Solved Trojan.Dropper fake found during SAS scan

learninmypc

learninmypc

Posts: 9,679   +724
Doing my weekly scans, SUPERAntispyware found this
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2013 at 08:39 AM

Application Version : 5.6.1040

Core Rules Database Version : 10865
Trace Rules Database Version: 8677

Scan type : Complete Scan
Total Scan Time : 00:28:25

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 759
Memory threats detected : 0
Registry items scanned : 44070
Registry threats detected : 0
File items scanned : 27002
File threats detected : 2

Adware.Tracking Cookie
accounts.google.com [ C:\USERS\CYBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0DJ6R6O3.DEFAULT\COOKIES.SQLITE ]

Trojan.Dropper/SVCHost-Fake
C:\WINDOWS\TEMP\C2672867-DE39-4905-873D-CA8AF87B4E78\SVCHOST.EXE
Other scans to follow
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.30.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
cyber :: CYBER-PC [administrator]

10/30/2013 8:50:56 AM
mbam-log-2013-10-30 (08-50-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276364
Time elapsed: 49 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by cyber at 9:44:50 on 2013-10-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1008 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\PSIService.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kirotv.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [SmartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [Skytel] Skytel.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{444A2BA2-1EC0-477E-BCC4-3D4D588CF037} : DHCPNameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{9B6666C3-B9D8-4BB9-8F82-6AB42C740BEC} : DHCPNameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{AB22FED1-C4C1-44B5-8AA0-21687A0BB278} : DHCPNameServer = 192.168.1.1 74.40.74.40
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cyber\appdata\roaming\mozilla\firefox\profiles\0dj6r6o3.default\
FF - prefs.js: browser.startup.homepage - www.kirotv.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-26 12:47; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-09-26 13:14; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\cyber\appdata\roaming\mozilla\firefox\profiles\0dj6r6o3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-09-26 13:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\cyber\appdata\roaming\mozilla\firefox\profiles\0dj6r6o3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-26 14:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-09-26 17:34; {37fa1426-b82d-11db-8314-0800200c9a66}; c:\users\cyber\appdata\roaming\mozilla\firefox\profiles\0dj6r6o3.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2013-09-27 10:23; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\cyber\appdata\roaming\mozilla\firefox\profiles\0dj6r6o3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-9-26 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-9-26 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-26 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-26 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-26 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-26 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-26 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-10-1 5087584]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-I visual effects\uCamMonitor.exe [2013-9-26 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2013-9-26 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-18 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-18 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-18 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-18 818688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-9-17 535552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-10-29 14:55:46 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{10173fab-a809-459d-8a16-94ece885e615}\mpengine.dll
2013-10-27 00:36:54 -------- d-----w- c:\program files\Adblock Plus for IE
2013-10-27 00:36:45 -------- d-----w- c:\programdata\Package Cache
2013-10-23 19:38:00 -------- d-----w- c:\program files\ESET
2013-10-22 14:25:41 -------- d-----w- c:\program files\Defraggler
2013-10-22 02:24:33 -------- d-----w- c:\program files\Runtime Software
2013-10-20 22:57:45 -------- d-----w- c:\users\cyber\appdata\roaming\PeerNetworking
2013-10-16 22:40:35 -------- d-----w- c:\users\cyber\appdata\roaming\AVAST Software
2013-10-15 22:05:13 -------- d-----w- c:\program files\SeaMonkey
2013-10-15 16:23:48 -------- d-----w- c:\program files\VS Revo Group
2013-10-15 16:05:25 -------- d-----w- c:\users\cyber\appdata\local\Chromium
2013-10-12 14:20:13 -------- d-----w- c:\users\cyber\appdata\local\Apple Computer
2013-10-12 14:18:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-12 14:16:56 -------- d-----w- c:\users\cyber\appdata\local\Apple
2013-10-12 14:14:00 -------- d-----w- c:\program files\Bonjour
2013-10-08 21:11:11 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-08 21:11:09 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 21:11:05 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-08 21:11:05 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-08 21:11:05 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-08 21:11:05 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-08 21:11:04 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-08 21:11:04 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-08 21:09:24 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-08 21:09:09 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-07 12:56:29 -------- d-----w- c:\windows\Intuit
2013-10-04 13:51:45 -------- d-----w- c:\users\cyber\appdata\roaming\Comodo
2013-10-04 13:51:45 -------- d-----w- c:\users\cyber\appdata\local\Comodo
2013-10-04 13:51:38 -------- d-----w- c:\program files\Comodo
2013-10-03 15:01:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-01 20:21:22 -------- d-----w- c:\program files\MPC-HC
2013-10-01 17:17:12 -------- d-----w- c:\users\cyber\appdata\roaming\TeamViewer
2013-10-01 17:14:58 -------- d-----w- c:\program files\TeamViewer
2013-10-01 16:07:59 652296 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-01 16:07:52 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2013-10-01 16:07:49 416128 ----a-w- c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
.
==================== Find3M ====================
.
2013-10-16 22:35:26 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-16 22:35:25 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-16 22:35:25 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-16 22:35:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-16 22:35:24 43152 ----a-w- c:\windows\avastSS.scr
2013-10-09 13:30:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 13:30:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-27 23:25:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-27 23:25:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-27 23:25:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-27 23:25:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-27 23:25:00 161792 ----a-w- c:\windows\system32\msls31.dll
2013-09-27 23:24:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-09-27 23:24:59 367104 ----a-w- c:\windows\system32\html.iec
2013-09-27 23:24:58 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-09-27 23:24:58 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-27 23:24:58 152064 ----a-w- c:\windows\system32\wextract.exe
2013-09-27 23:24:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-09-27 23:24:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-09-27 23:24:57 11776 ----a-w- c:\windows\system32\mshta.exe
2013-09-27 23:24:57 101888 ----a-w- c:\windows\system32\admparse.dll
2013-09-27 23:24:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-27 23:22:05 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2013-09-27 23:22:04 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-27 23:22:04 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-09-27 23:22:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-27 23:22:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-09-27 23:22:04 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-09-27 23:22:04 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-09-27 23:22:04 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 21:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-08-03 04:22:07 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
============= FINISH: 9:45:27.05 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/26/2013 11:19:56 AM
System Uptime: 10/30/2013 8:42:55 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | N/A | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 57.904 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adblock Plus for IE
Adblock Plus for IE (32-bit)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ArcSoft Magic-I Visual Effects
ArcSoft WebCam Companion 2
avast! Free Antivirus
Belarc Advisor 8.4
Belkin Connect Wireless USB Adapter
CCleaner
Compatibility Pack for the 2007 Office system
Defraggler
ESET Online Scanner v3
FileHippo.com Update Checker
Foxit Reader
Google Earth
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
SeaMonkey 2.22 (x86 en-US)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Setting Utility Series
SmartWi Connection Utility
Sony Video Shared Library
SpywareBlaster 5.0
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeamViewer 8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VAIO Control Center
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO My Memory Center
VAIO Original Function Setting
VAIO Power Management
VAIO Startup Assistant
VAIO Wallpaper Contents
VAIO Wireless Wizard
VLC media player 2.1.0
WIDCOMM Bluetooth Software 6.1.0.2200
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : cyber [Admin rights]
Mode : Remove -- Date : 10/30/2013 16:49:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36BB7266)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36BB7266)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36BB7266)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1246GSX ATA Device +++++
--- User ---
[MBR] 7a3599de38c6a88dcd4d31fca41aed4b
[BSP] b21b56746381b798b3a02139c0b64481 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7957 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16297984 | Size: 106514 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10302013_164930.txt >>
RKreport[0]_S_10302013_164913.txt
 
It looks like Superantispyware took care of everything.
Nothing malicious there.

Good luck :)
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
Fatman1515
Solved Trojan.fakems.ed
2
Replies
33
Views
7K
Broni
Broni
KnightCat
  • Locked
Inactive-A Had white screen freeze and found related post. Would like to try to clean.
2
Replies
28
Views
14K
Broni
Broni

Latest posts

Back