14 posts in this topic

Hello MB forum. I ran Dr.Web-CureIt and it found Trojan.Siggen4.5725 in OTL.exe on another user account (the desktop). It stated that it was incurable and was moved. No other infection found. Evidently I did not remove OTL from the desktop under this other user account from a previous scan awhile back. Here is the pasted report:


I've also included MBAM and DDS logs:

Malwarebytes Anti-Malware


Database version: v2012.08.15.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

iop :: FLOYD00 [administrator]

8/14/2012 11:12:32 PM

mbam-log-2012-08-14 (23-12-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 276652

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)



DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by iop at 23:17:25 on 2012-08-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2630 [GMT -5:00]


AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe


C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe



C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe





C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe



C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe




C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe


C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation


C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe


C:\Program Files\Windows Media Player\wmpnetwk.exe


C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe



C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe


C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe


C:\Program Files\Sony\VAIO Care\Admload.exe













============== Pseudo HJT Report ===============


uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [pnusbclitray] pnusbclitray.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0000-0005-ABCDEFFEDCBC}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

Trusted Zone: tamu.edu\voal

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer =

TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer =

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7} : DhcpNameServer =

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\2456C6B696E6F5560336231683 : DhcpNameServer =

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [pnusbclitray] pnusbclitray.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm


================= FIREFOX ===================


FF - ProfilePath - C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb85fe&v=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll


============= SERVICES / DRIVERS ===============


R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-6 44808]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?]

R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows\system32\pnusbvirtualhubwssrv.exe [?]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-5-16 259192]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-16 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

RUnknown DwProt;DwProt; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]

S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-25 480624]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]


=============== Created Last 30 ================


2012-08-14 19:57:39 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-13 20:41:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-08-13 20:41:25 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-30 20:30:59 -------- d-----w- C:\Users\iop\AppData\Roaming\TeamViewer

2012-07-23 02:02:24 -------- d-----w- C:\Dissertation Self-Efficacy


==================== Find3M ====================


2012-07-30 22:20:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-30 22:20:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-06-19 02:53:49 848 ----a-w- C:\Windows\wininit.tmp

2012-06-19 01:54:28 18768 ----a-w- C:\Windows\SysWow64\drivers\SECDRV.SYS

2012-06-18 21:22:34 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-18 21:22:34 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-18 21:21:12 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-18 21:21:12 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll


============= FINISH: 23:18:04.32 ===============





DDS (Ver_2011-08-26.01)


Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/23/2010 4:42:24 AM

System Uptime: 8/14/2012 3:40:20 PM (8 hours ago)


Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 287 GiB total, 231.304 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()


==== Disabled Device Manager Items =============


==== System Restore Points ===================


RP392: 8/14/2012 3:24:13 PM - ComboFix created restore point


==== Installed Programs ======================



Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 3

avast! Free Antivirus

Command & Conquer Red Alert 2

Compatibility Pack for the 2007 Office system

Corel WinDVD

Coupon Printer for Windows

Deus Ex

Deus Ex - Invisible War

Deus Ex: Human Revolution


HLM 7 for Windows (X86 Student)

HP Envy 100 D410 series Help

HP Photo Creations

HP Update

Java 6 Update 32

Java 7 Update 5

Junk Mail filter update

Malwarebytes Anti-Malware version

Media Gallery

Microsoft Choice Guard

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Move Media Player

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service


MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)




PMB VAIO Edition Guide

PMB VAIO Edition plug-in (Click to Disc)

PMB VAIO Edition plug-in (VAIO Image Optimizer)

PMB VAIO Edition plug-in (VAIO Movie Story)

QuickBooks Financial Center

Realtek High Definition Audio Driver

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Service Pack 1 for SQL Server 2008 (KB968369)

Setting Utility Series

SmartWi Connection Utility

Sony Home Network Library

Sql Server Customer Experience Improvement Program


Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Office 2007 (KB934528)

Update for Office System 2007 Setup (KB929722)


VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Intelligent Network Service Manager

VAIO Content Metadata Manager Settings

VAIO Content Metadata XML Interface Library

VAIO Content Monitoring Settings

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data

VAIO Entertainment Platform

VAIO Event Service

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Messenger

VAIO Movie Story Template Data

VAIO OOBE and Startup Assistant

VAIO Original Function Settings

VAIO Personalization Manager

VAIO Power Management

VAIO Quick Web Access

VAIO Sample Contents

VAIO Survey

VAIO Transfer Support

VAIO Update

VAIO Wallpaper Contents

VAIO Window Organizer

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11


vWorkspace Connector for Web Access

Westwood Shared Internet Components

WinASO Registry Optimizer 4.7.5

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer


==== Event Viewer Messages From Past Week ========


8/14/2012 3:41:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL

8/14/2012 3:40:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

8/14/2012 2:36:49 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/14/2012 2:36:15 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/13/2012 9:36:03 PM, Error: Service Control Manager [7034] - The Quest USB Hub Client Service service terminated unexpectedly. It has done this 1 time(s).

8/13/2012 5:14:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

8/13/2012 5:14:31 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.


==== End Of File ===========================

Share this post

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.


Share this post

Link to post
Share on other sites

Hello and thank you once again. Here is the rk report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: iop [Admin rights]

Mode: Scan -- Date: 08/16/2012 12:43:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤ localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVS-26VAT0 +++++

--- User ---

[MBR] 66ca1cabab75826394cdee209d4f460c

[bSP] 09e7744afc31920bc08bb5dd60d26bee : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11497 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23547904 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23752704 | Size: 293646 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>


Share this post

Link to post
Share on other sites

Yes. Sorry, but I'm not sure why that app would detect something. I can't find any info on Trojan.Siggen4.5725 online. There are some google results for trojan.siggen2.b and siggen2.22967. None of the virus databases have anything on it. Again, I should have indicated it was the same computer.

Here is Dr. Web's link on it:


Thanks MrC

Share this post

Link to post
Share on other sites

Do this.................

Run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.


Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic


Share this post

Link to post
Share on other sites

I can't get it to run. I went to the site in IE and clicked the button to run the scanner. I go the pop-up with the EULA and clicked yes, then start. The page transitioned to a blank page with a little image at the top left corner. I'm not sure if I have Active X configured properly for this version of IE. Any ideas?

Share this post

Link to post
Share on other sites

I think it is going to work. It just needed some time (unusual amount). I believe I had my IE settings specified according to recommendations by another helper. What is the safest way to configure IE? I can just wait until we are done.

Share this post

Link to post
Share on other sites
What is the safest way to configure IE?

Don't use it, use Google Chrome instead!!!

But the way the other helper told is the way, MrC

Share this post

Link to post
Share on other sites

ESET did not find anything. However, I can't find OTL.exe file anywhere. I'm not sure, but it may have been purged from the quarantine folder. Oh well. It is not on here. Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Thanks again.

Share this post

Link to post
Share on other sites

Yes. I'm tripped out by the fact that one malware protector detected malware in the executable of another malware protector. Other than that, I'm good. I'm beginning to wonder about that Dr. Web software.

Thanks for all your help!

Share this post

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.