Trojan.Vilsel [Archive] - Safer-Networking Forums

ascom2010

2013-03-22, 01:41

Hello, I ran a full scan using Malwarebytes earlier and Trojan.Vilsel was found. Ran Spybot afterwards, but nothing was detected there. Thanks in advance:

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_35
Run by owner at 19:44:08 on 2013-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1894 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VDAU.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\PROGRA~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" /background
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\0484F6D65633835483 : DHCPNameServer = 192.168.2.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}\D416E6E6168616474716 : DHCPNameServer = 192.168.1.1
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\h80w67sq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-14 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1109000.00C\symds64.sys [2011-11-27 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1109000.00C\symefa64.sys [2011-11-27 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NAVx64\1109000.00C\cchpx64.sys [2011-11-27 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20130321.001\IDSviA64.sys [2013-3-21 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1109000.00C\ironx64.sys [2011-11-27 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1109000.00C\symtdiv.sys [2011-11-27 451704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-25 13336]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-11-27 126400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-12-25 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-12-25 75776]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-14 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-1-14 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-1-14 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-1-14 427304]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-1-14 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-1-14 91432]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-1-14 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-25 2320920]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-1-14 480624]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-1-14 361840]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-1-14 19968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-25 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-25 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-12-25 244736]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-12-25 11392]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-14 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-12 1286784]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-12-25 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-25 52264]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-1-14 167424]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-1-14 110960]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-29 1255736]
.
=============== Created Last 30 ================
.
2013-03-21 16:17:19 -------- d-----w- C:\Users\owner\AppData\Local\{4533164E-1078-45CC-B0EC-494A0294124D}
2013-03-20 21:11:13 -------- d-----w- C:\Windows\System32\SPReview
2013-03-20 21:08:57 -------- d-----w- C:\Windows\System32\EventProviders
2013-03-20 15:54:56 -------- d-----w- C:\Users\owner\AppData\Local\{E25DEE3D-3564-4146-8A2A-8DAD28913125}
2013-03-18 18:34:58 -------- d-----w- C:\Users\owner\AppData\Local\{CCD09158-668C-4603-BC43-4F83586F794E}
2013-03-17 20:58:21 -------- d-----w- C:\Users\owner\AppData\Local\{B00CE742-037B-4E05-838A-98F39F77935A}
2013-03-17 15:14:37 -------- d-----w- C:\Users\owner\AppData\Local\{5757ACE6-C649-48D8-B41E-E3FA3599BF78}
2013-03-16 19:52:37 -------- d-----w- C:\Users\owner\AppData\Local\{9168270F-3ECE-41CE-B440-31E14F23C7DE}
2013-03-16 13:53:16 -------- d-----w- C:\Users\owner\AppData\Local\{13A93B1C-1F6F-4CA3-AEDD-4E7D8D40240C}
2013-03-15 22:45:06 -------- d-----w- C:\Users\owner\AppData\Local\{EC521012-359E-4FBB-8F62-363F9AF9119D}
2013-03-14 19:38:14 -------- d-----w- C:\Users\owner\AppData\Local\{31FB2967-13D1-4F90-962F-119015A3F682}
2013-03-14 13:31:55 -------- d-----w- C:\Users\owner\AppData\Local\{C7E05849-E5BB-4FCE-A723-E0926FE454A7}
2013-03-13 16:25:07 -------- d-----w- C:\Users\owner\AppData\Local\{4B19F468-FFFE-43C8-8324-305C83F6F48F}
2013-03-13 14:05:03 -------- d-----w- C:\Users\owner\AppData\Local\{4C0E6D72-1DD0-4DE4-85F6-9CAC96F2F492}
2013-03-13 03:21:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-13 03:21:59 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-13 03:21:08 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-12 22:57:25 -------- d-----w- C:\Users\owner\AppData\Local\{3981E7AB-B797-48BB-A818-A6E5F7EBA1E6}
2013-03-11 23:48:05 -------- d-----w- C:\Users\owner\AppData\Local\{8E03499C-C177-48FA-9A65-73889D0054DC}
2013-03-11 14:09:18 -------- d-----w- C:\Users\owner\AppData\Local\{9B92F628-1396-460D-AF04-DD552FBA19A1}
2013-03-11 00:01:57 -------- d-----w- C:\Users\owner\AppData\Local\{8071759E-27B4-46CB-82A7-CD2392696C76}
2013-03-10 22:13:41 -------- d-----w- C:\Users\owner\AppData\Local\{C3640C3F-429E-4DD7-B0AE-A0D8C4D8AA72}
2013-03-10 04:18:47 -------- d-----w- C:\Users\owner\AppData\Local\{7237026E-5B6B-452C-ADA3-0F18A514B93F}
2013-03-09 14:39:41 -------- d-----w- C:\Users\owner\AppData\Local\{2C689420-9013-4965-AF13-9CE4C5F25B58}
2013-03-07 16:59:02 -------- d-----w- C:\Users\owner\AppData\Local\{33ACA7FE-7042-4086-BFFB-703563443B0D}
2013-03-06 17:39:24 -------- d-----w- C:\Users\owner\AppData\Local\{5B134931-2A5E-4BB7-A85A-F116CF166769}
2013-03-06 00:22:08 -------- d-----w- C:\Users\owner\AppData\Local\{D41E911F-ADAA-45B5-9209-7B205DF2FBC2}
2013-03-04 16:55:47 -------- d-----w- C:\Users\owner\AppData\Local\{2720213F-0879-4BF2-AFCC-2439D27ED512}
2013-03-03 19:05:47 -------- d-----w- C:\Users\owner\AppData\Local\{3A744DEC-B530-4DB9-8206-3CB63FB7A9F2}
2013-03-03 01:40:39 -------- d-----w- C:\Users\owner\AppData\Local\{9D306047-9DFD-4E6F-B2E8-44CE29A11731}
2013-03-02 22:27:55 -------- d-----w- C:\Users\owner\AppData\Local\{D7B40E95-678A-4492-AD8D-907D788F9C97}
2013-03-02 00:41:24 -------- d-----w- C:\Users\owner\AppData\Local\{C01E9EF2-BD0C-45BA-9EA9-9444636A57E2}
2013-02-28 16:54:27 -------- d-----w- C:\Users\owner\AppData\Local\{ABAECE8C-EEA3-414B-9CB7-3C475D06E737}
2013-02-27 16:56:56 -------- d-----w- C:\Users\owner\AppData\Local\{158FD362-B702-4C45-84F3-C4711557E07E}
2013-02-27 00:25:51 -------- d-----w- C:\Users\owner\AppData\Local\{A199AA34-E215-43C1-A146-095FF901A278}
2013-02-25 16:59:27 -------- d-----w- C:\Users\owner\AppData\Local\{9BDF0DEA-4599-47EB-A750-5968D0167E6E}
2013-02-24 23:36:56 -------- d-----w- C:\Users\owner\AppData\Local\{9415DCF4-2E7D-46A8-B86D-088D15B1672B}
2013-02-24 15:07:20 -------- d-----w- C:\Users\owner\AppData\Local\{D9802BBD-96F3-4AF6-BF78-E294691F8F8E}
2013-02-24 04:18:25 -------- d-----w- C:\Users\owner\AppData\Local\{198BD320-2DE1-4B2C-8B45-614E5A98F7A4}
2013-02-23 16:04:51 -------- d-----w- C:\Users\owner\AppData\Local\{CB271EDD-462E-47EA-9148-385A5335B977}
2013-02-22 23:36:06 -------- d-----w- C:\Users\owner\AppData\Local\{B729E00A-CFF4-4B15-A1D0-661DFED9FE29}
2013-02-21 16:55:50 -------- d-----w- C:\Users\owner\AppData\Local\{36426D5C-A771-434E-AC46-40F831DB11FB}
2013-02-20 22:02:23 -------- d-----w- C:\Users\owner\AppData\Local\assembly
2013-02-20 22:01:49 -------- d-----w- C:\Users\owner\AppData\Roaming\NuGet
2013-02-20 17:00:12 -------- d-----w- C:\Users\owner\AppData\Local\{B9B63672-CC93-4664-B23B-3551B0565686}
2013-02-20 01:42:46 -------- d-----w- C:\Users\owner\AppData\Local\{58D9A2F8-A593-4208-96C9-4BC5B81C3E65}
2013-02-20 00:12:38 -------- d-----w- C:\Users\owner\AppData\Local\{45D09585-86AD-409A-8A3A-A58192915C51}
.
==================== Find3M ====================
.
2013-03-20 21:22:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-20 21:22:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-03-17 15:20:57 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-17 15:20:57 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-28 13:57:26 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-02-28 13:37:29 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 19:45:08.94 ===============

aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-21 19:52:54
-----------------------------
19:52:54.509 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:54.509 Number of processors: 4 586 0x2502
19:52:54.509 ComputerName: OWNER-VAIO UserName: owner
19:52:55.850 Initialize success
20:04:27.357 AVAST engine defs: 13032102
20:04:44.579 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:04:44.595 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
20:04:44.595 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
20:04:44.595 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:04:44.595 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b
20:04:44.595 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:04:44.766 Disk 0 MBR read successfully
20:04:44.766 Disk 0 MBR scan
20:04:44.782 Disk 0 Windows 7 default MBR code
20:04:44.813 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8976 MB offset 2048
20:04:44.829 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18384896
20:04:44.876 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 296167 MB offset 18589696
20:04:44.922 Disk 0 scanning C:\Windows\system32\drivers
20:05:03.128 Service scanning
20:05:36.481 Modules scanning
20:05:36.481 Disk 0 trace - called modules:
20:05:36.513 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:05:36.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006388060]
20:05:36.528 3 CLASSPNP.SYS[fffff880012a643f] -> nt!IofCallDriver -> [0xfffffa8004345640]
20:05:36.528 5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004348050]
20:05:37.558 AVAST engine scan C:\Windows
20:05:40.132 AVAST engine scan C:\Windows\system32
20:12:49.543 AVAST engine scan C:\Windows\system32\drivers
20:13:15.655 AVAST engine scan C:\Users\owner
20:18:58.796 AVAST engine scan C:\ProgramData
20:28:08.111 Scan finished successfully
20:28:31.856 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
20:28:31.871 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

Blade81

2013-03-28, 11:14

Hi,

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Copy-paste findings (if any found) back here.

ascom2010

2013-03-28, 22:22

Hey Blade: 0 infected files.

I forgot to mention: After the MBAM scan (mentioned above in my first post), I had the file quarantined and deleted - but I kept the log in case you were interested in seeing it. I read just today that it might've been a false positive too, did you hear anything about it? What do you think?

Thanks again

Blade81

2013-03-29, 12:51

Hi,

Please do post contents of MBAM log if you have it handy :)

ascom2010

2013-03-30, 00:16

Here you go! :

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
owner :: OWNER [administrator]

3/21/2013 4:22:41 PM
mbam-log-2013-03-21 (16-22-41).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 503110
Time elapsed: 2 hour(s), 34 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> Quarantined and deleted successfully.
HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303} (Trojan.Vilsel) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\COMMON FILES\INSTALLSHIELD\ENGINE\6\INTEL 32\IKERNEL.EXE (Trojan.Vilsel) -> Data: 5 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.

(end)

Blade81

2013-03-30, 13:31

Hi,

Yes, those are confirmed false positives.

Please go to Quarantine tab in MBAM and restore them. Then update MBAM. Latest updates shouldn't flag those anymore.

ascom2010

2013-04-01, 17:44

Ok I just restored them! (So I'm good now right?)

Thanks for all your help Blade, I really appreciate it!!!!!

Blade81

2013-04-01, 21:07

Yes, that should be ok now :)