 | |
| |
| 09 Aug 2012 | |
| Win7 x 6 PC's 36,547 posts California, Florida, Boston | Multiple serious infections Trying to help a friend whose system was frozen with files hidden. Avast boot scan found numerous infections which it doesn't seem to fix since I've run it three times. So did Combofix after rKill, which unhid the files and otherwise restored performance. Still we get a popup at every boot from PC Optimizer Pro claiming numerous infections. Avast boot scan log: Code: 10/26/2011 17:41
Scan of all local drives
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux$zordo.class is infected by Java:Agent-TB [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Deleted
----------------------------------------
08/08/2012 20:38
Scan of all local drives
File C:\ProgramData\IzoeBi1ZSaHfSx.exe is infected by Win32:Dropper-gen [Drp], Deleted
File C:\Users\David\AppData\Local\myoieyec.exe is infected by Win32:MalOb-GF [Cryp], Deleted
File C:\Users\David\AppData\Local\Temp\eEPJSrKBEl07iN.exe.tmp is infected by Win32:Rootkit-gen [Rtk], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\39db9912-13fb5790 is infected by Win32:MalOb-GF [Cryp], Deleted
Number of searched folders: 44301
Number of tested files: 265580
Number of infected files: 4
----------------------------------------
08/09/2012 10:03
Scan of all local drives
File C:\ProgramData\AVAST Software\Avast\log\unp192751541.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC000007B {Bad Image}, Delete: Error 0xC0000034 {Object Name not found.}, Delete: Error 0xC0000034 {Object Name not found.}, Delete: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}
File C:\ProgramData\AVAST Software\Avast\log\ Error 0xC000000D {An invalid parameter was passed to a service or function.}
File C:\ProgramData\AVAST Software\Avast\log\unp49058768.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp53929307.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp70394681.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp80668799.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zom2.class is infected by Java:Agent-ATN [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\armin.class is infected by Java:Agent-AIY [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\erandus.class is infected by Java:Agent-AIZ [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\lindsa.class is infected by Java:Agent-AJA [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\opkat.class is infected by Java:Agent-AIX [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\oplef.class is infected by Java:Agent-AJC [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\rekona.class is infected by Java:Agent-AJB [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\300446c-1c88125b|>Wiki.class is infected by Java:Agent-AOY [Trj], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4911143c-1642ce2b|>notana.class is infected by Java:Agent-ANE [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-7e37a8aa|>main.class is infected by Java:Agent-AXI [Expl], Deleted
File C:\Windows\temp\_avast_\unp231066075.tmp|>nsis.hdr is infected by NSIS:Malware-gen [Trj], Deleted
Number of searched folders: 15948
Number of tested files: 453402
Number of infected files: 20 So I run rkill followed by Combofix. As Combofix is loading I get a popup from Avast saying rootkit found MBR:Alureo whose file name is Rootkit.narr. It wants me to Delete it and run the Boot scan again. Combofix report: Code: ComboFix 12-08-09.01 - David 08/09/2012 11:31:56.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2975.2120 [GMT -7:00]
Running from: c:\users\David\Desktop\svchost.exe.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
.
---- Previous Run -------
.
c:\users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\David\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 05:48 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AFD2CF20-1D69-4B5A-90E5-AEFC5E1D024A}\mpengine.dll
2012-08-09 04:14 . 2012-08-09 04:14 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-09 04:14 . 2012-08-09 04:14 -------- d-----w- c:\windows\Windows Defender Offline
2012-08-09 03:34 . 2012-08-09 05:45 -------- d-----w- C:\ComboFix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2011-04-09 04:54 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-24 00:31 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-09 04:54 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-04-09 04:54 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-04-09 04:54 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-04-09 04:54 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-04-09 04:53 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-04-09 04:53 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-31 19:25 . 2011-04-09 01:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-26 01:47 . 2011-05-31 05:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_06.29.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 15:09 . 2012-06-02 22:19 45080 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wups2.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 53784 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
+ 2012-08-09 15:09 . 2012-06-02 22:12 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuapp.exe
+ 2012-08-09 15:09 . 2012-06-02 22:19 35864 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wups.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12 88576 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wudriver.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14 48640 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14 48640 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14 48640 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14 48640 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 84480 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwdui.dll
+ 2011-06-02 06:15 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpvideominiport.sys
+ 2011-06-02 06:15 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpvideominiport.sys
+ 2012-01-16 22:33 . 2011-11-17 05:34 15872 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\sspisrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:34 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\secur32.dll
+ 2012-01-16 22:33 . 2011-11-17 05:29 22528 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
+ 2012-01-16 22:33 . 2011-11-17 05:39 15360 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\sspisrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:39 99840 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\sspicli.dll
+ 2012-01-16 22:33 . 2011-11-17 05:39 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\secur32.dll
+ 2012-01-16 22:33 . 2011-11-17 05:36 22528 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
+ 2012-08-09 15:09 . 2012-06-02 22:19 45080 c:\windows\System32\wups2.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 35864 c:\windows\System32\wups.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12 88576 c:\windows\System32\wudriver.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 53784 c:\windows\System32\wuauclt.exe
- 2011-06-02 06:14 . 2010-11-20 12:17 33792 c:\windows\System32\wuapp.exe
+ 2012-08-09 15:09 . 2012-06-02 22:12 33792 c:\windows\System32\wuapp.exe
+ 2011-04-09 03:55 . 2012-08-09 18:01 34332 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-09 18:01 41164 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-31 05:38 . 2012-08-09 06:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-31 05:38 . 2012-08-09 06:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-31 05:38 . 2012-08-09 06:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 22:19 . 2012-06-02 22:19 73088 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:34 . 2012-08-09 17:02 87696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.22012_none_8afce0390e381ffd\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17857_none_8a4d2d0df5363b68\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.21227_none_8910b4b911154eb5\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.17036_none_887b45d1f800b45e\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_8afd24910e37d31a\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_8910f911111501d2\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_887b8a29f800677b\msxml3r.dll
+ 2011-04-09 01:14 . 2012-08-09 18:01 8152 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3806059188-2109455386-291866110-1001_UserData.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13 9560 c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_48.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13 4280 c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_32.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13 2456 c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_24.bin
- 2012-08-09 05:37 . 2012-08-09 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:00 . 2012-08-09 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:00 . 2012-08-09 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 05:37 . 2012-08-09 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 15:09 . 2012-06-02 22:19 171904 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuwebv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 577048 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wuapi.dll
+ 2011-06-02 06:15 . 2010-11-20 12:29 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\FWPKCLNT.SYS
+ 2009-07-13 23:47 . 2009-07-14 01:15 484352 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15 672768 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 484352 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15 672768 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 484352 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15 672768 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15 484352 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15 672768 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\InkSeg.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16 126464 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 216064 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 274944 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16 126464 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 216064 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 274944 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16 126464 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 216064 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 274944 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16 126464 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 216064 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15 274944 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkDiv.dll
+ 2011-06-02 06:16 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpudd.dll
+ 2011-06-02 06:16 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpudd.dll
+ 2012-01-16 22:33 . 2011-11-17 05:34 100352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\sspicli.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 171904 c:\windows\System32\wuwebv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 577048 c:\windows\System32\wuapi.dll
+ 2009-07-14 02:05 . 2012-08-09 18:06 624178 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-09 05:41 624178 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-08-09 18:06 106522 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-08-09 05:41 106522 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2012-08-09 17:59 396356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-08-09 05:36 396356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-02 06:15 . 2010-11-05 01:53 1736536 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.17755_none_ae0e4090ee55e5f0\wpfgfx_v0300.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12 2422272 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1\wucltux.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 1933848 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuaueng.dll
+ 2011-06-02 06:15 . 2010-11-20 12:17 1785344 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_7.1.7601.17803_none_0b3343d68db9b9ec\Journal.exe
+ 2011-06-02 06:15 . 2010-11-20 12:17 1785344 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\Journal.exe
+ 2009-07-13 23:49 . 2009-07-14 01:14 1785344 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\Journal.exe
+ 2009-07-14 00:02 . 2009-07-14 01:15 1415168 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkObj.dll
+ 2009-07-14 00:02 . 2009-07-14 01:15 1415168 c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkObj.dll
+ 2012-01-16 22:33 . 2011-11-17 05:32 1038848 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsasrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:38 1037312 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsasrv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12 2422272 c:\windows\System32\wucltux.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19 1933848 c:\windows\System32\wuaueng.dll
+ 2009-07-14 02:03 . 2012-08-09 15:29 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2012-03-14 14:27 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2012-03-14 14:31 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-08-09 16:48 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-09 04:38 . 2012-08-09 17:59 2253476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3806059188-2109455386-291866110-1001-12288.dat
+ 2011-04-09 03:51 . 2012-08-09 17:59 38633760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3806059188-2109455386-291866110-1001-8192.dat
+ 2011-05-31 05:55 . 2012-08-09 15:18 127004364 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 02:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 02:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-12 02:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 05:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 21:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 01:47]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 01:47]
.
2012-08-09 c:\windows\Tasks\PC Optimizer Pro startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2011-06-10 07:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\oydg7dbs.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2776)
c:\windows\system32\igd10umd32.dll
.
Completion time: 2012-08-09 12:17:23
ComboFix-quarantined-files.txt 2012-08-09 19:17
.
Pre-Run: 99,225,088,000 bytes free
Post-Run: 99,066,867,712 bytes free
.
- - End Of File - - 05F2A8773531733AF926981080DED708 |
My System Specs | |
| 09 Aug 2012 | |
| Microsoft Windows 8 Professional 645 posts | |
| My System Specs |
| 09 Aug 2012 | |
| Win7 x 6 PC's 36,547 posts California, Florida, Boston | OK Thanks, running that now. I rooted PC Optimizer Pro out by searching registry for PCOpt and deleting a dozen listings, then found a Program File which I deleted, rooting out a stubborn tray item by ending it's Process. |
| My System Specs |
| . |
| |
| 09 Aug 2012 | |
| Microsoft Windows 8 Professional 645 posts | been there...done that brother, good luck |
| My System Specs |
| 09 Aug 2012 | |
| Win7 x 6 PC's 36,547 posts California, Florida, Boston | TDSS killer won't run, either from desktop or flash stick. I don't see any process for it opening in Task Manager either. I tried to rename it svchost.exe which will sometimes sneak ComboFix past an infection, but it fails the Remote Procedural Call. |
| My System Specs |
| 09 Aug 2012 | |
| 32 bit 143 posts | Try this tool-fixtdss Backdoor.Tidserv Removal Tool | Symantec Do you have a 10 mb partition in disk management? |
| My System Specs |
| 09 Aug 2012 | |
| Win7 x 6 PC's 36,547 posts California, Florida, Boston | No why would there be such a partition? Where do you see that there is Backdoor.tidserv on this PC? I must be missing it. |
| My System Specs |
| 10 Aug 2012 | |
| 32 bit 143 posts | why do you ask questions before trying running the tools?  just jokingLet me ask you question.Can you guess which infection blocked you from running tdsskiller? Do you say that you need to have backdoor.tidserv in your logs to run this tool? What did Avast show you? MBR alureon? What is MBR alureon? Why did Avast do that? Research and you will get the answer |
| My System Specs |
| 10 Aug 2012 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | 
Quote: Originally Posted by gregrocker  No why would there be such a partition? If you d/l G Parted, boot from that & examine the drive, you'll probably find a hidden partition between 1 - 10 MB (although the usual size is 1 - 3 MB). Delete this partition & then run TDSKiller again, make sure to click the "change parameters" option & make sure all the boxes are checked. This should clean out any leftover files. A follow up with Windows Defender offline would be a good idea to see if it introduced any other viruses. Last edited by Borg 386; 10 Aug 2012 at 09:06 AM.. |
| My System Specs |
| 10 Aug 2012 | |
| Microsoft Windows 8 Professional 645 posts | greg, its time to remove that disk and use an adapter so you can clean it with another computer, or perform a clean install  |
| My System Specs |
 |
Multiple serious infections problems?
| Thread Tools | |
| Similar help and support threads for: Multiple serious infections | ||||
| Thread | Forum | |||
| HAPPILI and possible other infections/redirects | Performance & Maintenance | |||
| Infections EVEN after formatting and installation? | System Security | |||
| AVG or Windows Defender came up informing me of 2 infections | System Security | |||
| virus infections | System Security | |||
| Have you ever lost data due to infections? | System Security | |||
All times are GMT -5. The time now is 05:51 AM.
