Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible RAT or Infection on my Laptop


  • This topic is locked This topic is locked
11 replies to this topic

#1 Without_A_Monitor

Without_A_Monitor

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 26 March 2014 - 02:17 PM

(Edit: After much research, I do not think that my laptop has been harmed; however, if some bleeping expert would be so kind as to verify, I'd be much obliged.)

 

A many thanks to whomever will be helping me with this. I don't know if I have a RAT or some other intruder/infection. I am suspicious that my computer is not functioning properly and perhaps has been attacked after visiting an unsafe website yesterday such as omegle. I know that I shouldn't have done so. I did not download or send anything. I attempted to view some other threads on similar situations that involved using netstat in the command window; however, I do not know what I am doing besides following the steps listed. Meaning, I do not know how to determine if the information is clean and fine or if there are hijackers/intruders on my laptop. I am attempting to find out if I have a RAT, hijacker, etc. I am sincerely appreciative for your help at bleepingcomputer.

 

 

I have a dds log and the attach log as well as an rkill log. I have run a scan with MBAM 2.0, but did not find anything.

 

(Edit: I have also scanned with AdwCleaner, JRT, ESET and MBAR. AdwCleaner, JRT and MBAR scanned without finding problems, but ESET found two instances of "Win32/Bundled.Toolbar.Google.D potentially unsafe application" from an installation setup from Recuva and Speccy. The system-log.txt for MBAR was too big of a file to be added as an attachment. Please just let me know if I should post it in my next reply.)

 

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/26/2014 02:15:39 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\RtkAudioService.exe (PID: 1440) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/26/2014 02:17:19 PM
Execution time: 0 hours(s), 1 minute(s), and 39 seconds(s)
 

 

 

 

 

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by El Diego at 14:58:38 on 2014-03-26
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.2093 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IJNetworkScannerSelectorEX] "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Exploit] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03C25B0F-131B-42A2-A571-E9CB34374AFD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{670074EA-CE4D-4E4E-A712-4D39ECDF5F74} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
Notify: igfxcui - <no file>
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\
FF - prefs.js: browser.search.selectedEngine - Firefox Add-ons
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2010-02-28 22:46; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-24 55024]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-12 62168]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-1-3 92120]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-1-3 1862480]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-12 319288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-7 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-24 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-24 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-10-31 407392]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-2-24 19968]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-10-30 36392]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-5-31 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-24 63192]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2008-10-30 11392]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-4-28 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-4-28 67656]
S2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-10-30 134656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-10-30 300032]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-19 89920]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-4-28 12872]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2010-2-24 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2010-2-24 353568]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2010-2-24 62752]
S3 tizeqdrv;tizeqdrv;C:\Users\El Diego\AppData\Roaming\TZAC2\tizeq64.sys [2012-7-17 171704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-8-20 14544]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-10-30 391680]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-26 18:33:01    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-26 06:16:20    202008    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-03-26 05:06:14    202008    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-26 00:12:28    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 19:27:21    92120    ----a-w-    C:\Windows\System32\drivers\hmpalert.sys
2014-03-25 19:27:21    540160    ----a-w-    C:\Windows\System32\hmpalert.dll
2014-03-25 19:27:21    472400    ----a-w-    C:\Windows\SysWow64\hmpalert.dll
2014-03-20 04:53:21    27924    ----a-w-    C:\Windows\SysWow64\drivers\MxlW2k.sys
2014-03-12 20:26:24    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 20:26:24    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 20:26:09    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-12 19:15:02    90015360    ----a-w-    C:\Windows\System32\mrt.exe
2014-03-11 13:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-05 13:26:14    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-03-05 13:26:04    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-23 07:12:29    17847808    ----a-w-    C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45    10926592    ----a-w-    C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43    1347072    ----a-w-    C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 06:46:42    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20    237056    ----a-w-    C:\Windows\System32\url.dll
2014-02-23 06:46:08    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-02-23 06:45:27    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-02-23 05:50:22    12347904    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03    1105408    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-25 05:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2000-11-15 21:34:06    53248    ----a-w-    C:\Program Files (x86)\ASCIIStudio.exe
.
============= FINISH: 15:00:20.50 ===============
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Attached Files


Edited by Without_A_Monitor, 27 March 2014 - 03:17 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:37 PM

Posted 01 April 2014 - 06:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528886 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 01 April 2014 - 02:52 PM

So, I've been attempting to research the problem while I've been waiting for help. I've been using TCPView and Process Explorer amongst other tools/programs. I'm just trying to find out if there is a hacker/RAT accessing my laptop and/or I have any (severe infections.) My "knowledge" on a situation like this is (very) limited. Thus, I think it would be wise for me to seek the advice me of a bleeping expert. For whoever helps me, thank you very much. I do not have my original windows CD/DVD.

 

 

 

 

 

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by El Diego at 15:43:43 on 2014-04-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.2029 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IJNetworkScannerSelectorEX] "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Exploit] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03C25B0F-131B-42A2-A571-E9CB34374AFD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{670074EA-CE4D-4E4E-A712-4D39ECDF5F74} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
Notify: igfxcui - <no file>
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\
FF - prefs.js: browser.search.selectedEngine - Firefox Add-ons
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2010-02-28 22:46; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-24 55024]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-12 62168]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-1-3 92120]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-1-3 1862480]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-12 319288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-7 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-10-30 134656]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-24 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-24 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-10-31 407392]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-2-24 19968]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-10-30 36392]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-5-31 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-24 63192]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2008-10-30 11392]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-4-28 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-4-28 67656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-10-30 300032]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-19 89920]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-4-28 12872]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2010-2-24 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2010-2-24 353568]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2010-2-24 62752]
S3 tizeqdrv;tizeqdrv;C:\Users\El Diego\AppData\Roaming\TZAC2\tizeq64.sys [2012-7-17 171704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-8-20 14544]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-10-30 391680]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-04-01 19:38:25    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-01 04:49:44    202008    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-04-01 04:49:44    202008    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-01 02:07:39    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-31 19:42:26    27924    ----a-w-    C:\Windows\SysWow64\drivers\MxlW2k.sys
2014-03-25 19:27:21    92120    ----a-w-    C:\Windows\System32\drivers\hmpalert.sys
2014-03-25 19:27:21    540160    ----a-w-    C:\Windows\System32\hmpalert.dll
2014-03-25 19:27:21    472400    ----a-w-    C:\Windows\SysWow64\hmpalert.dll
2014-03-12 20:26:24    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 20:26:24    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 20:26:09    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-12 19:15:02    90015360    ----a-w-    C:\Windows\System32\mrt.exe
2014-03-11 13:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-05 13:26:14    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-03-05 13:26:04    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-23 07:12:29    17847808    ----a-w-    C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45    10926592    ----a-w-    C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43    1347072    ----a-w-    C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 06:46:42    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20    237056    ----a-w-    C:\Windows\System32\url.dll
2014-02-23 06:46:08    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-02-23 06:45:27    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-02-23 05:50:22    12347904    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03    1105408    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-25 05:19:42    268512    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2000-11-15 21:34:06    53248    ----a-w-    C:\Program Files (x86)\ASCIIStudio.exe
.
============= FINISH: 15:45:15.37 ===============
 

Attached Files


Edited by Without_A_Monitor, 01 April 2014 - 04:08 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:37 AM

Posted 03 April 2014 - 01:40 PM

Hi,

 

Logs look ok. However, I recommend to avoid using P2P programs like BitTorrent and FrostWire. Downloads from P2P networks may be malicious putting the system under a risk.


Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 03 April 2014 - 02:35 PM

Blade, thank you very much for the reply and helpful info. So, it is able to be determined if I have a hacker (or infection) or not based off of the logs that I provided? In other words, there is no need to employ another program/tool such as MiniToolBox for example?



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:37 AM

Posted 04 April 2014 - 11:39 AM

Hi,

 

Logs don't show signs of infections. According to those system is ok :)


Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 05 April 2014 - 02:50 PM

So, from those logs, it can be determined that my system is ok? If so, much obliged for your kind expertise, Blade. I appreciate it.



#8 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 06 April 2014 - 04:45 AM

Blade, I recently ran the free HItmanPro scan and found an entry of "ads.pubmatic.com" as a tracking cookie. My other protection programs did not find it. I seemingly cannot delete it. Would you please recommend to me what I should do and if this is something serious or not?



#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:37 AM

Posted 06 April 2014 - 07:20 AM

Hi,

 

Tracking cookies are not serious. No need to worry about that finding :)


Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:05:37 PM

Posted 06 April 2014 - 02:51 PM

Thank you for the reassurance and help. I thought that was the case, but I just thought that I'd ask you considering Hitman Pro (free scan) could not delete it. I appreciate it.



#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:37 AM

Posted 06 April 2014 - 11:24 PM

You're welcome :)


Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:37 AM

Posted 12 April 2014 - 08:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users