PDA

View Full Version : Trojan



sdy234
2013-12-10, 22:52
Hi,

spybot found malware and I tried to get rid of it on my own....

history:
Spybot found the TrojanC-05 and other enries, which it could not remove.
I used following programms to help me, next to Spybot:

- Kaspersky Antivirus
- Hijack this
- Trojan remover
- Tdsskiller from Kaspersky
- Malwarebytes
- ZoneAlarm

The engine got slower and slower (very annoying) and I didn't look right for help (was for example posting my question in the wrong thread....)
So I finally got so frustrated, that I did a Recovery. Knowing, the problem might not be gone, but was hoping (in my naivity) it would solve the problem. But....spybot still finds the Trojan and some other entries I do not really want to have.....

After Recovery I used:

- Hijackthis
- Malwarebytes
- Spybot
- Kaspersky

plus for this thread ERUNT, DDS, aswMBR and Spybot again.

Here the results as asked

- DDS
- Spybot (had to do a screenshot, sorry)
- aswMBR

Thank you!

sdy234

DDS (Ver_2012-11-20.01) - NTFS_AMD64
XXX Explorer: 11.0.9600.16428
Run by XXX at 13:48:08 on 2013-12-10
Microsoft Windows 7 Home Premium XXX
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Desktop\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.182.1
TCP: Interfaces\{914A5416-E57C-4B03-BCEF-885E61ED5964} : DHCPNameServer = 192.168.182.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hmdc28h5.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-12-09 22:03; http://forums.spybot.info/misc.php?do=email_dev&email=YW50aV9iYW5uZXJAa2FzcGVyc2t5LmNvbQ==; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-12-09 22:03; http://forums.spybot.info/misc.php?do=email_dev&email=Y29udGVudF9ibG9ja2VyQGthc3BlcnNreS5jb20=; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-12-09 22:03; http://forums.spybot.info/misc.php?do=email_dev&email=b25saW5lX2JhbmtpbmdAa2FzcGVyc2t5LmNvbQ==; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-12-09 22:04; http://forums.spybot.info/misc.php?do=email_dev&email=dXJsX2Fkdmlzb3JAa2FzcGVyc2t5LmNvbQ==; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-12-09 22:04; http://forums.spybot.info/misc.php?do=email_dev&email=dmlydHVhbF9rZXlib2FyZEBrYXNwZXJza3kuY29t; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-12-9 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-12-9 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-12-9 13336]
R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-9 418376]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-9 701512]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-12-9 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2011-3-7 102400]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsnxc64.sys [2011-3-6 98816]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-12-9 259192]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-9 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-9 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-20 378472]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2013-12-9 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-9 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2013-12-9 550080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-12-9 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2013-12-9 19968]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2013-12-9 436776]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-12-9 39976]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-9 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-8 413800]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2013-12-9 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-12-9 1369136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IEEtwCollectorService;XXX Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-10 19:43:45 -------- d-----w- C:\Desktop
2013-12-10 13:38:49 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A7E9D27-AE75-4892-BA7D-37A29D93CECE}\offreg.dll
2013-12-10 06:13:03 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-10 06:13:03 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-12-10 06:11:39 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-10 06:11:39 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-10 06:11:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-10 06:07:30 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-10 06:07:30 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-10 06:05:24 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-10 06:05:23 -------- d-----w- C:\Windows\System32\Wat
2013-12-10 05:51:11 -------- d-----w- C:\Windows\System32\MRT
2013-12-10 05:43:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-10 05:43:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-10 05:43:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-10 05:43:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-10 05:43:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-10 05:32:40 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-10 05:31:59 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2013-12-10 05:30:49 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-12-10 05:27:48 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-12-10 05:26:59 77312 ----a-w- C:\Windows\System32\packager.dll
2013-12-10 05:26:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-12-10 05:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-12-10 05:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-12-10 05:26:58 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-12-10 05:26:58 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-12-10 05:26:58 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-12-10 05:26:57 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-10 05:26:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-10 05:26:57 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-10 05:23:17 -------- d-----w- C:\Update
2013-12-10 05:11:14 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-10 05:11:10 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A7E9D27-AE75-4892-BA7D-37A29D93CECE}\mpengine.dll
2013-12-10 05:01:33 -------- d-----w- C:\Windows\en
2013-12-10 05:01:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-10 05:01:03 -------- d-----w- C:\Windows\PCHEALTH
2013-12-10 04:53:35 -------- d-----w- C:\ProgramData\Norton
2013-12-10 04:53:22 -------- d-----w- C:\ProgramData\NortonInstaller
2013-12-10 04:49:47 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-12-10 04:46:19 -------- d-----w- C:\VAIO Sample Contents
2013-12-10 04:39:10 -------- d-----w- C:\Users\XXX\AppData\Local\Broadcom
2013-12-10 04:38:42 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-12-10 04:38:42 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-12-10 04:38:42 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2013-12-10 04:38:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-12-10 04:38:42 -------- d-----w- C:\Users\XXX\AppData\Local\Diagnostics
2013-12-10 04:36:38 -------- d--h--w- C:\SPLASH.000
2013-12-10 04:36:16 -------- d--h--w- C:\SPLASH.SYS
2013-12-10 04:35:56 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2013-12-10 04:25:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-12-10 04:25:32 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2013-12-10 04:24:52 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-10 04:24:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-10 04:24:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-10 04:22:37 -------- d-----w- C:\Users\XXX\AppData\Roaming\Malwarebytes
2013-12-10 04:22:22 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-10 04:22:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-10 04:20:50 -------- d-----w- C:\Users\XXX\AppData\Local\Apple
2013-12-10 04:20:35 -------- d-----w- C:\Program Files\Bonjour
2013-12-10 04:20:35 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-12-10 04:20:12 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2013-12-10 04:20:12 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-10 04:20:12 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2013-12-10 04:20:10 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2013-12-10 04:20:10 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2013-12-10 04:20:09 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2013-12-10 04:19:50 -------- d-----w- C:\Users\XXX\AppData\Local\Programs
2013-12-10 04:19:11 -------- d-----w- C:\Users\XXX\AppData\Local\Mozilla
2013-12-10 04:19:01 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-10 04:18:11 14112 ----a-w- C:\Windows\System32\drivers\regi.sys
2013-12-10 04:18:05 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo
2013-12-10 04:18:00 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2013-12-10 04:17:56 -------- d-----w- C:\ProgramData\Corel
2013-12-10 04:17:56 -------- d-----w- C:\Program Files (x86)\Corel
2013-12-10 04:17:31 -------- d-----w- C:\ProgramData\ArcSoft
2013-12-10 04:17:21 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-10 04:17:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-10 04:17:21 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-10 04:17:21 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-10 04:17:20 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-10 04:14:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-10 04:13:50 24912 ----a-w- C:\Windows\System32\dopdfmn7.dll
2013-12-10 04:13:50 21328 ----a-w- C:\Windows\System32\dopdfmi7.dll
2013-12-10 04:13:50 -------- d-----w- C:\Users\XXX\AppData\Roaming\Softland
2013-12-10 04:13:49 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-12-10 04:12:09 -------- d-----w- C:\_FS_SWRINFO
2013-12-10 04:12:08 -------- d-----w- C:\Documentation
2013-12-10 04:08:46 425472 ----a-w- C:\Windows\System32\SonyVideoProcessor.dll
2013-12-10 04:08:46 333824 ----a-w- C:\Windows\SysWow64\SonyVideoProcessor.dll
2013-12-10 04:08:24 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:08:22 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:04:25 -------- d-----w- C:\Windows\Downloaded Installations
2013-12-10 04:04:19 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-12-10 04:04:08 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2013-12-10 04:04:07 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2013-12-10 04:03:51 -------- d-----w- C:\Windows\ELAMBKUP
2013-12-10 04:03:49 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2013-12-10 04:03:48 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-12-10 04:03:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-12-10 04:03:36 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-12-10 04:02:44 -------- d-----w- C:\Program Files\PlayReady
2013-12-10 04:00:31 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-12-10 04:00:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-12-10 04:00:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-12-10 04:00:31 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-12-10 04:00:31 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-12-10 04:00:31 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-12-10 04:00:31 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-12-10 03:48:03 -------- d-----w- C:\Windows\Sonysys
2013-12-10 03:46:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-12-10 03:46:01 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2013-12-10 03:45:48 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2013-12-10 03:45:48 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2013-12-10 03:44:04 -------- d-----w- C:\Program Files (x86)\Sony
2013-12-10 03:40:10 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2013-12-10 03:40:08 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-12-10 03:40:01 -------- d-----w- C:\Program Files\Synaptics
2013-12-10 03:39:56 -------- d-----w- C:\Windows\SysWow64\SDA
2013-12-10 03:38:09 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-12-10 03:38:06 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-12-10 03:35:11 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-10 03:32:20 -------- d-----w- C:\Program Files\Broadcom
2013-12-10 03:31:49 436776 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2013-12-10 03:31:49 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2013-12-10 03:31:49 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2013-12-10 03:31:49 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2013-12-10 03:31:49 163880 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2013-12-10 03:31:49 150568 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2013-12-10 03:31:08 -------- d-----w- C:\Program Files\WIDCOMM
2013-12-10 03:29:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-12-10 03:29:07 -------- d-----w- C:\Program Files\Realtek
2013-12-10 03:26:03 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-12-10 03:26:01 -------- d-----w- C:\Intel
2013-12-10 03:21:53 -------- dc-h--w- C:\ProgramData\{869D8A73-BD74-4AF4-B35D-FA3A4ACE3875}
2013-12-10 03:21:53 -------- d-----w- C:\ProgramData\DDNi
2013-12-10 03:21:53 -------- d-----w- C:\Program Files (x86)\DDNi
2013-12-10 03:20:59 -------- d-----w- C:\ProgramData\Sony Corporation
2013-12-10 03:16:40 -------- d-----w- C:\Program Files\Sony
2013-12-10 03:14:59 -------- d-----w- C:\Windows\System32\WCN
2013-12-10 03:12:55 -------- d-----w- C:\Windows\SysWow64\VAIO Startup Setting Tool
.
==================== Find3M ====================
.
2013-12-10 06:09:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-10 03:14:29 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2013-12-10 03:14:24 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2013-12-10 03:14:24 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2013-12-10 03:14:17 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2013-12-10 03:14:16 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-12-10 03:14:12 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 13:48:43,26 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-10 13:58:03
-----------------------------
13:58:03.505 OS Version: Windows x64 6.1.7601 Service Pack 1
13:58:03.505 Number of processors: 8 586 0x2A07
13:58:03.506 ComputerName: XXX-VAIO UserName: XXX
13:58:05.104 Initialize success
14:04:16.631 AVAST engine defs: 13121000
14:04:44.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:04:44.945 Disk 0 Vendor: TOSHIBA_ GB00 Size: 476940MB BusType: 3
14:04:45.054 Disk 0 MBR read successfully
14:04:45.069 Disk 0 MBR scan
14:04:45.085 Disk 0 Windows 7 default MBR code
14:04:45.101 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11811 MB offset 2048
14:04:45.116 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24190976
14:04:45.147 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295027 MB offset 24395776
14:04:45.163 Disk 0 Partition - 00 0F Extended LBA 170000 MB offset 628611072
14:04:45.210 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169999 MB offset 628613120
14:04:45.350 Disk 0 scanning C:\Windows\system32\drivers
14:04:53.057 Service scanning
14:05:27.814 Modules scanning
14:05:27.829 Disk 0 trace - called modules:
14:05:27.860 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:05:27.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006359790]
14:05:27.876 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa80044f0b20]
14:05:27.876 5 ACPI.sys[fffff88000ee27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004876050]
14:05:29.046 AVAST engine scan C:\Windows
14:05:31.448 AVAST engine scan C:\Windows\system32
14:07:42.582 AVAST engine scan C:\Windows\system32\drivers
14:07:52.005 AVAST engine scan C:\Users\XXX
14:08:03.049 AVAST engine scan C:\ProgramData
14:08:56.573 Scan finished successfully
14:09:17.727 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
14:09:17.727 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"

ken545
2013-12-26, 19:14
:welcome:

Sorry for the delay.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

sdy234
2013-12-27, 04:12
Thank you for an answer!!!!!
Problem is, we just moved into new appartement.
Our Internetprovider should have already installed the internet, but there are issues.... so I have only access to the net via my phone....

As much as I wished to download the mentioned programm, I just can`t do it right now.
They gave us a notice today, it might work on the 31st......

I am very sorry, i was hoping it might be done already....
Plus it bothers me a lot, that I can`t fix that laptop.....

Is there a chance to continue with your assistance, once I am online again?

I really am sorry, but without access to the net, I wont be able to do it.
And circumstances right now dont allow it to ask friends, because we just moved from far away to here.....starting at zero.

ken545
2013-12-27, 04:18
Thanks for letting me know about your internet access. If its possible you can download that program via a known clean computer and transfer it by disk to the infected one and run it, if not I will gladly keep this thread open for you until you return, after the 31st if you think it will be a few days more please post back and let me know

Ken :)

sdy234
2013-12-29, 04:54
Thank you so much for understanding.
I hope the internet works by the 31.12, if not I leave a message. But its really bothering without....

Sdy234

ken545
2013-12-29, 14:37
:bigthumb:

sdy234
2013-12-31, 15:29
Will see if it works by the end of the day. Provider wants to take care of.....

sdy234
2014-01-01, 19:27
... without comment....
Now I hope its done by 01/07/14.....

.....

ken545
2014-01-01, 19:48
OMG, you may want to look around for a new provider.

What exactly is the problem with no access ?

sdy234
2014-01-03, 17:34
Looks like we stuck with that provider. Is kind of a new community....so hardware is missing. They are digging a whole across the street... I really hope they do fix it the next days...

I have a generic question, maybe a stupid one....

How secure is it to upload all these log files? Not that I really have sensitive information on my machine, really not. But was wondering if more advanced people with interest could exploit this data and try to snoop around...just for fun and hobby sake...

Am really sorry. But its the missing hardware that keeps me away from fixing my machine...

Sdy234

ken545
2014-01-03, 19:45
The logs you post on this forum shows no personal information , so dont ever post your email, home address or a phone number and you will be fine

sdy234
2014-01-06, 16:33
...switch of provider (internet).... hope it works by the end of the day.....

;)

sdy234
2014-01-06, 16:37
...switch of provider (internet).... hope it works by the end of the day.....

;)

Was less worried about personal information then more of information about programmes which are not updated or are weaknesses (flash, internet explorer...)
;)

sdy234
2014-01-07, 07:53
...finally..... thank you sooo much for your patience!!!!!!!!!!!!!!!!!!!!!!!!!!
We changed the provider. And it got fixed today :)

I followed the instructions, I thought Spybot was disabled.... but it was not.
I even didn t get asked to install the windows console.....
But anyway.... here is the log, that combofix created.
I hope this helps :)

ComboFix 14-01-04.03 - XXX 06.01.2014 23:31:25.1.8 - x64
Microsoft Windows 7 Home Premium [GMT -6:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
AV: Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-07 to 2014-01-07 )))))))))))))))))))))))))))))))
.
.
2014-01-07 05:36 . 2014-01-07 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 04:09 . 2014-01-07 04:23 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-07 04:09 . 2014-01-07 04:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 04:09 . 2014-01-07 04:09 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 04:09 . 2014-01-07 04:09 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-07 04:09 . 2014-01-07 04:09 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-07 04:09 . 2014-01-07 04:09 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-07 04:09 . 2014-01-07 04:09 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-07 04:09 . 2014-01-07 04:09 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-07 04:09 . 2014-01-07 04:09 43152 ----a-w- c:\windows\avastSS.scr
2014-01-07 04:07 . 2014-01-07 04:07 -------- d-----w- c:\programdata\AVAST Software
2014-01-07 02:27 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2014-01-07 02:27 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-07 02:27 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-07 02:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74EEE8ED-5EC1-47EA-A19F-3B70FF0FC0A2}\mpengine.dll
2013-12-28 20:27 . 2013-12-28 20:28 -------- d-----w- c:\users\XXX
2013-12-16 07:49 . 2013-12-16 07:49 -------- d-----w- c:\programdata\Canneverbe Limited
2013-12-16 07:28 . 2013-12-16 07:29 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator
2013-12-10 19:43 . 2013-12-10 19:43 -------- d-----w- C:\Desktop
2013-12-10 06:31 . 2014-01-07 03:25 -------- d-----w- c:\users\xxx
2013-12-10 06:15 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 06:13 . 2013-12-10 06:13 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 06:13 . 2013-12-10 06:13 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 06:11 . 2013-12-10 06:11 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-10 06:11 . 2013-12-10 06:11 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-10 06:11 . 2013-12-10 06:11 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-10 06:07 . 2013-12-10 06:07 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-12-10 06:07 . 2013-12-10 06:07 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- c:\windows\SysWow64\Wat
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- c:\windows\system32\Wat
2013-12-10 05:51 . 2014-01-07 03:45 -------- d-----w- c:\windows\system32\MRT
2013-12-10 05:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-12-10 05:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-12-10 05:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-12-10 05:32 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-12-10 05:31 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-12-10 05:30 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-12-10 05:27 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-12-10 05:26 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-12-10 05:26 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-12-10 05:26 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-12-10 05:26 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-12-10 05:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-12-10 05:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-12-10 05:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-12-10 05:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-12-10 05:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-12-10 05:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-12-10 05:23 . 2013-12-10 05:23 -------- d-----w- C:\Update
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\windows\en
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Windows Live
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\windows\PCHEALTH
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files\Windows Live
2013-12-10 04:53 . 2013-12-10 03:48 -------- d-----w- c:\programdata\Norton
2013-12-10 04:49 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Microsoft
2013-12-10 04:46 . 2013-12-10 04:46 -------- d-----w- C:\VAIO Sample Contents
2013-12-10 04:38 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-12-10 04:36 . 2013-12-10 04:36 -------- d-----w- C:\SPLASH.000
2013-12-10 04:36 . 2013-12-10 04:36 -------- d-----w- C:\SPLASH.SYS
2013-12-10 04:35 . 2013-12-10 04:35 -------- d-----w- c:\program files (x86)\Downloaded Installations
2013-12-10 04:25 . 2013-12-10 04:25 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-12-10 04:25 . 2007-07-20 02:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2013-12-10 04:25 . 2006-03-31 20:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2013-12-10 04:24 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2013-12-10 04:24 . 2013-12-10 14:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-10 04:24 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-12-10 04:22 . 2013-12-10 04:22 -------- d-----w- c:\programdata\Malwarebytes
2013-12-10 04:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files\Common Files\Apple
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files\Bonjour
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Bonjour
2013-12-10 04:20 . 2013-12-10 04:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\programdata\Apple
2013-12-10 04:20 . 2003-03-19 06:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2013-12-10 04:20 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-10 04:17 . 2013-12-10 04:17 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2013-12-10 04:14 . 2013-12-10 04:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-12-10 04:14 . 2013-12-10 04:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-12-10 04:13 . 2011-06-09 17:33 24912 ----a-w- c:\windows\system32\dopdfmn7.dll
2013-12-10 04:13 . 2011-06-09 17:33 21328 ----a-w- c:\windows\system32\dopdfmi7.dll
2013-12-10 04:13 . 2010-02-05 21:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- c:\windows\SysWow64\Macromed
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- C:\_FS_SWRINFO
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- C:\Documentation
2013-12-10 04:08 . 2011-03-08 22:39 425472 ----a-w- c:\windows\system32\SonyVideoProcessor.dll
2013-12-10 04:08 . 2011-03-08 22:39 333824 ----a-w- c:\windows\SysWow64\SonyVideoProcessor.dll
2013-12-10 04:08 . 2008-09-25 02:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:08 . 2008-09-25 02:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:04 . 2013-12-10 04:04 -------- d-----w- c:\windows\Downloaded Installations
2013-12-10 04:04 . 2014-01-07 04:01 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-10 04:02 . 2013-12-10 04:02 -------- d-----w- c:\program files\PlayReady
2013-12-10 03:56 . 2013-12-10 03:56 -------- d-----w- c:\program files\Microsoft Office
2013-12-10 03:48 . 2013-12-10 05:00 -------- d-----w- c:\windows\Sonysys
2013-12-10 03:46 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-10 03:46 . 2013-12-10 03:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-12-10 03:46 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Java
2013-12-10 03:46 . 2013-12-10 03:45 521448 ----a-w- c:\windows\system32\deployJava1.dll
2013-12-10 03:46 . 2013-12-10 03:45 189216 ----a-w- c:\windows\system32\javaws.exe
2013-12-10 03:46 . 2013-12-10 03:45 171808 ----a-w- c:\windows\system32\javaw.exe
2013-12-10 03:46 . 2013-12-10 03:45 171808 ----a-w- c:\windows\system32\java.exe
2013-12-10 03:45 . 2013-12-10 03:45 -------- d-----w- c:\program files\Java
2013-12-10 03:45 . 2013-12-10 04:20 -------- d-----w- c:\program files\Common Files\Sony Shared
2013-12-10 03:45 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2013-12-10 03:44 . 2013-12-10 04:49 -------- d-----w- c:\program files (x86)\Sony
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\program files (x86)\Renesas Electronics
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\programdata\Downloaded Installations
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\program files\Synaptics
2013-12-10 03:39 . 2013-12-10 03:39 -------- d-----w- c:\windows\SysWow64\SDA
2013-12-10 03:38 . 2011-03-07 20:47 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2013-12-10 03:38 . 2013-12-10 03:38 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2013-12-10 03:35 . 2014-01-07 04:06 -------- d-----w- c:\programdata\NVIDIA
2013-12-10 03:35 . 2013-12-10 04:25 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-12-10 03:32 . 2013-12-10 03:32 -------- d-----w- c:\program files\Broadcom
2013-12-10 03:31 . 2011-04-01 20:16 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2013-12-10 03:31 . 2011-04-01 20:16 22056 ----a-w- c:\windows\system32\btwcoins.dll
2013-12-10 03:31 . 2011-04-01 20:16 163880 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2013-12-10 03:31 . 2011-04-01 20:16 436776 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2013-12-10 03:31 . 2011-04-01 20:16 150568 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2013-12-10 03:31 . 2011-04-01 20:15 39976 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2013-12-10 03:31 . 2013-12-10 03:31 -------- d-----w- c:\program files\WIDCOMM
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 03:25 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-10 06:12 . 2013-12-10 06:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-10 03:14 . 2013-12-10 03:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2013-12-10 03:14 . 2013-12-10 03:14 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2013-11-26 18:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="e:\program files\AvastUI.exe" [2014-01-07 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="e:\program files\setup\emupdate\2c43906b-fbef-43b8-a4be-01dd643795bb.exe" [2014-01-07 181136]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\desktop\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;xxx Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSTM
*NewlyCreated* - ASWVMM
*NewlyCreated* - ZIZQFWLY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-07 04:09 287280 ----a-w- e:\program files\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-07 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-07 2188904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uxxx Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hmdc28h5.default\
FF - ExtSQL: 2014-01-06 22:09; wrc@avast.com; e:\program files\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-06 23:37:39
ComboFix-quarantined-files.txt 2014-01-07 05:37
.
Pre-Run: 263.609.458.688 bytes free
Post-Run: 264.451.641.344 bytes free
.
- - End Of File - - ACFF37E3806A510174A6E6C0A59B3728

sdy234
2014-01-07, 07:56
...what exactly is that report telling? would really like to understand it...... what is the difference to the other reports???? (malwarebytes...)

wish I could read and understand it................

ken545
2014-01-07, 14:11
Good Morning,

Glad your back up and running :)

If you had bad entries or files on your system from malware Combofix would have removed them and nothing was removed, its possible that TrojanC-05 was a false positive that spybot found.

Lets run another scanner and see, you will need the 64 bit version

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

sdy234
2014-01-07, 20:03
Hi!

Sounds good so far..... would prefer a false positive...........

Here the new logs:


...tried to copy the text in here, but the content was to big. I was not able to post it.....

That's why I upload the files............

Sorry!

sdy234

sdy234
2014-01-07, 20:05
The FRST file is too big. Am working on it..................need a zip programm...............................

ken545
2014-01-07, 20:18
Just attach the log file in your next reply

sdy234
2014-01-08, 06:58
1412.5 KB...... can't copy the content in nor upload the file.....
have issues to instal the zip tool....for some reason it won t let me.................

any idea?

Thank you!

ken545
2014-01-08, 12:57
Can you just right click on the file on your desktop and select SEND TO........COMPRESSED ZIP FILE ??

sdy234
2014-01-10, 03:51
Excuse me, I did not know, that windows 7 suppoerts that function............

ken545
2014-01-10, 04:11
Log looks ok. How is your system running ?

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

sdy234
2014-01-12, 04:48
Hi,

so...I installed and run the programm.
It did not find anything, so I was not able to get a text file.
I made a screenshot from the result.

So a false positive?
Is there anything I can do Spybot wont find that the next time I run it????
And how do I get rid of these weird registry entries (track) emtioned in the scan? (see capture 2)

Thank you so much for your time and patience!!!!!
i really appreciate it......
Now I can take care of other problems...............nice DOS attacks for example..............
Never ending story with the Windows engine.............. :)

sdy234

ken545
2014-01-12, 14:22
What are you referring to as DOS attacks ?

sdy234
2014-01-13, 04:29
Hi,

that is something my router showed me in its logfile....timestamps of DOS attacks.... am working on it....means work on getting smarter..........
the routers software sucks, sorry..... can't block Mac or IP adresses............the router i had in europe was by far better to handle.........

ken545
2014-01-13, 05:00
Seems to me you should reset your router and your cable/DSL modem. Then install a good firewall

http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

sdy234
2014-01-13, 07:21
guess I am blonde............

I know Internet got super insecure nowadays. I am working on getting smarter....the books are piling up....but all these PC issues keep me away from studying them..............and honestly, my mind is set to transfer to Linux. But I need this windows engine for my spouse............and I am the only one careing for Updates/Antivirus/ etc............

I have never had so many issues at once.......
Because of these DOS Attacks and a MAC Adress that always gets rejected and does not belong to any of our devices (I checked them all), I shut down the whole system, if we do not need it.

Pulling the plug.
Maybe not the most advanced way to solve the problem.....

I studied the manual from my router..... it is weird, that I do not find the firewallsettings in my routers settings as described in the manual.... I checked all menue entries............ ?????????

As far as resetting......I guess you do not mean just to unplug the modem/router plug.... right......

I wished I knew more about this Tech stuff..... its not a lack of interest, more finding the right sources and internet is great, but it takes sometimes forever to find qualified information, that gives you hands on advice.........

I really do hope to meet some people here in the future (who know more than me) I can bother with my questions.......

I knew about zonealarm, but can't tell you, why I did not install it after the recovery I did in December....
Was not sure if it is compatible with the windows firewall...guess that was the problem....
Is it compatible with Windows-Firewall and Avast?

So, reset the whole system. Sounds good to me........makes sense.........
But, how do I do that? is it that Factory reset Button in the router setting software?
And still, there are so many things I do need to make research on from WSP till port forwarding, port triggering...........and so on.....list is endless long.
My magnetboard is full with topics to learn.
The transfer from a just windowclicking person without knowing what really is going on, I work my way through, to a person, that understands the system under the hud. But it really is a challenge right now and time consuming:)

But I am working on it.
Like I mentioned before..... if it was just my engine..... Linux. Immediately! And my personal pc will be hopefully soon transfered to Linux.
But that has to wait till this windows engine is ready to go..... and secure.

Wished I would have studied that computer stuff or have more people around me who are interested in that stuff.....

I know, you are here to help with malware removal..... but if you could give me advice how to reset that whole system, it would be great.

I really do apologize for asking so much!

sdy234

ken545
2014-01-13, 14:10
Good Morning,

Let me ask you, why would hackers want to hit a home user with a DDOS attack, you must be reading the log wrong. If you install Zone Alarm it will turn off the windows firewall as just like Anti Virus you just need one, more than one AV and Firewall are just overkill and can cause problems. Zone Alarm is great and will block most attacks in and out of your computer. Its somewhat normal to have a firewall block access.


The router has a reset button , most are on the back or the bottom of the unit, you just press it in with a ball point pen or paper clip and hold it in for 10 seconds or so and it clears the router...BUT...then you will have to reinstall it to get back online, so you have the disk that came with it.? You can also turn off your computer, turn off the router by pulling the power cord out of the back of it, then turn off your modem the same way. Then let it all set for about 5 minutes this will flush it all out. Then turn back on your modem first and wait until all the lights come back on, then your router, same thing, then turn your computer back on.

Let me know what you want to do

sdy234
2014-01-14, 06:28
Good evening,

believe my this laptop is the most uninteresting one ever........after a recovery with deleting all files anyway.
How do I interpret this then right? Wouldn't insist I make mistakes here....

[WLAN access rejected: incorrect security] from MAC address 4c:82:cf:80:0e:96, Thursday, January 09,2014 21:43:00
[DoS Attack: ACK Scan] from source: 17.149.36.122, port 443, Thursday, January 09,2014 21:42:55
[WLAN access rejected: incorrect security] from MAC address 4c:82:cf:80:0e:96, Thursday, January 09,2014 21:42:51
[DoS Attack: ACK Scan] from source: 74.125.20.188, port 5228, Thursday, January 09,2014 21:42:41
[WLAN access rejected: incorrect security] from MAC address 4c:82:cf:80:0e:96, Thursday, January 09,2014 21:42:41

The DOS stopped. Do not know why. But whenever I turn on the wireless signal, this MAC adress glues on me.......... every few minutes....

I would like to do a clean reset. Building up the internetconnection , router, modem relationship from scratch.
Would like to delete the network in windows, too.

I was just wondering, if I turn off the SSID sending signal....my before attached ipad cant connect anymore.
Some settings like Broadcast signal, are every time turned on back, even I turn it of and leave the settings....
In the manual are Firewall settings explained, (and it is the right model one) , but cant find them either....

I will install zonealarm, but remember having there problems to with entries, that want to connect, but their names were not clear to me, what exactly it is....


This does not tell me anything either....regarding that sticky MAC adress of mine.............

Company Echostar Technologies
Prefix 4C:82:CF
Address space 4C:82:CF:00:00:00 - 4C:82:CF:FF:FF:FF
Address 94 Inverness Terrace E
Englewood CO 80112
United States


will get to work.

sdy234

sdy234
2014-01-14, 06:29
...i have no clue, where these weird smilies come from...I did not type them.................?

ken545
2014-01-14, 07:58
Those smileys came because of the Fs for the address you posted being close together created them, no biggie :)

https://www.google.com/search?q=Echostar+Technologies&rlz=1C1CHFX_enUS561US561&oq=Echostar+Technologies&aqs=chrome..69i57&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8



You can try resetting your router by pressing in the reset button like I posted before, this will wipe it back to factory defaults, then you can go into the Control Panel > Networking and Sharing Center > Manage Wireless Neworks and remove the current ssid. When you set it back up , change your ssid to a different name than what you where using before

Do you need help with this ?

sdy234
2014-01-14, 19:44
Thanks, I did it last night. Reset the Router with the pin, reset the Modem, installed the Router with the CD and deleted all old internetaccesspoints in the control panel plus changed ssid, too.

The MAC Adress ist still there........... maybe it's the modem....i guess it has to deal with the hardware to get connected.

I only do not understand when I disable Enable Wireless Router Radio, all my devices can not connect. (Would like to have that disabled.....)

And when I disable SSID broadcast, devices which were connected before can't connect. (...That, too...)

Only, when both are enabled I have wireless connectivity.


Thank you so much!
I really appreciated your patience, help and time!!!!!

sdy234

ken545
2014-01-14, 21:19
Hi,

There are forums for many many things, software programs, hardware and the list goes on. This forum is for Malware Removal and this point you seem fine

Why dont you go here and register, like this forum its free. A lot of us forums work together. Use the same user name your using here so I can find you and follow along.

www.whatthetech.com



Then after your registered, go to there networking forum and they will be able to answer any questions for you and also to make sure you set up is secure

Post here
http://forums.whatthetech.com/index.php?showforum=128

Ken :)

sdy234
2014-01-15, 00:02
Hi Ken545!

Thank you sooo much for all the advices you gave me, I really appreciate them!
Thanks to you, I feel this Windows Laptop is more secure again.
I am so glad, that there was only a false positive!

I am very happy that I got help here from you!

I will think about the other forum. My way does not end here :)
So much more I am interested in :)

I hope you have a great time and lots of fun in doing what you are doing! :)

All the best to you

Thank you!!!!!!!!!!!!!!!!!!!!!!

sdu234

ken545
2014-01-15, 01:17
Your very welcome :)


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken