Trojan

**sdy234** · 2013-12-10, 21:52

Hi,

spybot found malware and I tried to get rid of it on my own....

history:
Spybot found the TrojanC-05 and other enries, which it could not remove.
I used following programms to help me, next to Spybot:

- Kaspersky Antivirus
- Hijack this
- Trojan remover
- Tdsskiller from Kaspersky
- Malwarebytes
- ZoneAlarm

The engine got slower and slower (very annoying) and I didn't look right for help (was for example posting my question in the wrong thread....)
So I finally got so frustrated, that I did a Recovery. Knowing, the problem might not be gone, but was hoping (in my naivity) it would solve the problem. But....spybot still finds the Trojan and some other entries I do not really want to have.....

After Recovery I used:

- Hijackthis
- Malwarebytes
- Spybot
- Kaspersky

plus for this thread ERUNT, DDS, aswMBR and Spybot again.

Here the results as asked

- DDS
- Spybot (had to do a screenshot, sorry)
- aswMBR

Thank you!

sdy234

DDS (Ver_2012-11-20.01) - NTFS_AMD64
XXX Explorer: 11.0.9600.16428
Run by XXX at 13:48:08 on 2013-12-10
Microsoft Windows 7 Home Premium XXX
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Desktop\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.182.1
TCP: Interfaces\{914A5416-E57C-4B03-BCEF-885E61ED5964} : DHCPNameServer = 192.168.182.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hmdc28h5.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-12-09 22:03;

; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-12-09 22:03;

; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-12-09 22:03;

; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-12-09 22:04;

; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-12-09 22:04;

; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-12-9 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-12-9 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-12-9 13336]
R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-9 418376]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-9 701512]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-12-9 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2011-3-7 102400]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsnxc64.sys [2011-3-6 98816]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-12-9 259192]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-9 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-9 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-20 378472]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2013-12-9 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-9 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2013-12-9 550080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-12-9 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2013-12-9 19968]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2013-12-9 436776]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-12-9 39976]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-9 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-8 413800]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2013-12-9 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-12-9 1369136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IEEtwCollectorService;XXX Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-10 19:43:45 -------- d-----w- C:\Desktop
2013-12-10 13:38:49 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A7E9D27-AE75-4892-BA7D-37A29D93CECE}\offreg.dll
2013-12-10 06:13:03 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-10 06:13:03 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-12-10 06:11:39 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-10 06:11:39 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-10 06:11:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-10 06:07:30 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-10 06:07:30 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-10 06:05:24 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-10 06:05:23 -------- d-----w- C:\Windows\System32\Wat
2013-12-10 05:51:11 -------- d-----w- C:\Windows\System32\MRT
2013-12-10 05:43:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-10 05:43:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-10 05:43:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-10 05:43:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-10 05:43:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-10 05:32:40 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-10 05:31:59 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2013-12-10 05:30:49 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-12-10 05:27:48 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-12-10 05:26:59 77312 ----a-w- C:\Windows\System32\packager.dll
2013-12-10 05:26:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-12-10 05:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-12-10 05:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-12-10 05:26:58 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-12-10 05:26:58 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-12-10 05:26:58 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-12-10 05:26:57 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-10 05:26:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-10 05:26:57 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-10 05:23:17 -------- d-----w- C:\Update
2013-12-10 05:11:14 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-10 05:11:10 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A7E9D27-AE75-4892-BA7D-37A29D93CECE}\mpengine.dll
2013-12-10 05:01:33 -------- d-----w- C:\Windows\en
2013-12-10 05:01:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-10 05:01:03 -------- d-----w- C:\Windows\PCHEALTH
2013-12-10 04:53:35 -------- d-----w- C:\ProgramData\Norton
2013-12-10 04:53:22 -------- d-----w- C:\ProgramData\NortonInstaller
2013-12-10 04:49:47 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-12-10 04:46:19 -------- d-----w- C:\VAIO Sample Contents
2013-12-10 04:39:10 -------- d-----w- C:\Users\XXX\AppData\Local\Broadcom
2013-12-10 04:38:42 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-12-10 04:38:42 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-12-10 04:38:42 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2013-12-10 04:38:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-12-10 04:38:42 -------- d-----w- C:\Users\XXX\AppData\Local\Diagnostics
2013-12-10 04:36:38 -------- d--h--w- C:\SPLASH.000
2013-12-10 04:36:16 -------- d--h--w- C:\SPLASH.SYS
2013-12-10 04:35:56 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2013-12-10 04:25:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-12-10 04:25:32 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2013-12-10 04:24:52 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-10 04:24:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-10 04:24:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-10 04:22:37 -------- d-----w- C:\Users\XXX\AppData\Roaming\Malwarebytes
2013-12-10 04:22:22 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-10 04:22:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-10 04:20:50 -------- d-----w- C:\Users\XXX\AppData\Local\Apple
2013-12-10 04:20:35 -------- d-----w- C:\Program Files\Bonjour
2013-12-10 04:20:35 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-12-10 04:20:12 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2013-12-10 04:20:12 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-10 04:20:12 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2013-12-10 04:20:10 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2013-12-10 04:20:10 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2013-12-10 04:20:09 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2013-12-10 04:19:50 -------- d-----w- C:\Users\XXX\AppData\Local\Programs
2013-12-10 04:19:11 -------- d-----w- C:\Users\XXX\AppData\Local\Mozilla
2013-12-10 04:19:01 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-10 04:18:11 14112 ----a-w- C:\Windows\System32\drivers\regi.sys
2013-12-10 04:18:05 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo
2013-12-10 04:18:00 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2013-12-10 04:17:56 -------- d-----w- C:\ProgramData\Corel
2013-12-10 04:17:56 -------- d-----w- C:\Program Files (x86)\Corel
2013-12-10 04:17:31 -------- d-----w- C:\ProgramData\ArcSoft
2013-12-10 04:17:21 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-10 04:17:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-10 04:17:21 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-10 04:17:21 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-10 04:17:20 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-10 04:14:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-10 04:13:50 24912 ----a-w- C:\Windows\System32\dopdfmn7.dll
2013-12-10 04:13:50 21328 ----a-w- C:\Windows\System32\dopdfmi7.dll
2013-12-10 04:13:50 -------- d-----w- C:\Users\XXX\AppData\Roaming\Softland
2013-12-10 04:13:49 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-12-10 04:12:09 -------- d-----w- C:\_FS_SWRINFO
2013-12-10 04:12:08 -------- d-----w- C:\Documentation
2013-12-10 04:08:46 425472 ----a-w- C:\Windows\System32\SonyVideoProcessor.dll
2013-12-10 04:08:46 333824 ----a-w- C:\Windows\SysWow64\SonyVideoProcessor.dll
2013-12-10 04:08:24 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:08:22 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:04:25 -------- d-----w- C:\Windows\Downloaded Installations
2013-12-10 04:04:19 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-12-10 04:04:08 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2013-12-10 04:04:07 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2013-12-10 04:03:51 -------- d-----w- C:\Windows\ELAMBKUP
2013-12-10 04:03:49 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2013-12-10 04:03:48 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-12-10 04:03:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-12-10 04:03:36 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-12-10 04:02:44 -------- d-----w- C:\Program Files\PlayReady
2013-12-10 04:00:31 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-12-10 04:00:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-12-10 04:00:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-12-10 04:00:31 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-12-10 04:00:31 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-12-10 04:00:31 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-12-10 04:00:31 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-12-10 03:48:03 -------- d-----w- C:\Windows\Sonysys
2013-12-10 03:46:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-12-10 03:46:01 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2013-12-10 03:45:48 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2013-12-10 03:45:48 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2013-12-10 03:44:04 -------- d-----w- C:\Program Files (x86)\Sony
2013-12-10 03:40:10 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2013-12-10 03:40:08 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-12-10 03:40:01 -------- d-----w- C:\Program Files\Synaptics
2013-12-10 03:39:56 -------- d-----w- C:\Windows\SysWow64\SDA
2013-12-10 03:38:09 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-12-10 03:38:06 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-12-10 03:35:11 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-10 03:32:20 -------- d-----w- C:\Program Files\Broadcom
2013-12-10 03:31:49 436776 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2013-12-10 03:31:49 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2013-12-10 03:31:49 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2013-12-10 03:31:49 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2013-12-10 03:31:49 163880 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2013-12-10 03:31:49 150568 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2013-12-10 03:31:08 -------- d-----w- C:\Program Files\WIDCOMM
2013-12-10 03:29:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-12-10 03:29:07 -------- d-----w- C:\Program Files\Realtek
2013-12-10 03:26:03 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-12-10 03:26:01 -------- d-----w- C:\Intel
2013-12-10 03:21:53 -------- dc-h--w- C:\ProgramData\{869D8A73-BD74-4AF4-B35D-FA3A4ACE3875}
2013-12-10 03:21:53 -------- d-----w- C:\ProgramData\DDNi
2013-12-10 03:21:53 -------- d-----w- C:\Program Files (x86)\DDNi
2013-12-10 03:20:59 -------- d-----w- C:\ProgramData\Sony Corporation
2013-12-10 03:16:40 -------- d-----w- C:\Program Files\Sony
2013-12-10 03:14:59 -------- d-----w- C:\Windows\System32\WCN
2013-12-10 03:12:55 -------- d-----w- C:\Windows\SysWow64\VAIO Startup Setting Tool
.
==================== Find3M ====================
.
2013-12-10 06:09:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-10 03:14:29 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2013-12-10 03:14:24 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2013-12-10 03:14:24 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2013-12-10 03:14:17 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2013-12-10 03:14:16 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-12-10 03:14:12 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 13:48:43,26 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-10 13:58:03
-----------------------------
13:58:03.505 OS Version: Windows x64 6.1.7601 Service Pack 1
13:58:03.505 Number of processors: 8 586 0x2A07
13:58:03.506 ComputerName: XXX-VAIO UserName: XXX
13:58:05.104 Initialize success
14:04:16.631 AVAST engine defs: 13121000
14:04:44.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:04:44.945 Disk 0 Vendor: TOSHIBA_ GB00 Size: 476940MB BusType: 3
14:04:45.054 Disk 0 MBR read successfully
14:04:45.069 Disk 0 MBR scan
14:04:45.085 Disk 0 Windows 7 default MBR code
14:04:45.101 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11811 MB offset 2048
14:04:45.116 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24190976
14:04:45.147 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295027 MB offset 24395776
14:04:45.163 Disk 0 Partition - 00 0F Extended LBA 170000 MB offset 628611072
14:04:45.210 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169999 MB offset 628613120
14:04:45.350 Disk 0 scanning C:\Windows\system32\drivers
14:04:53.057 Service scanning
14:05:27.814 Modules scanning
14:05:27.829 Disk 0 trace - called modules:
14:05:27.860 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:05:27.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006359790]
14:05:27.876 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa80044f0b20]
14:05:27.876 5 ACPI.sys[fffff88000ee27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004876050]
14:05:29.046 AVAST engine scan C:\Windows
14:05:31.448 AVAST engine scan C:\Windows\system32
14:07:42.582 AVAST engine scan C:\Windows\system32\drivers
14:07:52.005 AVAST engine scan C:\Users\XXX
14:08:03.049 AVAST engine scan C:\ProgramData
14:08:56.573 Scan finished successfully
14:09:17.727 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
14:09:17.727 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"

**ken545** · 2013-12-26, 18:14

Sorry for the delay.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**sdy234** · 2013-12-27, 03:12

Thank you for an answer!!!!!
Problem is, we just moved into new appartement.
Our Internetprovider should have already installed the internet, but there are issues.... so I have only access to the net via my phone....

As much as I wished to download the mentioned programm, I just can`t do it right now.
They gave us a notice today, it might work on the 31st......

I am very sorry, i was hoping it might be done already....
Plus it bothers me a lot, that I can`t fix that laptop.....

Is there a chance to continue with your assistance, once I am online again?

I really am sorry, but without access to the net, I wont be able to do it.
And circumstances right now dont allow it to ask friends, because we just moved from far away to here.....starting at zero.

**ken545** · 2013-12-27, 03:18

Thanks for letting me know about your internet access. If its possible you can download that program via a known clean computer and transfer it by disk to the infected one and run it, if not I will gladly keep this thread open for you until you return, after the 31st if you think it will be a few days more please post back and let me know

Ken

**sdy234** · 2013-12-29, 03:54

Thank you so much for understanding.
I hope the internet works by the 31.12, if not I leave a message. But its really bothering without....

Sdy234

**ken545** · 2013-12-29, 13:37

**sdy234** · 2013-12-31, 14:29

Will see if it works by the end of the day. Provider wants to take care of.....

**sdy234** · 2014-01-01, 18:27

... without comment....
Now I hope its done by 01/07/14.....

.....

**ken545** · 2014-01-01, 18:48

OMG, you may want to look around for a new provider.

What exactly is the problem with no access ?

**sdy234** · 2014-01-03, 16:34

Looks like we stuck with that provider. Is kind of a new community....so hardware is missing. They are digging a whole across the street... I really hope they do fix it the next days...

I have a generic question, maybe a stupid one....

How secure is it to upload all these log files? Not that I really have sensitive information on my machine, really not. But was wondering if more advanced people with interest could exploit this data and try to snoop around...just for fun and hobby sake...

Am really sorry. But its the missing hardware that keeps me away from fixing my machine...

Sdy234

Thread: Trojan

Thread Tools

Display

Trojan

Posting Permissions