Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection mimicing Avast! - but removed avast and other virus protections


  • This topic is locked This topic is locked
1 reply to this topic

#1 spudnud

spudnud

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 09 June 2014 - 10:56 PM

I got a pop up that said my virus protection found a bad toolbar and wanted to remove it.  After that my computer kept rebooting.  Finally I was able to debug the boot up and was able to finally use my computer.  My firefox was disabled, so was Maleware Bytes, Avast, and other programs.  I was able to reinstall Maleware Bytes which found one virus (pup.optional.sweetIM.a).  I wasn't able to reinstall Avast! so I installed AVG which didn't find any viruses.  My kids have been using my computer lately and I've had to remove other viruses they accidentally installed.  At this point, I'm pretty sure I still have a problem. 

 

Thank you in advance for your help!

 

DDS Log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by Heather at 21:46:31 on 2014-06-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3055.809 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG2014\Tuneup\TUMICR~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "c:\users\heather\appdata\local\akamai\netsession_win.exe"
uRun: [SmileboxTray] "c:\users\heather\appdata\roaming\smilebox\SmileboxTray.exe"
uRun: [Amazon Cloud Player] "c:\users\heather\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
Trusted Zone: realtyjuggler.com
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.222.222 208.67.220.220 192.168.1.1
TCP: Interfaces\{B25A161D-E0B0-404C-9A44-D67FC80BF4D5} : DHCPNameServer = 208.67.222.222 208.67.220.220 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-6-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-6-24 180632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-9-24 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-9-24 12464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-12-22 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-12-22 411680]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-30 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-22 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-20 68312]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-9 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-9 860472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-9 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-9 51928]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe --> c:\program files\brother\bradmin professional 3\bratimer.exe [?]
S2 c2cautoupdatesvc;Skype Click to Call Updater;"c:\program files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe" /service --> c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [?]
S2 c2cpnrsvc;Skype Click to Call PNR Service;"c:\program files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe" /service --> c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 CrashPlanService;CrashPlan Backup Service;"c:\program files\crashplan\crashplanservice.exe" --> c:\program files\crashplan\CrashPlanService.exe [?]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;"c:\program files\common files\intuit\update service v4\intuitupdateservice.exe" --> c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [?]
S2 Seagate Dashboard Services;Seagate Dashboard Services;"c:\program files\seagate\seagate dashboard 2.0\seagate.dashboard.daswindowsservice.exe" --> c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe --> c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [?]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" --> c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [?]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-5-29 49664]
S3 fsssvc;Windows Live Family Safety Service;"c:\program files\windows live\family safety\fsssvc.exe" --> c:\program files\windows live\family safety\fsssvc.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-12 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;"c:\program files\common files\adobe\switchboard\switchboard.exe" --> c:\program files\common files\adobe\switchboard\SwitchBoard.exe [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-30 1343400]
.
=============== Created Last 30 ================
.
2014-06-10 02:49:19 388096 ----a-r- c:\users\heather\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-06-10 02:49:19 -------- d-----w- c:\program files\Trend Micro
2014-06-10 02:42:11 -------- d-----w- c:\users\heather\appdata\roaming\AVG2014
2014-06-10 02:41:37 -------- d-----w- c:\users\heather\appdata\roaming\TuneUp Software
2014-06-10 02:40:38 -------- d--h--w- C:\$AVG
2014-06-10 02:40:38 -------- d-----w- c:\programdata\AVG2014
2014-06-10 02:40:06 -------- d-----w- c:\program files\AVG
2014-06-10 01:51:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-10 01:50:55 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-10 01:50:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-10 01:50:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-10 01:23:22 -------- d-----w- c:\users\heather\appdata\local\MFAData
2014-06-10 01:23:22 -------- d-----w- c:\users\heather\appdata\local\Avg2014
2014-06-10 01:23:22 -------- d-----w- c:\programdata\MFAData
2014-06-10 01:03:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-06-09 23:49:15 -------- d-sh--w- c:\users\heather\appdata\local\EmieUserList
2014-06-09 23:49:15 -------- d-sh--w- c:\users\heather\appdata\local\EmieSiteList
2014-06-06 10:40:48 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea955dc6-8c99-4405-90ef-151c48463dc2}\offreg.dll
2014-06-06 09:59:07 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea955dc6-8c99-4405-90ef-151c48463dc2}\mpengine.dll
2014-06-01 01:23:59 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-14 09:00:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-13 20:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 20:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 20:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 20:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 20:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 20:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 20:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 20:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-05-13 03:56:43 -------- d-----w- c:\users\heather\appdata\local\Skype
.
==================== Find3M  ====================
.
2014-05-15 15:35:08 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 15:35:08 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-14 09:01:12 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:01:12 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 13:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-01 03:34:59 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-01 03:34:58 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-01 03:34:58 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400168108172
2014-05-01 03:34:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-01 03:34:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-01 03:34:58 43152 ----a-w- c:\windows\avastSS.scr
2014-05-01 03:34:58 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400168108172
2014-05-01 03:34:58 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-15 08:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 15:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:46:57.40 ===============
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:47 PM

Posted 10 June 2014 - 02:26 AM

See here: http://www.bleepingcomputer.com/forums/t/537174/infection-mimicing-avast-but-removed-avast-and-other-virus-protections/


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users