Trojan

[ken545]

The logs you post on this forum shows no personal information , so dont ever post your email, home address or a phone number and you will be fine

[sdy234]

...switch of provider (internet).... hope it works by the end of the day.....

[sdy234]

...switch of provider (internet).... hope it works by the end of the day.....

Was less worried about personal information then more of information about programmes which are not updated or are weaknesses (flash, internet explorer...)

[sdy234]

...finally..... thank you sooo much for your patience!!!!!!!!!!!!!!!!!!!!!!!!!!
We changed the provider. And it got fixed today

I followed the instructions, I thought Spybot was disabled.... but it was not.
I even didn t get asked to install the windows console.....
But anyway.... here is the log, that combofix created.
I hope this helps

ComboFix 14-01-04.03 - XXX 06.01.2014 23:31:25.1.8 - x64
Microsoft Windows 7 Home Premium [GMT -6:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
AV: Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-07 to 2014-01-07 )))))))))))))))))))))))))))))))
.
.
2014-01-07 05:36 . 2014-01-07 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 04:09 . 2014-01-07 04:23 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-07 04:09 . 2014-01-07 04:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 04:09 . 2014-01-07 04:09 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 04:09 . 2014-01-07 04:09 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-07 04:09 . 2014-01-07 04:09 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-07 04:09 . 2014-01-07 04:09 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-07 04:09 . 2014-01-07 04:09 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-07 04:09 . 2014-01-07 04:09 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-07 04:09 . 2014-01-07 04:09 43152 ----a-w- c:\windows\avastSS.scr
2014-01-07 04:07 . 2014-01-07 04:07 -------- d-----w- c:\programdata\AVAST Software
2014-01-07 02:27 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2014-01-07 02:27 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-07 02:27 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-07 02:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74EEE8ED-5EC1-47EA-A19F-3B70FF0FC0A2}\mpengine.dll
2013-12-28 20:27 . 2013-12-28 20:28 -------- d-----w- c:\users\XXX
2013-12-16 07:49 . 2013-12-16 07:49 -------- d-----w- c:\programdata\Canneverbe Limited
2013-12-16 07:28 . 2013-12-16 07:29 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator
2013-12-10 19:43 . 2013-12-10 19:43 -------- d-----w- C:\Desktop
2013-12-10 06:31 . 2014-01-07 03:25 -------- d-----w- c:\users\xxx
2013-12-10 06:15 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 06:13 . 2013-12-10 06:13 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 06:13 . 2013-12-10 06:13 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 06:11 . 2013-12-10 06:11 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-10 06:11 . 2013-12-10 06:11 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-10 06:11 . 2013-12-10 06:11 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-10 06:07 . 2013-12-10 06:07 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-12-10 06:07 . 2013-12-10 06:07 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- c:\windows\SysWow64\Wat
2013-12-10 06:05 . 2013-12-10 06:05 -------- d-----w- c:\windows\system32\Wat
2013-12-10 05:51 . 2014-01-07 03:45 -------- d-----w- c:\windows\system32\MRT
2013-12-10 05:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-12-10 05:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-12-10 05:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-12-10 05:32 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-12-10 05:31 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-12-10 05:30 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-12-10 05:27 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-12-10 05:26 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-12-10 05:26 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-12-10 05:26 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-12-10 05:26 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-12-10 05:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-12-10 05:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-12-10 05:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-12-10 05:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-12-10 05:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-12-10 05:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-12-10 05:23 . 2013-12-10 05:23 -------- d-----w- C:\Update
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\windows\en
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Windows Live
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\windows\PCHEALTH
2013-12-10 05:01 . 2013-12-10 05:01 -------- d-----w- c:\program files\Windows Live
2013-12-10 04:53 . 2013-12-10 03:48 -------- d-----w- c:\programdata\Norton
2013-12-10 04:49 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Microsoft
2013-12-10 04:46 . 2013-12-10 04:46 -------- d-----w- C:\VAIO Sample Contents
2013-12-10 04:38 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-10 04:38 . 2009-09-05 01:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-12-10 04:36 . 2013-12-10 04:36 -------- d-----w- C:\SPLASH.000
2013-12-10 04:36 . 2013-12-10 04:36 -------- d-----w- C:\SPLASH.SYS
2013-12-10 04:35 . 2013-12-10 04:35 -------- d-----w- c:\program files (x86)\Downloaded Installations
2013-12-10 04:25 . 2013-12-10 04:25 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-12-10 04:25 . 2007-07-20 02:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2013-12-10 04:25 . 2006-03-31 20:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2013-12-10 04:24 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2013-12-10 04:24 . 2013-12-10 14:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-10 04:24 . 2013-12-10 05:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-12-10 04:22 . 2013-12-10 04:22 -------- d-----w- c:\programdata\Malwarebytes
2013-12-10 04:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files\Common Files\Apple
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files\Bonjour
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Bonjour
2013-12-10 04:20 . 2013-12-10 04:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-12-10 04:20 . 2013-12-10 04:20 -------- d-----w- c:\programdata\Apple
2013-12-10 04:20 . 2003-03-19 06:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2013-12-10 04:20 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-10 04:17 . 2013-12-10 04:17 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2013-12-10 04:14 . 2013-12-10 04:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-12-10 04:14 . 2013-12-10 04:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-12-10 04:13 . 2011-06-09 17:33 24912 ----a-w- c:\windows\system32\dopdfmn7.dll
2013-12-10 04:13 . 2011-06-09 17:33 21328 ----a-w- c:\windows\system32\dopdfmi7.dll
2013-12-10 04:13 . 2010-02-05 21:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- c:\windows\SysWow64\Macromed
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- C:\_FS_SWRINFO
2013-12-10 04:12 . 2013-12-10 04:12 -------- d-----w- C:\Documentation
2013-12-10 04:08 . 2011-03-08 22:39 425472 ----a-w- c:\windows\system32\SonyVideoProcessor.dll
2013-12-10 04:08 . 2011-03-08 22:39 333824 ----a-w- c:\windows\SysWow64\SonyVideoProcessor.dll
2013-12-10 04:08 . 2008-09-25 02:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:08 . 2008-09-25 02:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\eBayGadget.Gadget\Bin\eBayGadget.dll
2013-12-10 04:04 . 2013-12-10 04:04 -------- d-----w- c:\windows\Downloaded Installations
2013-12-10 04:04 . 2014-01-07 04:01 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-10 04:02 . 2013-12-10 04:02 -------- d-----w- c:\program files\PlayReady
2013-12-10 03:56 . 2013-12-10 03:56 -------- d-----w- c:\program files\Microsoft Office
2013-12-10 03:48 . 2013-12-10 05:00 -------- d-----w- c:\windows\Sonysys
2013-12-10 03:46 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-10 03:46 . 2013-12-10 03:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-12-10 03:46 . 2013-12-10 03:46 -------- d-----w- c:\program files (x86)\Java
2013-12-10 03:46 . 2013-12-10 03:45 521448 ----a-w- c:\windows\system32\deployJava1.dll
2013-12-10 03:46 . 2013-12-10 03:45 189216 ----a-w- c:\windows\system32\javaws.exe
2013-12-10 03:46 . 2013-12-10 03:45 171808 ----a-w- c:\windows\system32\javaw.exe
2013-12-10 03:46 . 2013-12-10 03:45 171808 ----a-w- c:\windows\system32\java.exe
2013-12-10 03:45 . 2013-12-10 03:45 -------- d-----w- c:\program files\Java
2013-12-10 03:45 . 2013-12-10 04:20 -------- d-----w- c:\program files\Common Files\Sony Shared
2013-12-10 03:45 . 2013-12-10 04:20 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2013-12-10 03:44 . 2013-12-10 04:49 -------- d-----w- c:\program files (x86)\Sony
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\program files (x86)\Renesas Electronics
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\programdata\Downloaded Installations
2013-12-10 03:40 . 2013-12-10 03:40 -------- d-----w- c:\program files\Synaptics
2013-12-10 03:39 . 2013-12-10 03:39 -------- d-----w- c:\windows\SysWow64\SDA
2013-12-10 03:38 . 2011-03-07 20:47 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2013-12-10 03:38 . 2013-12-10 03:38 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2013-12-10 03:35 . 2014-01-07 04:06 -------- d-----w- c:\programdata\NVIDIA
2013-12-10 03:35 . 2013-12-10 04:25 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-12-10 03:32 . 2013-12-10 03:32 -------- d-----w- c:\program files\Broadcom
2013-12-10 03:31 . 2011-04-01 20:16 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2013-12-10 03:31 . 2011-04-01 20:16 22056 ----a-w- c:\windows\system32\btwcoins.dll
2013-12-10 03:31 . 2011-04-01 20:16 163880 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2013-12-10 03:31 . 2011-04-01 20:16 436776 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2013-12-10 03:31 . 2011-04-01 20:16 150568 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2013-12-10 03:31 . 2011-04-01 20:15 39976 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2013-12-10 03:31 . 2013-12-10 03:31 -------- d-----w- c:\program files\WIDCOMM
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 03:25 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-10 06:12 . 2013-12-10 06:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-10 03:14 . 2013-12-10 03:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2013-12-10 03:14 . 2013-12-10 03:14 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-12-10 03:14 . 2013-12-10 03:14 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2013-11-26 18:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="e:\program files\AvastUI.exe" [2014-01-07 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="e:\program files\setup\emupdate\2c43906b-fbef-43b8-a4be-01dd643795bb.exe" [2014-01-07 181136]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\desktop\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;xxx Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSTM
*NewlyCreated* - ASWVMM
*NewlyCreated* - ZIZQFWLY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-07 04:09 287280 ----a-w- e:\program files\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-07 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-07 2188904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uxxx Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hmdc28h5.default\
FF - ExtSQL: 2014-01-06 22:09; wrc@avast.com; e:\program files\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-06 23:37:39
ComboFix-quarantined-files.txt 2014-01-07 05:37
.
Pre-Run: 263.609.458.688 bytes free
Post-Run: 264.451.641.344 bytes free
.
- - End Of File - - ACFF37E3806A510174A6E6C0A59B3728

[sdy234]

...what exactly is that report telling? would really like to understand it...... what is the difference to the other reports???? (malwarebytes...)

wish I could read and understand it................

[ken545]

Good Morning,

Glad your back up and running

If you had bad entries or files on your system from malware Combofix would have removed them and nothing was removed, its possible that TrojanC-05 was a false positive that spybot found.

Lets run another scanner and see, you will need the 64 bit version

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[sdy234]

Hi!

Sounds good so far..... would prefer a false positive...........

Here the new logs:


...tried to copy the text in here, but the content was to big. I was not able to post it.....

That's why I upload the files............

Sorry!

sdy234

[sdy234]

The FRST file is too big. Am working on it..................need a zip programm...............................

[ken545]

Just attach the log file in your next reply

[sdy234]

1412.5 KB...... can't copy the content in nor upload the file.....
have issues to instal the zip tool....for some reason it won t let me.................

any idea?

Thank you!