Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This


  • This topic is locked This topic is locked
8 replies to this topic

#1 itsjustme7

itsjustme7

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 18 March 2012 - 04:13 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2011 3:46:23 PM
System Uptime: 3/18/2012 5:22:33 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 203.983 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.711 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 3/3/2012 5:13:49 PM - Scheduled Checkpoint
RP21: 3/15/2012 7:26:22 AM - Windows Modules Installer
RP22: 3/15/2012 7:33:09 AM - Windows Modules Installer
RP23: 3/16/2012 3:00:20 AM - Windows Update
RP24: 3/18/2012 4:26:22 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
CA Backup and Migration
CA Parental Controls
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
DNAMigrator
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
GoToMeeting 4.5.0.457
Heroes of Hellas 2 - Olympia
HiJackThis
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java™ 6 Update 30
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/18/2012 5:30:40 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
3/18/2012 5:30:35 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/18/2012 4:00:06 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The process cannot access the file because it is being used by another process.
3/18/2012 3:14:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
3/18/2012 3:14:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000001c, 0x0000000000000002, 0x0000000000000001, 0xfffff8800192887e). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
3/18/2012 10:19:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
3/18/2012 10:19:40 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================








DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by mike at 18:45:28 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2667.1033 [GMT -4:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\SysWOW64\cfgmig32.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8674F126-C14A-4CA5-B674-5B90E485A68B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8674F126-C14A-4CA5-B674-5B90E485A68B}\75051445572656A7 : DhcpNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{8674F126-C14A-4CA5-B674-5B90E485A68B}\D69636861656C6 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8674F126-C14A-4CA5-B674-5B90E485A68B}\D696B656 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{95291D3C-91A1-4C84-ADFF-F5FCC1DF9554} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: UmxSbxExw.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ehwto074.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]
R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys --> C:\Windows\system32\DRIVERS\kmxfw.sys [?]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]
R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]
R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys --> C:\Windows\system32\DRIVERS\KmxFile.sys [?]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys --> C:\Windows\system32\DRIVERS\KmxFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys --> C:\Windows\system32\DRIVERS\KmxCF.sys [?]
R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys --> C:\Windows\system32\DRIVERS\KmxSbx.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-03-18 20:27:51 388096 ----a-r- C:\Users\mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-18 20:27:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-18 20:07:01 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-18 20:06:52 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEFD12FB-3E1B-4CDC-96BB-0174CBD89B74}\mpengine.dll
2012-03-18 13:34:41 -------- d-----w- C:\Users\mike\AppData\Local\{69CE8C8C-CD88-4300-88AD-B750A2FEB605}
2012-03-18 13:34:24 -------- d-----w- C:\Users\mike\AppData\Local\{8E699CBD-6295-4F6E-89F0-965F8FCFA2EA}
2012-03-17 21:36:21 -------- d-----w- C:\Users\mike\AppData\Local\{8069687D-9D46-4AA0-BC9D-D52C2911DFAD}
2012-03-17 21:35:58 -------- d-----w- C:\Users\mike\AppData\Local\{0CC9DDD7-566A-498F-85E4-B0001115303A}
2012-03-17 19:32:06 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-03-16 07:23:33 -------- d-----w- C:\Users\mike\AppData\Local\{345FBA31-FB94-4EB3-8EBC-4FD3ADAE9E1F}
2012-03-16 07:23:17 -------- d-----w- C:\Users\mike\AppData\Local\{C50778CB-4681-454D-9F4E-93BDF6F57C9D}
2012-03-15 22:35:48 -------- d-----w- C:\Users\mike\AppData\Local\{FB70CA9B-690F-41BD-BB97-ED7C216C1F88}
2012-03-15 22:35:25 -------- d-----w- C:\Users\mike\AppData\Local\{D988DA5E-551E-4CB0-AA08-079A7B86A019}
2012-03-15 12:04:49 -------- d-----w- C:\Users\mike\AppData\Local\{C3A7CE87-36A0-466B-B890-C31816D84BF5}
2012-03-15 11:55:20 -------- d-----w- C:\Users\mike\AppData\Local\{DC162B60-F293-48C3-A719-DD3FF38D8681}
2012-03-15 11:55:08 -------- d-----w- C:\Users\mike\AppData\Local\{39F1CFD3-56FA-49A0-8D22-6DBA31609A8C}
2012-03-15 11:37:51 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-15 11:37:51 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-15 11:37:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-15 11:37:51 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-15 11:34:11 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 11:34:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 11:34:07 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 02:27:42 -------- d-----w- C:\Users\mike\AppData\Local\{DB2EED8A-C4F3-460F-A3AD-1FF3F78CD0D6}
2012-03-15 02:27:02 -------- d-----w- C:\Users\mike\AppData\Local\{3D9A4400-481D-4A02-8B0A-3D18C8414F33}
2012-03-14 11:46:48 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 11:46:44 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 11:46:44 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 11:46:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 11:46:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 11:46:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:34:40 -------- d-----w- C:\Users\mike\AppData\Local\{D2406A65-BDB8-40FA-A473-30A0B5EBA0F0}
2012-03-14 02:34:26 -------- d-----w- C:\Users\mike\AppData\Local\{59D53E90-0AC2-4CCD-811A-5707C8AACE63}
2012-02-29 11:09:52 -------- d-----w- C:\Users\mike\AppData\Local\{90612EA4-76D6-4F3A-81B5-F05459A54B04}
2012-02-29 11:09:40 -------- d-----w- C:\Users\mike\AppData\Local\{4F27538D-1BED-4174-9085-6F8EE40F3B01}
2012-02-26 13:09:05 -------- d-----w- C:\Users\mike\AppData\Local\{2432E67D-5834-4EE1-BFE9-59ABD0A123ED}
2012-02-26 13:08:53 -------- d-----w- C:\Users\mike\AppData\Local\{7B80EC32-8B1E-4356-B80E-40B3719955A3}
2012-02-25 06:07:11 -------- d-----w- C:\Users\mike\AppData\Local\{ED7EA5C6-A356-46A1-A7D5-4DD522C9DE56}
2012-02-25 06:06:58 -------- d-----w- C:\Users\mike\AppData\Local\{8DD2ABF1-52FA-4E5B-9788-DA4AD17D841F}
2012-02-19 04:42:34 -------- d-----w- C:\Users\mike\AppData\Local\{34F90D64-4545-42B5-9E5D-01EFA550C631}
2012-02-19 04:42:21 -------- d-----w- C:\Users\mike\AppData\Local\{EE476FC3-AC23-4CC0-A922-D867B7A55DA4}
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-16 19:20:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 01:02:50 72080 ----a-w- C:\Users\mike\g2mdlhlpx.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 23:25:42 99024 ----a-w- C:\Windows\System32\drivers\KmxFilter.sys
2011-12-28 23:25:42 202320 ----a-w- C:\Windows\System32\drivers\KmxCF.sys
2011-12-28 23:25:42 143824 ----a-w- C:\Windows\System32\drivers\KmxFw.sys
2011-12-28 22:49:50 2524176 ----a-w- C:\Windows\System32\winsflt.dll
2011-12-28 22:49:50 1744912 ----a-w- C:\Windows\SysWow64\winsflt.dll
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 18:51:21.99 ===============


I did a DDS log instead.

Edited by itsjustme7, 18 March 2012 - 05:54 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 22 March 2012 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Please let me know the nature or your problems so that I can suggest an appropriate action.

#3 itsjustme7

itsjustme7
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 24 March 2012 - 12:19 PM

Well, I did a partition recovery after having big time suspicions of being hacked and I was paranoid about it and rushed to make that decision, however I read that it's still possible to have a virus in your computer. I did a MalwareBytes full scan and an avast full scan and got no viruses, however I read/was told that the hacker could have sent a virus to your partition, MBR or the actual BIOS. Is that true?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 24 March 2012 - 12:47 PM

however I read/was told that the hacker could have sent a virus to your partition, MBR or the actual BIOS. Is that true?


Yes and we can have a look at it.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

After running the tools listed above let have a look at your partitions.

Please download this ListPart.exe to a folder of you choice. Select the proper tool for your system.

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
Run the tool as an Administrator , click Scan and copy and post the log (Result.txt) in your next reply.

Please post the logs for my review.

#5 itsjustme7

itsjustme7
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 24 March 2012 - 01:51 PM

I did TDSSKiller, nothing detected.

__


23:00:50.635 OS Version: Windows x64 6.1.7601 Service Pack 1
23:00:50.635 Number of processors: 2 586 0x100
23:00:50.651 ComputerName: MIKE-HP UserName: mike
23:00:54.878 Initialize success
23:00:56.142 AVAST engine defs: 12032302
23:02:57.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
23:02:57.089 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 11
23:02:57.136 Disk 0 MBR read successfully
23:02:57.136 Disk 0 MBR scan
23:02:57.245 Disk 0 Windows 7 default MBR code
23:02:57.276 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:02:57.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290878 MB offset 409600
23:02:57.385 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14063 MB offset 596127744
23:02:57.432 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:02:57.541 Disk 0 scanning C:\Windows\system32\drivers
23:03:58.177 Service scanning
23:17:40.615 Modules scanning
23:17:40.693 Disk 0 trace - called modules:
23:17:41.442 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:17:41.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032a26f0]
23:17:41.457 3 CLASSPNP.SYS[fffff88001b7f43f] -> nt!IofCallDriver -> [0xfffffa8002f0dac0]
23:17:41.473 5 amd_xata.sys[fffff880010c2900] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8002f0a060]
23:17:43.610 AVAST engine scan C:\Windows
23:18:09.163 AVAST engine scan C:\Windows\system32
23:25:33.594 AVAST engine scan C:\Windows\system32\drivers
23:25:55.369 AVAST engine scan C:\Users\mike
00:10:54.968 AVAST engine scan C:\ProgramData
00:16:36.691 Scan finished successfully
00:18:19.061 Disk 0 MBR has been saved successfully to "C:\Users\mike\Documents\MBR.dat"
00:18:19.078 The log file has been saved successfully to "C:\Users\mike\Documents\aswMBR.txt"

ListParts by Farbar Version: 12-03-2012 03
Ran by mike (administrator) on 24-03-2012 at 14:56:44
Windows 7 (X64)
Running From: C:\Users\mike\Downloads
Language: 0409
************************************************************

ListParts by Farbar Version: 12-03-2012 03
Ran by mike (administrator) on 24-03-2012 at 15:02:10
Windows 7 (X64)
Running From: C:\Users\mike\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 66%
Total physical RAM: 2666.9 MB
Available physical RAM: 905.32 MB
Total Pagefile: 5332 MB
Available Pagefile: 3072.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.06 GB) (Free:190.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:13.73 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {0cc16ccb-319d-11e1-a8f7-83604498e182}
resumeobject {0cc16cca-319d-11e1-a8f7-83604498e182}
displayorder {0cc16ccb-319d-11e1-a8f7-83604498e182}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {0cc16cce-319d-11e1-a8f7-83604498e182}

Windows Boot Loader
-------------------
identifier {0cc16ccb-319d-11e1-a8f7-83604498e182}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {0cc16cce-319d-11e1-a8f7-83604498e182}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {0cc16cca-319d-11e1-a8f7-83604498e182}
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {0cc16cce-319d-11e1-a8f7-83604498e182}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0cc16ccf-319d-11e1-a8f7-83604498e182}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0cc16ccf-319d-11e1-a8f7-83604498e182}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {0cc16cca-319d-11e1-a8f7-83604498e182}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {0cc16ccf-319d-11e1-a8f7-83604498e182}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

Edited by itsjustme7, 24 March 2012 - 02:03 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 25 March 2012 - 07:29 AM

You are clean.

#7 itsjustme7

itsjustme7
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 25 March 2012 - 10:38 AM

is there still a slight chance he could have done something to the BIOS for access and is undetectable or I'm good?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 25 March 2012 - 10:43 AM

You can always flash your BIOS if you can find a newer version.

Make sure that this is necessary as you may lose everything.

Check with the Manufacturer.

#9 itsjustme7

itsjustme7
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 25 March 2012 - 12:12 PM

No other way to check if the BIOS has been edited or anything right? Chances are unlikely since one wrong move and my entire computer would have crashed and every BIOS is different anyway?

Thank you for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users