Friends computer needs help

Resolved
By Chronus
Aug 15, 2011
Topic Status:
Not open for further replies.
  1. Friend asked me for help. could not update/uninstall malware, or avast manually.

    Had to download the installations fresh, and have the new installations uninstall, and then install to be able to update them. Ran avast, and it found several Trojans, and others. I'll post a log of that as well, even though it was not asked for. Some of the infected files is his Java, and so i will uninstall it, and reinstall as well. Thank you for your help.

    ~~~~~~~~~~~~~~~~~~~

    Avast Log:

    C:\Users\Josh\AppData\Local\Temp\Low\err.log483899610 | Win32:FakeAV-CEM [trj]
    C:\Users\Josh\AppData\Local\Temp\Low\naps0-update2.exe | Win32:downloader-JGF [Trj]
    C:\Users\Josh\AppData\Local\Temp\Low\wxocanesmr.exe | Win32:downloader-JGF [Trj]
    C:\Users\Josh\AppData\Local\Temp\tmph2193421472995431941.tmp | Win32:Dracus-C[Trj]

    Then 3, Java:Agent-NC [Expl] and 1 Java:Agent-MO [Expl]

    On Boot Log it also found

    Java:Agent-RQ [Expl]
    Java:Agent-RL [Expl]
    Java:Agent-RM [Expl]
    Java:Agent-RN [Expl]
    Java:Agent-RO [Expl]
    Java:Agent-RP [Expl]
    and an Other:malware-gen in Java deployment as well.



    ~~~~~~~~~~~~~

    Malwarebytes

    Malwarebytes' Anti-Malware 1.39
    Database version: 2462
    Windows 6.0.6001 Service Pack 1

    7/20/2009 7:37:34 PM
    mbam-log-2009-07-20 (19-37-34).txt

    Scan type: Quick Scan
    Objects scanned: 104029
    Time elapsed: 3 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    GMER


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-15 01:15:44
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3500620AS rev.HP24
    Running: dprb7v9s.exe; Driver: C:\Users\Josh\AppData\Local\Temp\kwldypow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90A89398]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    .ATTACHED


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/15/2009 2:02:02 PM
    System Uptime: 8/15/2011 1:04:43 AM (0 hours ago)
    .
    Motherboard: FOXCONN | | Irvine
    Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | Socket 775 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 254.099 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.581 GiB free.
    E: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.3
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    CoView
    Curse Client
    CyberLink DVD Suite Deluxe
    Enhanced Multimedia Keyboard Solution
    File Type Assistant
    Final Media Player 2011
    Free File Viewer 2011
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Demo
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet 1050 J410 series Help
    HP Deskjet 1050 J410 series Product Improvement Study
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP Photo Creations
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    InstallIQ Updater
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Juno Preloader
    League of Legends
    LightScribe Template Labeler
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 60 day trial
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XML Parser
    Mozilla Firefox (3.6.18)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    Norton Internet Security
    NVIDIA Control Panel 260.99
    NVIDIA Drivers
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    OGA Notifier 2.0.0048.0
    Pando Media Booster
    PCIe Soft Data Fax Modem with SmartCP
    Picasa 3
    PictureMover
    Power2Go
    PowerDirector
    Python 2.5.2
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sierra Utilities
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    Uniblue RegistryBooster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.0.1
    VoiceOver Kit
    Window Shopper
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinRAR archiver
    World of Warcraft
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== End Of File ===========================


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    DDS.


    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
    Run by Josh at 1:17:17 on 2011-08-15
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2940.1869 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\josh\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
    TCP: Interfaces\{712C7C62-26DF-4A5B-BED3-9F497B84D52A} : DhcpNameServer = 68.87.85.102 68.87.69.150
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2778349&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110606&user_guid=1B08C101052D46EF877A94F87AF4602A&machine_id=213b0f0d5c47af722f47fc1ad2a452b3&browser=FF&os=win&os_version=6.0-x86-SP2&q=
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}\components\FFExternalAlert.dll
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}\components\RadioWMPCore.dll
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}\components\FFExternalAlert.dll
    FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: MafiaBots.com Toolbar: {9c562686-dfb1-4de4-9711-0fc7b065a54e} - %profile%\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}
    FF - Ext: Dawn of the Dragons Community Toolbar: {cac9d76b-2b7f-4f42-918f-3470a847f562} - %profile%\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\programdatamozilla\extensions\superfish@superfish.com
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-14 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-14 309848]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/21 22:45:49];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-10-21 87536]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-14 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-14 54104]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-14 42184]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-2-12 207360]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-19 41272]
    S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-15 03:10:09 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-08-15 03:10:08 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-08-15 03:09:19 40112 ----a-w- c:\windows\avastSS.scr
    2011-08-15 03:09:02 -------- d-----w- c:\programdata\AVAST Software
    2011-08-15 03:09:02 -------- d-----w- c:\program files\AVAST Software
    2011-08-15 02:59:36 -------- d-----w- c:\users\josh\appdata\roaming\Uniblue
    2011-08-15 02:59:35 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-08-15 02:59:35 -------- d-----w- c:\program files\Uniblue
    2011-08-15 02:59:25 -------- d-----w- c:\users\josh\appdata\local\PackageAware
    2011-08-12 08:16:22 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3b9f86d8-8860-448d-9761-212b55998e5c}\mpengine.dll
    2011-08-09 22:25:53 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-09 22:25:53 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-09 22:25:51 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-07-19 23:53:02 -------- d-----w- c:\program files\World of Warcraft
    2011-07-19 23:53:02 -------- d-----w- c:\program files\common files\Blizzard Entertainment
    .
    ==================== Find3M ====================
    .
    2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
    2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-07 01:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 01:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 1:18:33.07 ===============
  2. Chronus

    Chronus TechSpot Enthusiast Topic Starter Posts: 130

    PS. I forgot to reinstall the Java before I left, so if you could walk him threw it, I would appreciate it. (He will be using my account, as I haven't convinced him to get his own.)

    Once again, thanks for your help.
  3. Chronus

    Chronus TechSpot Enthusiast Topic Starter Posts: 130

    lol

    Get my hopes up by makin it seem like I had a response lol *yes Im still up, kitty decided its NOT bed time.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You are off to a bad start! I have deleted the duplicate tread you started. http://www.techspot.com/vb/topic169394.html
    ==============================================
    You friends asked for help. I assume you told him you would help him. Now you are laying the whole thing here and you want us to do the work.

    Is there some reason why he doesn't want to sign up for a free membership, no strings? I would much rather do 1st party help than 3rd party. It's easier, it's quicker. I really don't like the setup where if I have a question about something, you have to go back to the friend and ask him, then come back here and tell me!

    Please have him set up the account in his name and I will be glad to help him with the malware. I do not want the responsibility of your letting him use your account.

    You've been a member for a few years and I would surely think what you ask is not a safe thing to do.
  5. Chronus

    Chronus TechSpot Enthusiast Topic Starter Posts: 130

    I do not know which topic you mentioned, either when i tried to rename this one in edit, or that was one from a long time ago. But I did not intentionally make a duplicate post.

    This site has helped me with computer problems for many years, and i have a full trust in the help i receive.

    As for the help my friend asked me for, it was because his anti-virus software got hijacked somehow. It wouldn’t update, wouldn't uninstall, and when he tried it told him he didn't have sufficient permission to uninstall and so forth. This was on both Avast, and Malwarebytes that I know of. I downloaded fresh install file for both. Avast was uninstalled and then reinstalled using this new installer. Malware bytes just installed. Didn’t give an option to uninstall it.

    After reinstalling them i ran the virus scan and found Trojans. So i ran the other scans that was asked, and posted here. I knew that you work step by step, and give instructions of what to do. Which he would then fallow and post the results, albeit, under my account name.

    As you do not wish him to use my account, which is fair, I will tell him he needs to make his own account, or he is out of luck.


    Sorry about the misunderstanding, and wasting your time.

    And thanks again for what you do for us,
    Chronus.


    PS. He has made his own account and re-posted the logs at http://www.techspot.com/vb/topic169402.html and is being helped by Broni.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thank you for referring your friend. He/She is off to a good start.
    I'll go ahead and close this thread.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.