Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Multiple serious infections


09 Aug 2012   #1
Microsoft MVP

 
Multiple serious infections

Trying to help a friend whose system was frozen with files hidden. Avast boot scan found numerous infections which it doesn't seem to fix since I've run it three times. So did Combofix after rKill, which unhid the files and otherwise restored performance. Still we get a popup at every boot from PC Optimizer Pro claiming numerous infections.

Avast boot scan log:
Code:
10/26/2011 17:41
Scan of all local drives

File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux$zordo.class is infected by Java:Agent-TB [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Deleted

----------------------------------------
08/08/2012 20:38
Scan of all local drives

File C:\ProgramData\IzoeBi1ZSaHfSx.exe is infected by Win32:Dropper-gen [Drp], Deleted
File C:\Users\David\AppData\Local\myoieyec.exe is infected by Win32:MalOb-GF [Cryp], Deleted
File C:\Users\David\AppData\Local\Temp\eEPJSrKBEl07iN.exe.tmp is infected by Win32:Rootkit-gen [Rtk], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\39db9912-13fb5790 is infected by Win32:MalOb-GF [Cryp], Deleted
Number of searched folders: 44301
Number of tested files: 265580
Number of infected files: 4

----------------------------------------
08/09/2012 10:03
Scan of all local drives

File C:\ProgramData\AVAST Software\Avast\log\unp192751541.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC000007B {Bad Image}, Delete: Error 0xC0000034 {Object Name not found.}, Delete: Error 0xC0000034 {Object Name not found.}, Delete: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}
File C:\ProgramData\AVAST Software\Avast\log\ Error 0xC000000D {An invalid parameter was passed to a service or function.}
File C:\ProgramData\AVAST Software\Avast\log\unp49058768.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp53929307.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp70394681.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\ProgramData\AVAST Software\Avast\log\unp80668799.tmp.mdmp is infected by MBR:Alureon-K [Rtk], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3ef65551-76154ae1|>rotor\Zom2.class is infected by Java:Agent-ATN [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\armin.class is infected by Java:Agent-AIY [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\erandus.class is infected by Java:Agent-AIZ [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\lindsa.class is infected by Java:Agent-AJA [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\opkat.class is infected by Java:Agent-AIX [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\oplef.class is infected by Java:Agent-AJC [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\10bca31e-7083159b|>xmltree\rekona.class is infected by Java:Agent-AJB [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\300446c-1c88125b|>Wiki.class is infected by Java:Agent-AOY [Trj], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4911143c-1642ce2b|>notana.class is infected by Java:Agent-ANE [Expl], Deleted
File C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-7e37a8aa|>main.class is infected by Java:Agent-AXI [Expl], Deleted
File C:\Windows\temp\_avast_\unp231066075.tmp|>nsis.hdr is infected by NSIS:Malware-gen [Trj], Deleted
Number of searched folders: 15948
Number of tested files: 453402
Number of infected files: 20
Even after all scans a popup appears at every boot on desktop for PC Optimizer Pro saying there are numerous Critical errors found. I have uninstalled PCOP in Control Panel but it persists.

So I run rkill followed by Combofix. As Combofix is loading I get a popup from Avast saying rootkit found MBR:Alureo whose file name is Rootkit.narr. It wants me to Delete it and run the Boot scan again.

Combofix report:
Code:
ComboFix 12-08-09.01 - David 08/09/2012  11:31:56.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2975.2120 [GMT -7:00]
Running from: c:\users\David\Desktop\svchost.exe.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
.
---- Previous Run -------
.
c:\users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\David\Desktop\System Check.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-09 to 2012-08-09  )))))))))))))))))))))))))))))))
.
.
2012-08-09 05:48 . 2012-07-16 09:41    6891424    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{AFD2CF20-1D69-4B5A-90E5-AEFC5E1D024A}\mpengine.dll
2012-08-09 04:14 . 2012-08-09 04:14    --------    d-----w-    c:\windows\Microsoft Antimalware
2012-08-09 04:14 . 2012-08-09 04:14    --------    d-----w-    c:\windows\Windows Defender Offline
2012-08-09 03:34 . 2012-08-09 05:45    --------    d-----w-    C:\ComboFix
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2011-04-09 04:54    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-24 00:31    44784    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-09 04:54    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-04-09 04:54    353688    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-04-09 04:54    721000    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-04-09 04:54    57656    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-04-09 04:53    41224    ----a-w-    c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-04-09 04:53    227648    ----a-w-    c:\windows\system32\aswBoot.exe
2012-05-31 19:25 . 2011-04-09 01:31    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-03-26 01:47 . 2011-05-31 05:55    97208    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-09_06.29.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 15:09 . 2012-06-02 22:19    45080              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wups2.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    53784              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
+ 2012-08-09 15:09 . 2012-06-02 22:12    33792              c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuapp.exe
+ 2012-08-09 15:09 . 2012-06-02 22:19    35864              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wups.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12    88576              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wudriver.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16    47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16    47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16    47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:16    47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\NBMapTIP.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.21955_none_4fff0713f624080b\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.17803_none_4fa97950dcdfa9de\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.21179_none_4e06e199f90a6f78\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16988_none_4d719c76dff59f06\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14    48640              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.21955_none_44cbbc6cc484b691\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14    48640              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.17803_none_44762ea9ab405864\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14    48640              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.21179_none_42d396f2c76b1dfe\jnwdui.dll
+ 2009-07-13 23:47 . 2009-07-14 01:14    48640              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\PDIALOG.exe
+ 2009-07-13 23:47 . 2009-07-14 01:15    22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwppr.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwmon.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    84480              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16988_none_423e51cfae564d8c\jnwdui.dll
+ 2011-06-02 06:15 . 2010-11-20 10:21    15872              c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpvideominiport.sys
+ 2011-06-02 06:15 . 2010-11-20 10:21    15872              c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpvideominiport.sys
+ 2012-01-16 22:33 . 2011-11-17 05:34    15872              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\sspisrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:34    22016              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\secur32.dll
+ 2012-01-16 22:33 . 2011-11-17 05:29    22528              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
+ 2012-01-16 22:33 . 2011-11-17 05:39    15360              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\sspisrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:39    99840              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\sspicli.dll
+ 2012-01-16 22:33 . 2011-11-17 05:39    22016              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\secur32.dll
+ 2012-01-16 22:33 . 2011-11-17 05:36    22528              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
+ 2012-08-09 15:09 . 2012-06-02 22:19    45080              c:\windows\System32\wups2.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    35864              c:\windows\System32\wups.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12    88576              c:\windows\System32\wudriver.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    53784              c:\windows\System32\wuauclt.exe
- 2011-06-02 06:14 . 2010-11-20 12:17    33792              c:\windows\System32\wuapp.exe
+ 2012-08-09 15:09 . 2012-06-02 22:12    33792              c:\windows\System32\wuapp.exe
+ 2011-04-09 03:55 . 2012-08-09 18:01    34332              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-09 18:01    41164              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-31 05:38 . 2012-08-09 06:09    32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15    32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-31 05:38 . 2012-08-09 06:09    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-31 05:38 . 2012-08-09 18:15    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-31 05:38 . 2012-08-09 06:09    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 22:19 . 2012-06-02 22:19    73088              c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:34 . 2012-08-09 17:02    87696              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.22012_none_8afce0390e381ffd\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17857_none_8a4d2d0df5363b68\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.21227_none_8910b4b911154eb5\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.17036_none_887b45d1f800b45e\msxml6r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_8afd24910e37d31a\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_8910f911111501d2\msxml3r.dll
+ 2009-07-14 00:19 . 2009-07-14 01:07    2048              c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_887b8a29f800677b\msxml3r.dll
+ 2011-04-09 01:14 . 2012-08-09 18:01    8152              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3806059188-2109455386-291866110-1001_UserData.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13    9560              c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_48.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13    4280              c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_32.bin
+ 2012-08-09 15:13 . 2012-08-09 15:13    2456              c:\windows\System32\NetworkList\Icons\{782278D8-8ED0-4BF4-92AF-C144556D75C2}_24.bin
- 2012-08-09 05:37 . 2012-08-09 05:37    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:00 . 2012-08-09 18:00    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:00 . 2012-08-09 18:00    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 05:37 . 2012-08-09 05:37    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 15:09 . 2012-06-02 22:19    171904              c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuwebv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    577048              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wuapi.dll
+ 2011-06-02 06:15 . 2010-11-20 12:29    187776              c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20    187472              c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\FWPKCLNT.SYS
+ 2009-07-13 23:47 . 2009-07-14 01:15    484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15    672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.21955_none_1a1855541c176f4a\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15    672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15    672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.21179_none_18202fda1efdd6b7\InkSeg.dll
+ 2009-07-13 23:47 . 2009-07-14 01:15    484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\MSPVWCTL.DLL
+ 2009-07-13 23:47 . 2009-07-14 01:15    672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\InkSeg.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16    126464              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    216064              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    274944              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.21955_none_ccf754dbae8e9b38\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16    126464              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    216064              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    274944              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16    126464              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    216064              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    274944              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.21179_none_caff2f61b17502a5\InkDiv.dll
+ 2009-07-13 23:46 . 2009-07-14 01:16    126464              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\rtscom.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    216064              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkEd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    274944              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkDiv.dll
+ 2011-06-02 06:16 . 2010-11-20 10:24    134656              c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpudd.dll
+ 2011-06-02 06:16 . 2010-11-20 10:24    134656              c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpudd.dll
+ 2012-01-16 22:33 . 2011-11-17 05:34    100352              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\sspicli.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    171904              c:\windows\System32\wuwebv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    577048              c:\windows\System32\wuapi.dll
+ 2009-07-14 02:05 . 2012-08-09 18:06    624178              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-09 05:41    624178              c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-08-09 18:06    106522              c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-08-09 05:41    106522              c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2012-08-09 17:59    396356              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-08-09 05:36    396356              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-02 06:15 . 2010-11-05 01:53    1736536              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.17755_none_ae0e4090ee55e5f0\wpfgfx_v0300.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12    2422272              c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1\wucltux.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    1933848              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuaueng.dll
+ 2011-06-02 06:15 . 2010-11-20 12:17    1785344              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_7.1.7601.17803_none_0b3343d68db9b9ec\Journal.exe
+ 2011-06-02 06:15 . 2010-11-20 12:17    1785344              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17803_none_19c2c79102d3111d\Journal.exe
+ 2009-07-13 23:49 . 2009-07-14 01:14    1785344              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7600.16988_none_178aeab705e90645\Journal.exe
+ 2009-07-14 00:02 . 2009-07-14 01:15    1415168              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.17803_none_cca1c718954a3d0b\InkObj.dll
+ 2009-07-14 00:02 . 2009-07-14 01:15    1415168              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7600.16988_none_ca69ea3e98603233\InkObj.dll
+ 2012-01-16 22:33 . 2011-11-17 05:32    1038848              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsasrv.dll
+ 2012-01-16 22:33 . 2011-11-17 05:38    1037312              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsasrv.dll
+ 2012-08-09 15:09 . 2012-06-02 22:12    2422272              c:\windows\System32\wucltux.dll
+ 2012-08-09 15:09 . 2012-06-02 22:19    1933848              c:\windows\System32\wuaueng.dll
+ 2009-07-14 02:03 . 2012-08-09 15:29    7340032              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2012-03-14 14:27    7340032              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2012-03-14 14:31    5980439              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-08-09 16:48    5980439              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-09 04:38 . 2012-08-09 17:59    2253476              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3806059188-2109455386-291866110-1001-12288.dat
+ 2011-04-09 03:51 . 2012-08-09 17:59    38633760              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3806059188-2109455386-291866110-1001-8192.dat
+ 2011-05-31 05:55 . 2012-08-09 15:18    127004364              c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38    34672    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 02:26    171032    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 02:26    137752    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-12 02:26    172568    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49    249064    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 05:31    1721640    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 21:53    495708    ----a-w-    c:\program files\IDT\WDM\sttray.exe
.
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 01:47]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 01:47]
.
2012-08-09 c:\windows\Tasks\PC Optimizer Pro startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2011-06-10 07:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\oydg7dbs.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2776)
c:\windows\system32\igd10umd32.dll
.
Completion time: 2012-08-09  12:17:23
ComboFix-quarantined-files.txt  2012-08-09 19:17
.
Pre-Run: 99,225,088,000 bytes free
Post-Run: 99,066,867,712 bytes free
.
- - End Of File - - 05F2A8773531733AF926981080DED708
The weird thing is that performance is good, fast and snappy so I'd like to save this install for the owner if possible.




Attached Files
File Type: txt aswBoot.txt (4.3 KB, 2 views)
My System SpecsSystem Spec
.

09 Aug 2012   #2

Microsoft Windows 8.1 Professional
 
 

My System SpecsSystem Spec
09 Aug 2012   #3
Microsoft MVP

 

OK Thanks, running that now.

I rooted PC Optimizer Pro out by searching registry for PCOpt and deleting a dozen listings, then found a Program File which I deleted, rooting out a stubborn tray item by ending it's Process.
My System SpecsSystem Spec
.


09 Aug 2012   #4

Microsoft Windows 8.1 Professional
 
 

been there...done that brother, good luck
My System SpecsSystem Spec
09 Aug 2012   #5
Microsoft MVP

 

TDSS killer won't run, either from desktop or flash stick. I don't see any process for it opening in Task Manager either.

I tried to rename it svchost.exe which will sometimes sneak ComboFix past an infection, but it fails the Remote Procedural Call.
My System SpecsSystem Spec
09 Aug 2012   #6

32 bit
 
 

Try this tool-fixtdss

Backdoor.Tidserv Removal Tool | Symantec

Do you have a 10 mb partition in disk management?
My System SpecsSystem Spec
09 Aug 2012   #7
Microsoft MVP

 

No why would there be such a partition?

Where do you see that there is Backdoor.tidserv on this PC? I must be missing it.
My System SpecsSystem Spec
10 Aug 2012   #8

32 bit
 
 

why do you ask questions before trying running the tools? just joking

Let me ask you question.Can you guess which infection blocked you from running tdsskiller?

Do you say that you need to have backdoor.tidserv in your logs to run this tool? What did Avast show you? MBR alureon?
What is MBR alureon? Why did Avast do that?

Research and you will get the answer
My System SpecsSystem Spec
10 Aug 2012   #9

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by gregrocker View Post
No why would there be such a partition?
Alureon usually puts a hidden boot partition on the the infected system. Sometimes it shows up in disk management, most times it doesn't.

If you d/l G Parted, boot from that & examine the drive, you'll probably find a hidden partition between 1 - 10 MB (although the usual size is 1 - 3 MB). Delete this partition & then run TDSKiller again, make sure to click the "change parameters" option & make sure all the boxes are checked. This should clean out any leftover files.

A follow up with Windows Defender offline would be a good idea to see if it introduced any other viruses.
My System SpecsSystem Spec
10 Aug 2012   #10

Microsoft Windows 8.1 Professional
 
 

greg, its time to remove that disk and use an adapter so you can clean it with another computer, or perform a clean install
My System SpecsSystem Spec
Reply

 Multiple serious infections




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:33 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33