Problem with TrojanDownloader:Win32/Adload.DA

**davman** · 2012-08-27, 16:30

Hey there,

aswMBR is still not able to complete. Same message appears at the same point.

Regards,

davman

**maxi** · 2012-08-27, 21:33

Ok Davman, Please delete the current copy of ComboFix from your computer and follow the instructions below.

Download and Run ComboFix

Please download ComboFix from the following link.

Link 1.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
Double click on ComboFix.exe and follow the prompts.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.

Please post the log in your next reply

**davman** · 2012-08-29, 12:19

Hey Maxi,

Sorry for the break in contact. Here is the ComboFix log:

Regards,

davman

ComboFix 12-08-28.03 - Dave 29/08/2012 11:03:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5998.4277 [GMT 1:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\1em
c:\users\Dave\1em\One\CheckMate\Win32\first.obj
c:\users\Dave\1em\One\ErrorLog
c:\users\Dave\1em\One\first.f95
c:\users\Dave\1em\One\first.ftn95p
c:\users\Dave\1em\One\first.ini
c:\users\Dave\1em\One\link.lst
c:\users\Dave\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 10:12 . 2012-08-29 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 10:04 . 2012-08-29 10:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71BE8527-8B72-4E60-BA93-47D9D268283C}\offreg.dll
2012-08-25 14:34 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71BE8527-8B72-4E60-BA93-47D9D268283C}\mpengine.dll
2012-08-25 14:26 . 2012-08-25 14:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2
2012-08-25 14:26 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 14:15 . 2012-08-25 14:15 -------- d-----w- C:\_OTL
2012-08-16 13:46 . 2012-08-16 13:46 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-15 11:57 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 11:23 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 11:23 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 11:22 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 11:22 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 11:22 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 11:22 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 11:22 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 11:22 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 11:22 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 11:22 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 11:22 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 11:22 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-01 17:31 . 2012-08-01 17:31 -------- d-----w- c:\users\Dave\AppData\Roaming\Maize Sampler Player
2012-08-01 16:40 . 2012-08-01 16:40 -------- d-----w- c:\program files\AnarchySoundSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2012-01-08 19:12 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-08 19:12 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-08 19:11 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-25 11:03 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-01-08 19:11 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-01-08 19:12 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-01-08 19:11 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-08 19:11 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-01-08 19:11 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 11:52 . 2011-01-22 18:02 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-19 02:31 . 2012-05-17 11:10 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 02:31 . 2011-01-05 20:20 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-16 23:29 . 2011-01-05 21:05 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-09 05:43 . 2012-07-10 18:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 18:44 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 18:44 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 18:43 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 18:44 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 18:44 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 18:43 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 20:34 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:34 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 20:34 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:34 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:34 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 20:34 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 20:34 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 20:33 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 20:33 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 18:43 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 18:43 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 18:43 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 18:43 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 18:43 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 18:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 18:43 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 18:43 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 18:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 11:25 . 2011-01-05 20:09 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-10-15 72192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-26 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-05-22 26624]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-10-15 99624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 133104]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 SynasUSB;SynasUSB; [x]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352]
R3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\Drivers\tus1641u.sys [2011-08-03 408128]
R3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys [2011-08-03 31296]
R3 TASCAM_US1641_WDM;TASCAM US-1641 WDM;c:\windows\system32\drivers\tus1641a.sys [2011-08-03 50240]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-06 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Dave\Desktop\Utilities\RealTemp_360\WinRing0x64.sys [2011-10-16 14544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-19 270912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 6661120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 195584]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 09:22]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 09:22]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2325620197-1000498294-1635422406-1001Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 18:37]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2325620197-1000498294-1635422406-1001UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-22 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kx2svetg.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-BsBhvScan
SafeBoot-BsScanner
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-616880430.film4od.film4.com - c:\program files (x86)\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2325620197-1000498294-1635422406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2325620197-1000498294-1635422406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 11:15:12
ComboFix-quarantined-files.txt 2012-08-29 10:15
.
Pre-Run: 59,331,743,744 bytes free
Post-Run: 58,802,008,064 bytes free
.
- - End Of File - - 10665735F4EB17B45DCB13E3B32B1472

**maxi** · 2012-08-29, 16:16

Hi davman

Step 1
Please download MiniToolBox.exe and save it to your Desktop.

Right click MiniToolBox and select " Run as administrator " to run it.
Check the following in the list:
Flush DNS.
Report IE proxy settings.
Reset IE proxy settings.
Report FF Proxy Settings
Reset FF Proxy Settings
List Winsock Entries
List Installed Programs
List Users, Partitions and Memory size
List contents of Hosts.
List IP Configuration.
List last 10 Event Viewer Errors.
List Windows version, partitions, and memory size.
Click Go.
A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
Please post the contents of the Result.txt in your next Reply.

Step 2
Please download Farbar Service Scanner and save it to your Desktop.

Double click FSS.exe to run it.
Press the "Scan" button.
When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
Please copy and paste the contents of the FSS.txt log to your next reply.

Step 3
Download

adware cleaner

Launch it click on Delete

post the generated log

In your next reply please include:
The minitoolbox log.
The FSS log.
The adware cleaner log.
If you can run aswmbr now ?
If the message is still there

Regards maxi

**davman** · 2012-08-30, 12:00

Hello Maxi,

The message is still present in he Action Centre and, hacing run all the programs from your last post, aswMBR is still failing at the same point in it's scan.

What are your thoughts about the infection at this point since it seems to be hard to detect?

Here are the logs you requested:

ADWCleaner Report:

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 10:36:29
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dave - DAVE-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Dave\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Dave\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-GB)

Profile name : default
File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kx2svetg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [1237 octets] - [30/08/2012 10:36:29]

########## EOF - C:\AdwCleaner[S1].txt - [1365 octets] ##########

FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Dave (administrator) on 30-08-2012 at 10:35:08
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox Report:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Dave (administrator) on 30-08-2012 at 10:31:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dave-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 7E-DD-08-DF-E5-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : surrey.ac.uk
Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 54-42-49-6A-A4-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-DD-08-DF-E5-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...7e dd 08 df e5 76 ......Microsoft Virtual WiFi Miniport Adapter
11...54 42 49 6a a4 fe ......Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
10...78 dd 08 df e5 76 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 10:27:13 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80042019)

Error: (08/30/2012 10:27:09 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (08/30/2012 10:27:09 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000)

Error: (08/29/2012 02:25:23 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80042019)

Error: (08/29/2012 02:25:23 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (08/29/2012 02:25:22 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000)

Error: (08/29/2012 10:54:15 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80042019)

Error: (08/29/2012 10:54:07 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (08/29/2012 10:54:04 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000)

Error: (08/27/2012 03:22:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp: 0x4f5f9c86
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0x1380
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

System errors:
=============
Error: (08/30/2012 10:27:38 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Content Importer service depends on the VAIO Media plus Device Searcher service which failed to start because of the following error:
%%-2147467259

Error: (08/30/2012 10:27:38 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Device Searcher service terminated with the following error:
%%-2147467259

Error: (08/30/2012 10:26:57 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (08/29/2012 02:25:20 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Content Importer service depends on the VAIO Media plus Device Searcher service which failed to start because of the following error:
%%-2147467259

Error: (08/29/2012 02:25:20 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Device Searcher service terminated with the following error:
%%-2147467259

Error: (08/29/2012 02:25:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (08/29/2012 11:12:11 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/29/2012 11:11:18 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/29/2012 11:07:37 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/29/2012 10:54:23 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Content Importer service depends on the VAIO Media plus Device Searcher service which failed to start because of the following error:
%%-2147467259

Microsoft Office Sessions:
=========================
Error: (08/30/2012 10:27:13 AM) (Source: VzCdbSvc)(User: )
Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80042019

Error: (08/30/2012 10:27:09 AM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (08/30/2012 10:27:09 AM) (Source: VzCdbSvc)(User: )
Description: {48512A59-C8A5-4805-9048-23C9E4194BFA}0x80042000

Error: (08/29/2012 02:25:23 PM) (Source: VzCdbSvc)(User: )
Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80042019

Error: (08/29/2012 02:25:23 PM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (08/29/2012 02:25:22 PM) (Source: VzCdbSvc)(User: )
Description: {48512A59-C8A5-4805-9048-23C9E4194BFA}0x80042000

Error: (08/29/2012 10:54:15 AM) (Source: VzCdbSvc)(User: )
Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80042019

Error: (08/29/2012 10:54:07 AM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (08/29/2012 10:54:04 AM) (Source: VzCdbSvc)(User: )
Description: {48512A59-C8A5-4805-9048-23C9E4194BFA}0x80042000

Error: (08/27/2012 03:22:15 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.16654f5f9c86ntdll.dll6.1.7601.177254ec49b8fc00000050002e41b138001cd845e557702b4C:\Users\Dave\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll98d73714-f052-11e1-bd33-5442496aa4fe

=========================== Installed Programs ============================

Leawo DVD to MP4 Converter version 4.3.0.0 (Version: 4.3.0.0)
7-Zip 9.20
AAS - Swatches Sound Bank
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Alps Pointing-device for VAIO
AMD APP SDK Runtime (Version: 2.5.684.213)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.60707.2331)
AngstroLooper 0.9 beta
Any Video Converter 3.3.7
Apple Application Support (Version: 1.3.2)
Applian FLV Player (Version: 2.0.25)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
ATI Catalyst Install Manager (Version: 3.0.833.0)
avast! Free Antivirus (Version: 7.0.1466.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0707.2346.40825)
Catalyst Control Center Core Implementation (Version: 2010.0113.2257.41150)
Catalyst Control Center Core Implementation (Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Full Existing (Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Full New (Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Light (Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Previews Common (Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Previews Common (Version: 2011.0707.2346.40825)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0920.2143.37117)
Catalyst Control Center InstallProxy (Version: 2010.0113.2257.41150)
Catalyst Control Center InstallProxy (Version: 2011.0707.2346.40825)
Catalyst Control Center Localization All (Version: 2010.0920.2143.37117)
ccc-core-static (Version: 2010.0920.2143.37117)
ccc-utility64 (Version: 2010.0920.2143.37117)
ccc-utility64 (Version: 2011.0707.2346.40825)
CCC Help Chinese Standard (Version: 2010.0113.2256.41150)
CCC Help Chinese Standard (Version: 2010.0920.2142.37117)
CCC Help Chinese Traditional (Version: 2010.0113.2256.41150)
CCC Help Chinese Traditional (Version: 2010.0920.2142.37117)
CCC Help Czech (Version: 2010.0920.2142.37117)
CCC Help Danish (Version: 2010.0920.2142.37117)
CCC Help Dutch (Version: 2010.0920.2142.37117)
CCC Help English (Version: 2010.0920.2142.37117)
CCC Help English (Version: 2011.0707.2345.40825)
CCC Help Finnish (Version: 2010.0920.2142.37117)
CCC Help French (Version: 2010.0920.2142.37117)
CCC Help German (Version: 2010.0920.2142.37117)
CCC Help Greek (Version: 2010.0920.2142.37117)
CCC Help Hungarian (Version: 2010.0920.2142.37117)
CCC Help Italian (Version: 2010.0920.2142.37117)
CCC Help Japanese (Version: 2010.0920.2142.37117)
CCC Help Korean (Version: 2010.0920.2142.37117)
CCC Help Norwegian (Version: 2010.0920.2142.37117)
CCC Help Polish (Version: 2010.0920.2142.37117)
CCC Help Portuguese (Version: 2010.0113.2256.41150)
CCC Help Portuguese (Version: 2010.0920.2142.37117)
CCC Help Russian (Version: 2010.0113.2256.41150)
CCC Help Russian (Version: 2010.0920.2142.37117)
CCC Help Spanish (Version: 2010.0920.2142.37117)
CCC Help Swedish (Version: 2010.0113.2256.41150)
CCC Help Swedish (Version: 2010.0920.2142.37117)
CCC Help Thai (Version: 2010.0113.2256.41150)
CCC Help Thai (Version: 2010.0920.2142.37117)
CCC Help Turkish (Version: 2010.0113.2256.41150)
CCC Help Turkish (Version: 2010.0920.2142.37117)
CCleaner (Version: 3.11)
Corel WinDVD (Version: 10.0.5.804)
Cossacks: Back to War
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.41.3.0173)
eLicenser Control
ERUNT 1.1j
Evernote (Version: 3.5.0.545)
GIMP 2.6.12 (Version: 2.6.12)
Google Chrome (Version: 21.0.1180.83)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 9.5.4.1001)
Intel(R) Turbo Boost Technology Driver (Version: 01.00.01.1002)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 16 (64-bit) (Version: 6.0.160)
Java(TM) 6 Update 34 (Version: 6.0.340)
Junk Mail filter update (Version: 15.4.3502.0922)
Machinehead GearCalc Pro (32 bit)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Media Gallery (Version: 1.1.1.11200)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mixxx 1.10.0 (Version: 1.10.0)
Mixxx 1.9.0 (64-bit) (Version: 1.9.0)
Mozilla Firefox 7.0.1 (x86 en-GB) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MusicStation (Version: 2.0.4.1199)
Native Instruments Massive (Version: 1.1.4.1901)
Native Instruments Service Center (Version: 2.1.3.318)
Noisebud MidiVu (Version: 1.0)
Norton Online Backup (Version: 1.2.20.0)
PMB (Version: 5.0.00.10260)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.0.01.11230)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.0.01.12010)
Rapport (Version: 3.5.1108.77)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5992)
Realtek High Definition Audio Driver (Version: 6.0.1.5992)
Reason 4.0 (Version: 4.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.183)
Salford FTN95 (Version: 4.90)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Setting Utility Series (Version: 5.1.0.11200)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Sony Home Network Library (Version: 2.0.1.10160)
Steam (Version: 1.0.0.0)
Steinberg Cubase 6 (Version: 6.0.0)
Steinberg Cubase 6 64bit (Version: 6.0.7)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.5.0)
Steinberg HALion Sonic SE 64bit (Version: 1.5.2)
Steinberg HALion Sonic SE Content (Version: 1.5.2.000)
Steinberg LoopMash Content (Version: 2.0.0.000)
Steinberg LoopMash Content 2 (Version: 1.0.0.000)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg VST Amp Rack Content 01 (Version: 1.0.0.000)
Steinberg VST Classics 1 64bit (Version: 1.0.0)
Steinberg VST Classics 2 64bit (Version: 1.0.0)
SUPERAntiSpyware (Version: 5.0.1136)
Switch Sound File Converter
swMSM (Version: 12.0.0.1)
Ubuntu (Version: 11.10-rev245)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
US-1641 driver
VAIO - PMB VAIO Edition Guide (Version: 1.5.00.03020)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.4.00.12020)
VAIO - Remote Keyboard (Version: 1.0.1.03020)
VAIO Care (Version: 5.0.3.11130)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.6.0.09250)
VAIO Content Metadata Intelligent Network Service Manager (Version: 3.6.0.09080)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080)
VAIO Content Monitoring Settings (Version: 2.4.1.09180)
VAIO Control Center (Version: 4.1.0.10160)
VAIO Data Restore Tool (Version: 1.2.0.09150)
VAIO DVD Menu Data (Version: 2.0.00.10130)
VAIO Entertainment Platform (Version: 3.6.0.09150)
VAIO Event Service (Version: 5.1.0.12010)
VAIO Gate (Version: 2.4.1.09230)
VAIO Gate Default (Version: 1.0.0.10290)
VAIO Hardware Diagnostics (Version: 3.9.1)
VAIO Marketing Tools
VAIO Media plus (Version: 2.0.1.10160)
VAIO Media plus Opening Movie (Version: 1.2.0.09100)
VAIO Movie Story Template Data (Version: 2.0.00.09240)
VAIO Original Function Settings (Version: 2.0.0.07010)
VAIO Personalization Manager (Version: 2.0.0.06220)
VAIO Power Management (Version: 5.0.0.11300)
VAIO Premium Partners (Version: 1.0)
VAIO Quick Web Access (Version: 1.2.2.3)
VAIO screensaver (Version: 1.0.0.0)
VAIO Smart Network (Version: 3.3.1.08110)
VAIO Transfer Support (Version: 1.1.2.06030)
VAIO Update (Version: 5.6.1.02150)
VAIO Update Merge Module x64 (Version: 5.5.19220)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VideoPad Video Editor
VirtualDJ Home FREE (Version: 7.0.4.1)
VU5x64 (Version: 1.0.0)
VU5x86 (Version: 1.0.0)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows XP Mode (Version: 1.3.7600.16423)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.4.2 (Version: 1.4.2)
Worms 3D (Version: 0.00.001)
ZYPianoChords

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 5998.07 MB
Available physical RAM: 4227.07 MB
Total Pagefile: 11994.32 MB
Available Pagefile: 9906.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:287.01 GB) (Free:54.86 GB) NTFS
7 Drive j: () (Removable) (Total:0.97 GB) (Free:0.3 GB) FAT

========================= Users: ========================================

User accounts for \\DAVE-VAIO

Administrator Dave Guest

**** End of log ****

**maxi** · 2012-08-30, 23:42

Hi davman

What are your thoughts about the infection at this point since it seems to be hard to detect?

I'm not too sure whats going on because your logs appear clean to me, But aswMRB wont run, This concerns me and as such I have consulted with my team. I will report back to you as soon as I can as many minds are better than mine

regards maxi

**maxi** · 2012-09-01, 11:35

Hi Davman

Could you take a screenshot of the message and post it here please.

Get the message up on your screen
Hold down the Function key, While still holding it down press the PRTSC key
Then open Microsoft Paint
Press the Paste button
You should then see your screenshot, Save it to your desktop
Then Post it here

Regards maxi

**davman** · 2012-09-01, 12:08

Morning Maxi,

I have attatched screenshots of aswMBR failure.

Regards,

davman

**maxi** · 2012-09-01, 14:11

Sorry davman

it was the original message from the "windows action centre" that I was after

**davman** · 2012-09-01, 15:26

Okay, sure =]

I have attached the action centre message. Clicking 'details' only shows the process of reccommended removal (which failed to remove the infection when I first discoverd the message).

Regards,

davman

Thread: Problem with TrojanDownloader:Win32/Adload.DA

Thread Tools

Display

Posting Permissions