Jump to content

virusesmustdie

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by virusesmustdie

  1. Hi, I'm not sure why the second half of this post got deleted but here's the logs you asked for: (attached below). Thanks for your time.
  2. Hello, Sorry for the late reply, been really busy lately. Here's the log you asked for: p.s. I followed it step by step this time, hahaha. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.17.13 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16757 Admin :: JANE-LAPTOP [administrator] Protection: Enabled 10/17/2012 8:44:18 PM mbam-log-2012-10-17 (20-44-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 232737 Time elapsed: 10 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Hello again, Looks like we're almost there. Malwarebytes trial is now back on-line but unfortunately, I still can't update Windows or any AV programs/ Anti-malmare programs besides Malwarebytes.. man this infection is tough! Here's the Mbam Log: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.13.01 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16757 Admin :: JANE-LAPTOP [administrator] Protection: Enabled 10/13/2012 12:50:07 AM mbam-log-2012-10-13 (00-50-07).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 343019 Time elapsed: 50 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Quarantined and deleted successfully. HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Quarantined and deleted successfully. HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Quarantined and deleted successfully. HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully. HKCR\YontooIEClient.Layers.1 (Adware.Yontoo) -> Quarantined and deleted successfully. HKCR\YontooIEClient.Layers (Adware.Yontoo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files\Drop Down Deals\YontooIEClient.dll (Adware.Yontoo) -> Quarantined and deleted successfully. C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Adware.Yontoo) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\13.10.2012_00.41.47\tdlfs0000\tsk0007.dta (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\13.10.2012_00.41.47\tdlfs0000\tsk0010.dta (Malware.Gen) -> Quarantined and deleted successfully. (end)
  4. Hello Maniac, Thanks again for you help, it looks like it found and removed a rootkit but unfortunately, I still see some symptoms: (1) Stil can't update via windows update and I don't think it's going to let me install an AV program. (2) For some reason my trial for Malwarebytes Pro Protection ended abruptly short of the 13 day trial. Here's the logs you've asked for: (1) TDDS Log *** Attached Below (said it was too long to post) *** (2) Malwarebytes Log Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.11.03 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16757 Admin :: JANE-LAPTOP [administrator] Protection: Enabled 10/10/2012 9:38:40 PM mbam-log-2012-10-10 (21-38-40).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 359906 Time elapsed: 43 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\TDSSKiller_Quarantine\10.10.2012_21.23.05\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.Agent) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\10.10.2012_21.23.05\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\10.10.2012_21.23.05\mbr0000\tdlfs0000\tsk0012.dta (Malware.Gen) -> Quarantined and deleted successfully. (end) (3) DDS Log #2 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16757 BrowserJavaVersion: 1.6.0_23 Run by Admin at 22:31:07 on 2012-10-10 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1526.745 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\mobsync.exe C:\Program Files\Logitech\Logitech Vid\Vid.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://en.us.acer.yahoo.com mDefault_Page_URL = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0 uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Acer Tour Reminder] mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe" mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [Acer Tour] mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe mRun: [eRecoveryService] mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe dPolicies-system: DisableTaskMgr = 1 (0x1) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 192.168.253.14 TCP: Interfaces\{F8D06BCE-A473-47F9-BD24-483AE3E9FEE7} : DhcpNameServer = 192.168.253.14 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\nz1gm4bb.default\ FF - prefs.js: browser.startup.homepage - hxxp://msn.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-7 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-7 676936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-7 95232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-7 22856] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] . =============== Created Last 30 ================ . 2012-10-11 01:30:43 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-08 06:17:13 -------- d-----w- c:\programdata\AVAST Software 2012-10-08 06:17:13 -------- d-----w- c:\program files\AVAST Software 2012-10-08 01:32:46 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes 2012-10-08 01:32:34 -------- d-----w- c:\programdata\Malwarebytes 2012-10-08 01:32:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-08 01:32:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-10-11 01:36:56 735142 ----a-w- c:\windows\system32\PerfStringBackup.TMP . ============= FINISH: 22:32:01.06 =============== TDSSKiller.2.8.10.0_10.10.2012_21.23.05_log.txt
  5. Hello Maniac, Thank you for your help! I feared that it was in fact a backdoor virus due to the volume of viruses and its malicious nature but to Yes, I would like us to please fix the computer so that way my sister can at least retrieve documents from the comp, I just have two questions: (1) After we clean the comp, would it be safe to transfer pictures/documents from this computer to another comp? Or would I risk transferring the virus over to the newer comp? (2) Is it safe to connect this computer to our home internet, or am I risking spreading the virus to other computers via the router? Thanks! Here is the the Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 5/23/2007 8:37:37 AM System Uptime: 10/8/2012 1:30:23 AM (1 hours ago) . Motherboard: Acer, Inc. | | Prespa1 Processor: Intel® Celeron® M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 34 GiB total, 0.405 GiB free. D: is FIXED (NTFS) - 33 GiB total, 0.595 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acer Arcade Acer Assist Acer Empowering Technology Acer GridVista Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Acer Tour Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader X (10.0.1) Adobe Shockwave Player 11 Agere Systems HDA Modem Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft TotalMedia Backup & Record AutoUpdate Bonjour DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Intel® Graphics Media Accelerator Driver iTunes J2SE Runtime Environment 5.0 Update 12 Java Auto Updater Java 6 Update 23 Launch Manager LightScribe 1.4.136.1 LimeWire 5.5.16 Logitech Vid Logitech Webcam Software Logitech Webcam Software Driver Package Malwarebytes Anti-Malware version 1.65.0.1400 McAfee Security Scan Plus McAfee SiteAdvisor Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 4.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) NTI Backup NOW! 4.7 NTI CD & DVD-Maker NVIDIA Drivers QuickTime Realtek High Definition Audio Driver SUPERAntiSpyware Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Viewpoint Media Player . ==== Event Viewer Messages From Past Week ======== . 10/8/2012 1:30:49 AM, Error: EventLog [6008] - The previous system shutdown at 1:28:58 AM on 10/8/2012 was unexpected. 10/7/2012 9:42:29 PM, Error: Microsoft Antimalware [1014] - 10/7/2012 9:38:00 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/7/2012 9:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 10/7/2012 9:26:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 10/7/2012 9:26:39 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.12 for the Network Card with network address 00197E6A6F0A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 10/7/2012 9:18:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:39 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 9:18:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/7/2012 9:18:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/7/2012 9:17:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/7/2012 9:17:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/7/2012 9:17:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/7/2012 9:17:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} . ==== End Of File ===========================
  6. Hello, First off, I'd like to thank you for your help and time in helping me resolve this sitation. My situation is as follows: I'm attempting to fix my sister's old laptop because she needs it for school. Unfortunately, I don't think I've succeeded even after running my trusty Malwarebytes once to clean up all infections. So far here are the symptoms I've seen: (1) I cannot install any anti-virus program. I made a mistake of deleting her old Microsoft Security Essentials because I was going to replace it with Avast but I found out the hard way that whatever is in the laptop is preventing me from installing any anti-virus program. I downloaded and attempted to install Avast but I keep getting an error message, the same thing happened when I tried updating her old MSE program prior to uninstalling it. I've only been able to install Malwarebytes through a disk. (2) Everytime at start up I get a notification that Windows cannot check for updates. So far, I have not attempted to update any programs even though they are sorely out of date. I figured it was better to clean the laptop first before installing anything new. Here is the latest Malwarebytes log: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.07.04 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16757 Admin :: JANE-LAPTOP [administrator] Protection: Enabled 10/7/2012 9:35:05 PM mbam-log-2012-10-07 (21-35-05).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 343752 Time elapsed: 3 hour(s), 27 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Cralozi (IPH.Trojan.Hiloti.7B) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\ukijafecuficawa.dll",Startup -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{ED92A7AA-385B-5FC7-7A1F-CDDB4B5387AB} (Trojan.Agent) -> Data: C:\Users\Admin\AppData\Roaming\Ipxumo\pieli.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Media Player ACM (Trojan.Agent) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SQYJBiKnjSxs (Trojan.Agent) -> Data: C:\ProgramData\SQYJBiKnjSxs.exe -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Qnuva (Trojan.Hiloti) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\elevcecl.dll",Startup -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Files Detected: 26 C:\Windows\Temp\totm\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\uoxp\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\xfuv\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\egocarh.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ62PMQR\zzjwaaosf[1].htm (Adware.BHO) -> Quarantined and deleted successfully. C:\Temp\ee896009-2241-4d1a-94b7-8f476921cf1c\setup_onCP32fsp2.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\ukijafecuficawa.dll (IPH.Trojan.Hiloti.7B) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows Media\12.0\locale.cls (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1AVTAFW\fcppqhklp[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\ibbd\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Roaming\Ipxumo\pieli.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\ProgramData\SQYJBiKnjSxs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ykhyxo.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\hipq\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1AVTAFW\jjnaeeiz[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\Desktop\Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\Users\Jane\Desktop\Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\ProgramData\28630816.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGXVGXYG\tgtkk[1].htm (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1AVTAFW\pptgxlb[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Windows\Temp\goenlnjp.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\elevcecl.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. (end) (2) DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16757 BrowserJavaVersion: 1.6.0_23 Run by Admin at 2:24:08 on 2012-10-08 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1526.720 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\Logitech Vid\Vid.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\System32\svchost.exe -k secsvcs c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://en.us.acer.yahoo.com mDefault_Page_URL = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0 uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Acer Tour Reminder] mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe" mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [Acer Tour] mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe mRun: [eRecoveryService] mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe dPolicies-system: DisableTaskMgr = 1 (0x1) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{F8D06BCE-A473-47F9-BD24-483AE3E9FEE7} : DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\nz1gm4bb.default\ FF - prefs.js: browser.startup.homepage - hxxp://msn.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-7 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-7 676936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-7 95232] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-22 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-7 22856] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] . =============== Created Last 30 ================ . 2012-10-08 06:17:13 -------- d-----w- c:\programdata\AVAST Software 2012-10-08 06:17:13 -------- d-----w- c:\program files\AVAST Software 2012-10-08 01:32:46 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes 2012-10-08 01:32:34 -------- d-----w- c:\programdata\Malwarebytes 2012-10-08 01:32:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-08 01:32:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-10-08 05:37:01 735142 ----a-w- c:\windows\system32\PerfStringBackup.TMP . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6000 Disk: ST980811AS rev.3.ALD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85061555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x850677b0]; MOV EAX, [0x8506782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x81C27F37] -> \Device\Harddisk0\DR0[0x84486978] 3 nt[0x81CB07E2] -> ntkrnlpa!IofCallDriver[0x81C27F37] -> [0x83AC6858] 5 acpi[0x8066932A] -> ntkrnlpa!IofCallDriver[0x81C27F37] -> [0x83AD0BB0] \Driver\atapi[0x84ED76B0] -> IRP_MJ_CREATE -> 0x85061555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST980811AS______________________________3.ALD___#5&6e9d76b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 156301486 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 2:25:04.32 =============== ** I tried attaching the "Attach log" but I couldn't figure out how to compress the file. I right click and clicked on "send to" but all that came up was send to E-drive instead of compressed folder.
  7. Hi, Just to add to the conversation... if you're gonna get Avast Internet Security don't turn off Windows 7firewall. I asked on their forums if I should turn it off, and they told me that it's actually better to leave it on as it ofers IPv6 protection or something like that whereas Avast IS only ofers IP v4. I suppose they're desinged to work together? I use both and have had zero problems so far
  8. I recently found a virus on my laptop and it's called "Trojan.bifrose" (aka trojan.bifrost) under my webcam files. After further research on the virus found that this certain type of trojan allows a hacker to practically spy on you via taking a screenshot of your desktop and worse of all viewing you via your webcam I guess my question is, (1) is the virus really gone now after superantispyware found it and deleted it insafe mode? and; (2) Can the hacker still see me even if I deleted my webcam files?
  9. Ello I think I got a virus when I connected to my neighbor's wifi but I'm not sure but I suspected that I had the virus when I noticed that my laptop was slow and sure enough I found something during a scan with Superantispyware in safe mode. Here is what it found: (1) Superantispyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/13/2012 at 09:49 PM Application Version : 5.0.1142 Core Rules Database Version : 8134 Trace Rules Database Version: 5946 Scan type : Complete Scan Total Scan Time : 00:33:26 Operating System Information Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002) UAC Off - Administrator Memory items scanned : 364 Memory threats detected : 0 Registry items scanned : 35641 Registry threats detected : 0 File items scanned : 29527 File threats detected : 3 Trojan.Agent/Gen-Bifrose C:\DRV\CCD\LOGITECH\TECHSUPT\CLEANUPDS9\CLEANUPDS9.EXE C:\DRV\CCD\LOGITECH\TECHSUPT\CLEANUPIS6\CLEANUPIS6.EXE C:\DRV\CCD\LOGITECH\TECHSUPT\CLEANUPQCAM9\CLEANUPQC9.EXE (2) Malwarebytes Quick Scan Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.20.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: MARK-LAPTOP [administrator] 1/20/2012 4:34:26 PM mbam-log-2012-01-20 (16-34-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186169 Time elapsed: 4 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.20.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: MARK-LAPTOP [administrator] 1/20/2012 4:34:26 PM mbam-log-2012-01-20 (16-34-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186169 Time elapsed: 4 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) (3) DDS logs and attach.zip *******attached below*****' . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Admin at 15:55:30 on 2012-01-20 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1525.706 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com mStart Page = hxxp://en.us.acer.yahoo.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [Acer Tour Reminder] mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe" mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{DEFEA80A-6F5A-490F-8D7D-B3DEE25F9992} : DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\2sc5cq51.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-12 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-12 314456] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-12 20568] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-12 55128] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-12 44768] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-7-15 240184] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SafeBox;SafeBox;"c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe" --> c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-8-3 62544] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-01-20 20:51:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-20 14:25:32 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{214b5cbf-7b28-4faf-9fb8-45d12f36be88}\mpengine.dll 2012-01-14 03:32:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-01-11 00:06:42 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 00:06:40 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 00:06:40 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 00:06:36 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 00:06:00 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 00:05:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-01-11 00:05:49 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 00:05:48 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 00:05:42 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-11 00:05:41 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-11 00:05:41 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-11 00:05:41 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-11 00:05:40 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-11 00:05:40 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-10 22:10:28 -------- d-----w- c:\users\admin\appdata\local\Secunia PSI 2012-01-10 22:10:14 -------- d-----w- c:\program files\Secunia 2012-01-03 22:23:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-03 22:23:03 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2012-01-03 22:23:03 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll 2012-01-03 22:23:02 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-01-03 22:23:01 1798144 ----a-w- c:\windows\system32\jscript9.dll 2012-01-03 22:23:00 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll 2012-01-03 22:22:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-01-03 22:19:26 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-01-03 22:19:26 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-01-03 22:19:26 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-01-03 22:19:26 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-01-03 21:05:08 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-01-03 21:05:07 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-03 21:04:59 429056 ----a-w- c:\windows\system32\EncDec.dll 2012-01-03 21:03:40 2043904 ----a-w- c:\windows\system32\win32k.sys 2012-01-03 21:03:01 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-01-03 21:02:54 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2012-01-10 22:16:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-26 01:31:20 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 15:56:11.75 =============== Bump (just in case it gets lost within the thousands of other requests) Also, is it ok if installed Comodo firewall today in order to prevent any viruses from spreading, if they are inded still present? Thanks! DDS.txt Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.