Resolved Friends computer needs help

[Chronus]

Friend asked me for help. could not update/uninstall malware, or avast manually.

Had to download the installations fresh, and have the new installations uninstall, and then install to be able to update them. Ran avast, and it found several Trojans, and others. I'll post a log of that as well, even though it was not asked for. Some of the infected files is his Java, and so i will uninstall it, and reinstall as well. Thank you for your help.

~~~~~~~~~~~~~~~~~~~

Avast Log:

C:\Users\Josh\AppData\Local\Temp\Low\err.log483899610 | Win32:FakeAV-CEM [trj]
C:\Users\Josh\AppData\Local\Temp\Low\naps0-update2.exe | Win32:downloader-JGF [Trj]
C:\Users\Josh\AppData\Local\Temp\Low\wxocanesmr.exe | Win32:downloader-JGF [Trj]
C:\Users\Josh\AppData\Local\Temp\tmph2193421472995431941.tmp | Win32racus-C[Trj]

Then 3, Java:Agent-NC [Expl] and 1 Java:Agent-MO [Expl]

On Boot Log it also found

Java:Agent-RQ [Expl]
Java:Agent-RL [Expl]
Java:Agent-RM [Expl]
Java:Agent-RN [Expl]
Java:Agent-RO [Expl]
Java:Agent-RP [Expl]
and an Other:malware-gen in Java deployment as well.



~~~~~~~~~~~~~

Malwarebytes

Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 6.0.6001 Service Pack 1

7/20/2009 7:37:34 PM
mbam-log-2009-07-20 (19-37-34).txt

Scan type: Quick Scan
Objects scanned: 104029
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-15 01:15:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3500620AS rev.HP24
Running: dprb7v9s.exe; Driver: C:\Users\Josh\AppData\Local\Temp\kwldypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90A89398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.ATTACHED


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2009 2:02:02 PM
System Uptime: 8/15/2011 1:04:43 AM (0 hours ago)
.
Motherboard: FOXCONN | | Irvine
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | Socket 775 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 254.099 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.581 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CoView
Curse Client
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
File Type Assistant
Final Media Player 2011
Free File Viewer 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Photo Creations
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
InstallIQ Updater
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Juno Preloader
League of Legends
LightScribe Template Labeler
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Norton Internet Security
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
OGA Notifier 2.0.0048.0
Pando Media Booster
PCIe Soft Data Fax Modem with SmartCP
Picasa 3
PictureMover
Power2Go
PowerDirector
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sierra Utilities
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Requirements Lab
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
VoiceOver Kit
Window Shopper
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS.


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
Run by Josh at 1:17:17 on 2011-08-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2940.1869 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\josh\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{712C7C62-26DF-4A5B-BED3-9F497B84D52A} : DhcpNameServer = 68.87.85.102 68.87.69.150
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2778349&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110606&user_guid=1B08C101052D46EF877A94F87AF4602A&machine_id=213b0f0d5c47af722f47fc1ad2a452b3&browser=FF&os=win&os_version=6.0-x86-SP2&q=
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}\components\FFExternalAlert.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}\components\RadioWMPCore.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}\components\FFExternalAlert.dll
FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\42e7iktf.default\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: MafiaBots.com Toolbar: {9c562686-dfb1-4de4-9711-0fc7b065a54e} - %profile%\extensions\{9c562686-dfb1-4de4-9711-0fc7b065a54e}
FF - Ext: Dawn of the Dragons Community Toolbar: {cac9d76b-2b7f-4f42-918f-3470a847f562} - %profile%\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\programdatamozilla\extensions\superfish@superfish.com
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-14 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-14 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/21 22:45:49];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-10-21 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-14 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-14 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-14 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-2-12 207360]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-19 41272]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-15 03:10:09 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-15 03:10:08 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-15 03:09:19 40112 ----a-w- c:\windows\avastSS.scr
2011-08-15 03:09:02 -------- d-----w- c:\programdata\AVAST Software
2011-08-15 03:09:02 -------- d-----w- c:\program files\AVAST Software
2011-08-15 02:59:36 -------- d-----w- c:\users\josh\appdata\roaming\Uniblue
2011-08-15 02:59:35 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-15 02:59:35 -------- d-----w- c:\program files\Uniblue
2011-08-15 02:59:25 -------- d-----w- c:\users\josh\appdata\local\PackageAware
2011-08-12 08:16:22 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3b9f86d8-8860-448d-9761-212b55998e5c}\mpengine.dll
2011-08-09 22:25:53 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 22:25:53 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 22:25:51 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-19 23:53:02 -------- d-----w- c:\program files\World of Warcraft
2011-07-19 23:53:02 -------- d-----w- c:\program files\common files\Blizzard Entertainment
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-07 01:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 01:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:18:33.07 ===============

 

[Chronus]

PS. I forgot to reinstall the Java before I left, so if you could walk him threw it, I would appreciate it. (He will be using my account, as I haven't convinced him to get his own.)

Once again, thanks for your help.

 

[Chronus]

lol

Get my hopes up by makin it seem like I had a response lol *yes Im still up, kitty decided its NOT bed time.

 

[Bobbye]

You are off to a bad start! I have deleted the duplicate tread you started. https://www.techspot.com/vb/topic169394.html
==============================================
You friends asked for help. I assume you told him you would help him. Now you are laying the whole thing here and you want us to do the work.

Is there some reason why he doesn't want to sign up for a free membership, no strings? I would much rather do 1st party help than 3rd party. It's easier, it's quicker. I really don't like the setup where if I have a question about something, you have to go back to the friend and ask him, then come back here and tell me!

Please have him set up the account in his name and I will be glad to help him with the malware. I do not want the responsibility of your letting him use your account.

You've been a member for a few years and I would surely think what you ask is not a safe thing to do.

 

[Chronus]

I do not know which topic you mentioned, either when i tried to rename this one in edit, or that was one from a long time ago. But I did not intentionally make a duplicate post.

This site has helped me with computer problems for many years, and i have a full trust in the help i receive.

As for the help my friend asked me for, it was because his anti-virus software got hijacked somehow. It wouldn’t update, wouldn't uninstall, and when he tried it told him he didn't have sufficient permission to uninstall and so forth. This was on both Avast, and Malwarebytes that I know of. I downloaded fresh install file for both. Avast was uninstalled and then reinstalled using this new installer. Malware bytes just installed. Didn’t give an option to uninstall it.

After reinstalling them i ran the virus scan and found Trojans. So i ran the other scans that was asked, and posted here. I knew that you work step by step, and give instructions of what to do. Which he would then fallow and post the results, albeit, under my account name.

As you do not wish him to use my account, which is fair, I will tell him he needs to make his own account, or he is out of luck.


Sorry about the misunderstanding, and wasting your time.

And thanks again for what you do for us,
Chronus.


PS. He has made his own account and re-posted the logs at https://www.techspot.com/vb/topic169402.html and is being helped by Broni.

 

[Bobbye]

Thank you for referring your friend. He/She is off to a good start.
I'll go ahead and close this thread.