Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple java trojans / "cryp" exploits [Solved]


  • This topic is locked This topic is locked

#1
blues71

blues71

    Member

  • Member
  • PipPip
  • 57 posts
A full scan with Avast identified two threats on my 64-bit Windows 7 PC: Cybota (trojan) and Malob-IG (cryp). Avast moved them to its "chest." A boot-time scan found several more, all in java directories, and malwarebytes found and quarantined something else called PUP.BundleInstaller.Somoto. Help me clean up this mess?

thanks

Edited by blues71, 16 May 2012 - 05:11 PM.

  • 0

Advertisements


#2
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

First we need to make all files and folders VISIBLE:

  • Go to start>control panel>folder options>view
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with OK
---------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it
----------

In your next reply please post the logs made by DDS and aswMBR. :)
  • 0

#3
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thanks, I've followed your instructions and include the logs below. I already uninstalled Java, moved the \Local\Sun folder to \Local\SunX, then installed the newest version of Java. Here are the logs:



DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Smash at 16:03:30 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1507 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\Smash\AppData\Local\Akamai\netsession_win.exe
C:\Users\Smash\AppData\Local\Akamai\netsession_win.exe
C:\Users\Smash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Akamai NetSession Interface] "C:\Users\Smash\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "C:\Users\Smash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun: [PCTD Service Activation] "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{8B8DA989-FDFB-41C7-BB78-976F220F8519} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547} : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547}\2416E6B63797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547}\25F626024457E63616E6723702E4564777F627B6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547}\3416665602F6E602133747 : DhcpNameServer = 68.87.85.98 68.87.69.146 192.168.1.1
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547}\353475446564 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C9223372-2268-4123-9BCD-5BEE223CA547}\4577F634275656B6 : DhcpNameServer = 192.168.0.1 205.171.3.25
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun-x64: [PCTD Service Activation] "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\hnrhhf6e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Smash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-5-16 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-5-16 3065120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-30 13336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-4-17 931640]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-9 259192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-30 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-9-30 584080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-30 923024]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-9 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/06 00:21:23;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-6-24 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-5-16 63880]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 655088]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-05-16 23:38:59 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-05-16 15:32:13 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E130CBDC-2C78-4F8D-B42B-82716D70799F}\mpengine.dll
2012-05-16 01:36:59 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-16 01:36:42 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-11 17:53:32 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 17:53:32 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 17:53:29 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 17:53:27 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 17:53:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:53:26 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 17:53:08 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 17:52:59 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 17:52:56 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 17:52:56 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:52:55 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:52:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 17:52:55 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-04 18:54:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 18:54:41 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 18:54:41 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-05 17:07:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:07:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-17 07:24:00 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-04-06 06:20:54 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-04-06 06:20:53 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-05 00:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 21:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-11 21:13:41 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 21:13:40 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 21:13:38 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 21:13:20 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 21:13:17 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:04:27.62 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/30/2011 8:12:07 PM
System Uptime: 5/15/2012 4:13:38 PM (48 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | N/A | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 272.063 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Device ID: USB\VID_8086&PID_0186\6&7C0D90D&0&2
Manufacturer:
Name: Intel® Centrino® Advanced-N + WiMAX 6250
PNP Device ID: USB\VID_8086&PID_0186\6&7C0D90D&0&2
Service:
.
==== System Restore Points ===================
.
RP136: 5/7/2012 8:38:30 PM - Scheduled Checkpoint
RP137: 5/11/2012 12:03:18 PM - Windows Update
RP138: 5/15/2012 1:11:59 PM - Windows Update
RP139: 5/15/2012 5:13:30 PM - Removed Java™ 6 Update 27 (64-bit)
RP140: 5/15/2012 5:14:57 PM - Removed Java™ 6 Update 27
RP141: 5/15/2012 7:36:03 PM - Installed Java™ 7 Update 4
RP142: 5/15/2012 7:36:46 PM - Installed JavaFX 2.1.0
RP143: 5/16/2012 1:34:48 AM - Windows Update
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 4
Audacity 1.2.6
avast! Free Antivirus
Best Buy pc app
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Celtx (2.9.1)
ClassicPro© v1.15
CyberLink PowerDVD
Emsisoft Anti-Malware
Express Scribe
FeedDemon
Free YouTube Downloader 3.3.120
Freemake Video Converter version 3.0.1
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
HammerHead Rhythm Station
Image Components - Image Editor Free Editon
Inkscape 0.48.2
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Processor ID Utility
Intel® Rapid Storage Technology
IPublish Vista Fix
IrfanView (remove only)
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MozBackup 1.5.1
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
OOBE
OpenOffice.org 3.3
PCTDServiceActivation
PDF to Text
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PX Profile Update
QuickTime
Rapport
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Spotify
SQLite Studio 1.0.0.0
swMSM
System Requirements Lab for Intel
TrueCrypt
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Wireless Wizard
Veetle TV
VESx86
VLC media player 2.0.1
VoiceOver Kit
vShare.tv plugin 1.3
VU5x86
Winamp
Windows Live Mesh ActiveX Control for Remote Connections
.
==== Event Viewer Messages From Past Week ========
.
5/15/2012 5:03:30 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
5/15/2012 3:46:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/14/2012 8:57:05 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DEVICE-EDF389 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C9223372-2268-4123-9BCD-5BEE223CA547}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 16:08:32
-----------------------------
16:08:32.606 OS Version: Windows x64 6.1.7601 Service Pack 1
16:08:32.606 Number of processors: 4 586 0x2A07
16:08:32.607 ComputerName: SIDEKICK UserName: Smash
16:08:36.580 Initialize success
16:08:37.075 AVAST engine defs: 12051701
16:08:44.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:08:44.998 Disk 0 Vendor: ST950056 SD24 Size: 476940MB BusType: 3
16:08:45.021 Disk 0 MBR read successfully
16:08:45.028 Disk 0 MBR scan
16:08:45.036 Disk 0 Windows 7 default MBR code
16:08:45.043 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11177 MB offset 2048
16:08:45.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22892544
16:08:45.062 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465661 MB offset 23097344
16:08:45.076 Disk 0 scanning C:\Windows\system32\drivers
16:08:49.802 Service scanning
16:09:00.460 Modules scanning
16:09:00.477 Disk 0 trace - called modules:
16:09:00.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:09:00.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c1f060]
16:09:00.848 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004db6490]
16:09:00.860 5 ACPI.sys[fffff88000f057a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004db9050]
16:09:02.331 AVAST engine scan C:\Windows
16:09:04.084 AVAST engine scan C:\Windows\system32
16:11:16.791 AVAST engine scan C:\Windows\system32\drivers
16:11:23.983 AVAST engine scan C:\Users\Smash
16:17:19.220 Disk 0 MBR has been saved successfully to "C:\Users\Smash\Desktop\MBR.dat"
16:17:19.228 The log file has been saved successfully to "C:\Users\Smash\Desktop\aswMBR.txt"
  • 0

#4
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Are you aware that your system is set up to use a proxy server?
  • 0

#5
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
No! That sounds bad.
  • 0

#6
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Ok...thanks for letting me know. We will get that fixed up. :)

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#7
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here you go:


ComboFix 12-05-17.05 - Smash 05/17/2012 18:12:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1610 [GMT -6:00]
Running from: c:\users\Smash\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Smash\AppData\Local\TempDIR
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 00:21 . 2012-05-18 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 23:38 . 2012-05-17 22:38 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-05-16 15:32 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E130CBDC-2C78-4F8D-B42B-82716D70799F}\mpengine.dll
2012-05-16 07:35 . 2012-05-16 07:35 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 07:35 . 2012-05-16 07:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-16 01:36 . 2012-04-05 00:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-11 17:53 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 17:53 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 17:53 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 17:53 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:53 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:53 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:53 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 17:52 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:52 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:52 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:52 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:52 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-04 18:54 . 2012-05-04 18:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 18:54 . 2012-05-04 18:54 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 18:54 . 2012-05-04 18:54 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:07 . 2012-04-15 00:06 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:07 . 2011-10-06 05:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 07:24 . 2011-10-03 21:22 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-06 06:20 . 2011-10-01 02:16 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-04-06 06:20 . 2011-10-01 02:16 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-05 00:47 . 2011-10-01 01:56 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 21:56 . 2011-10-02 05:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 21:13 . 2011-06-30 15:38 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-06-30 15:38 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-06-30 15:38 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-26 01:29 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-06-30 15:37 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-06-30 15:37 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-06 23:15 . 2011-10-02 04:46 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-02 04:46 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-02 04:47 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-02 04:47 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-02 04:47 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-24 21:14 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-10-02 04:47 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-02 04:47 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-02 04:47 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 18:27 . 2012-03-06 18:27 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-13 18:25 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 18:25 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 18:25 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 18:25 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 18:25 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 18:25 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 18:25 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 18:27 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 18:27 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 18:27 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 18:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 18:27 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 18:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 18:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 18:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 16:18 . 2011-10-02 05:34 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Smash\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Spotify Web Helper"="c:\users\Smash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-10 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-01-19 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
"PCTD Service Activation"="c:\program files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" [2010-12-02 28597760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/06 00:21;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device; [x]
R3 iwdbus;IWD Bus Enumerator; [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-04-17 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-04-17 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-20 3065120]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-04-17 931640]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A2DDA
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:08]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 417304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{8B8DA989-FDFB-41C7-BB78-976F220F8519}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\hnrhhf6e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 18:25:03
ComboFix-quarantined-files.txt 2012-05-18 00:24
.
Pre-Run: 290,098,491,392 bytes free
Post-Run: 290,053,791,744 bytes free
.
- - End Of File - - 004FBBEF2049AAD62AACB00D107D103D
  • 0

#8
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I should also mention that I uninstalled Java today. I was experiencing a strange behavior with Firefox opening blank Java windows. It seemed safer that way.
  • 0

#9
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

I notice that you have both Avast and Comodo Internet Security running on your system. Are you running the antivirus program on Comodo along with Avast?
------------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    ClearJavaCache::
    
    DDS::
    uStart Page = hxxp://sony.msn.com
    uDefault_Page_URL = hxxp://sony.msn.com
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
  • 0

#10
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I use Comodo's firewall and Avast as antivirus. Windows Defender is also running for anti-spyware?

Here's the log:


ComboFix 12-05-17.05 - Smash 05/17/2012 18:52:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1830 [GMT -6:00]
Running from: c:\users\Smash\Desktop\ComboFix.exe
Command switches used :: c:\users\Smash\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 00:59 . 2012-05-18 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 23:38 . 2012-05-17 22:38 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-05-16 15:32 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E130CBDC-2C78-4F8D-B42B-82716D70799F}\mpengine.dll
2012-05-16 07:35 . 2012-05-16 07:35 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 07:35 . 2012-05-16 07:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-16 01:36 . 2012-04-05 00:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-11 17:53 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 17:53 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 17:53 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 17:53 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:53 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:53 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:53 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 17:52 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:52 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:52 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:52 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:52 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-04 18:54 . 2012-05-04 18:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 18:54 . 2012-05-04 18:54 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 18:54 . 2012-05-04 18:54 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:07 . 2012-04-15 00:06 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:07 . 2011-10-06 05:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 07:24 . 2011-10-03 21:22 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-06 06:20 . 2011-10-01 02:16 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-04-06 06:20 . 2011-10-01 02:16 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-05 00:47 . 2011-10-01 01:56 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 21:56 . 2011-10-02 05:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 21:13 . 2011-06-30 15:38 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-06-30 15:38 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-06-30 15:38 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-26 01:29 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-06-30 15:37 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-06-30 15:37 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-06 23:15 . 2011-10-02 04:46 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-02 04:46 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-02 04:47 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-02 04:47 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-02 04:47 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-24 21:14 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-10-02 04:47 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-02 04:47 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-02 04:47 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 18:27 . 2012-03-06 18:27 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-13 18:25 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 18:25 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 18:25 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 18:25 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 18:25 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 18:25 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 18:25 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 18:27 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 18:27 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 18:27 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 18:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 18:27 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 18:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 18:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 18:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 16:18 . 2011-10-02 05:34 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-18_00.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-07 01:38 . 2012-05-18 00:47 271704 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-05-18 00:51 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 21:50 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-18 00:51 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-17 21:50 106756 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Smash\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Spotify Web Helper"="c:\users\Smash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-10 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-01-19 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
"PCTD Service Activation"="c:\program files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" [2010-12-02 28597760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/06 00:21;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device; [x]
R3 iwdbus;IWD Bus Enumerator; [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-04-17 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-04-17 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-20 3065120]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-04-17 931640]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A2DDA
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:08]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 417304]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{8B8DA989-FDFB-41C7-BB78-976F220F8519}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Smash\AppData\Roaming\Mozilla\Firefox\Profiles\hnrhhf6e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 19:01:41
ComboFix-quarantined-files.txt 2012-05-18 01:01
ComboFix2.txt 2012-05-18 00:25
.
Pre-Run: 290,101,452,800 bytes free
Post-Run: 290,046,873,600 bytes free
.
- - End Of File - - 35A96A35163EE287CF57DE7DB77465A4
  • 0

Advertisements


#11
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Ok I just wanted to make sure you were not using two antivirus programs at once. :)
---------

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
  • 0

#12
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Done and done. Here are the logs:

MalwareBytes:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Smash :: SIDEKICK [administrator]

5/18/2012 9:42:42 AM
mbam-log-2012-05-18 (09-42-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203183
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#13
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

How is your system running?
  • 0

#14
blues71

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Seems fine. Only problem is occasional "catching"--where I type something and it doesn't register for a second or two, then comes in a spurt. Also some buffer underruns on winamp, which was what spurred me to scan my system in the first place.

I have not yet re-installed Java but am about to do so.

Thanks
  • 0

#15
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Ok...let me know how things are running after getting Java installed. :) The malware logs look clean though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP