remove and kill a Startup Program, another partner program may replace the registry entry corrected by WinPatrol. Most of these programs aren't extremely dangerous and make money by redirecting your web search results. To keep their income flowing most of their technology is used prevent removal.

WinPatrol will warn you again which could drive you crazy. If WinPatrol detects the same program repeating itself, Scotty will try and automatically set this program to "Disable" status so it doesn't continue to annoy you. Look at our list of Startup Programs and instead of using Remove, try selecting and click Disable. This should at least stop the annoying messages.

Dealing with Repeating Alerts - WinPatrol
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 18 February 2014 - 08:31 PM

Hi -

When you get this message again go > Start Orb > All Programs and search for Startup folder.

Click on this folder and see what programs want to start

 

This is very odd unless a program is usually mentioned.

 

A last check for any Malware , please try this ESET Online Scanner

 

Run ESETOnlineScanner

Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on setsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on the new icon in your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check Scan Archives and Remove Found Threats
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.



#6 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 19 February 2014 - 03:36 AM

@quietman7: I actually saw that page last night, but the thing is, despite WinPatrol disabling the program, the alert would still pop up again 5 minutes later.

 

I checked the Startup folder, the two things listed were the program that handles my PSVita when it's connected via USB to my computer, and something called nurago- TrayIcon.

 

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir    Win32/Somoto.F potentially unwanted application    deleted - quarantined
C:\Users\Lauren\Documents\Downloads\Integrated_BrotherSoft_TB.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
 



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 19 February 2014 - 05:04 AM

Delete  Java™ 6 Update 38  from Programs and Features, and only keep the 7 Update51

 

These are related versions of Win32: Somoto
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)
These are related crapware / adware, and AdwCleaner / Malwarebytes should clear these.

Just Update your Malwarebytes Anti-Malware and run a Full Scan again.

 

"nurago" Web Meter serves to research the usage of certain online offers.
Basically it is a spyware program that is being activated each time you activate or search for anything.

I think this is the program that activates Win-Patrols 'Scotty Dog'.

 

Try to find nurago and delete the program, since ESET did not find it.

If you are not able to find it please tell me and I will look for a program to find it



#8 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 19 February 2014 - 08:11 AM

Deleted the old Java and ran another Malwarebytes after an update, nothing was detected.

 

I checked the Uninstall/change program things in Programs and features, but couldn't see nurago. The thing in the startup is apparently a shotrcut, and I don't know how to find the main thing.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:36 AM

Posted 19 February 2014 - 04:46 PM

Please follow the instructions in THIS PREP GUIDE starting at Step #6.

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs. area -

 

They can use other tools to find the program that I can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts fix your problem.

 

Please title your new topic around nurago - Tray Icon problem -



#10 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 20 February 2014 - 11:44 AM

Just made the post in the required forum, named it nurago - TrayIcon problem for the sake of ease.

 

Thanks very much for all your help with resolving this issue, it's extremely appreciated^^



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:36 PM

Posted 20 February 2014 - 12:58 PM

Your log(s) is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users