I am running Vista Home Premium 64bit which has been running perfectly until a week ago when I started getting flashing messages on the bottom of the screen reading "Microsoft Windows".
After running several different malware removal programs, like Hijackthis, Security Essentials, Spybot, Super Anti-Virus, etc., the only one that found the bug in "svchost" was Malwarebytes.
It removed the "Trojan, Alureon, Winrscmde" in both regular mode and safe mode, but keeps coming back.
I have deleted the svchost file in both regular mode and safe mode and it comes back.
Trying the numerous fixes splattered across the internet has accomplished nothing but frustration.
The "svchost" bug has been around since at least 2009 and it is hard to believe that it can not be stopped.
I right clicked on the svchost file, selected media info and found the following:
Graphic interface created by Atak_Snajpera
MediaInfo library created by Zenitram
Homepage: MediaInfo
Support: MediaInfo(Lib) 0.7 - Reading information about media files - Doom9's Forum
Does this mean the malware came from SourceForge?
If anyone knows how to fix this problem, please let me know.
"Trojan, Alureon, Winrscmde"
- 16 Jun 2012 #1My System Specs
"Trojan, Alureon, Winrscmde"
- 16 Jun 2012 #2
٩(͡๏̯͡๏)۶
My System SpecsRe: "Trojan, Alureon, Winrscmde"
Hello EJF and welcome to the forums
Can you post the MBAM log for us please? Then we'll have a better idea of what we're dealing with
Plus any other logs that found anything.
I've used MediaInfo in the past and I've had no problems with it. MediaInfo is a little tool that provides information about media files, it's nothing to be worried about It won't work on .exe files, so that's why it isn't displaying anything of use - I've included a MediaInfo log below, just to give you an idea of what it is:
Please note, this isn't my log. I copied it from pastebin.Code:General Unique ID : 157975856625607031949463150552648332548 (0x76D90B142BFEE675CC058F39EA353504) Complete name : [Th3avatar]_Steins;Gate_NCOP_(1280x720_Blu-Ray_FLAC)_[54BFA0D7].mkv Format : Matroska Format version : Version 2 File size : 107 MiB Duration : 1mn 35s Overall bit rate mode : Variable Overall bit rate : 9 481 Kbps Movie name : Steins;Gate - NCOP Encoded date : UTC 2012-02-12 11:35:59 Writing application : mkvmerge v5.3.0 ('I could have danced') built on Feb 9 2012 10:17:19 Writing library : libebml v1.2.2 + libmatroska v1.3.0 Attachment : Yes Video ID : 1 Format : AVC Format/Info : Advanced Video Codec Format profile : High@L5.0 Format settings, CABAC : Yes Format settings, ReFrames : 11 frames Codec ID : V_MPEG4/ISO/AVC Duration : 1mn 35s Width : 1 280 pixels Height : 720 pixels Display aspect ratio : 16:9 Frame rate : 23.976 fps Color space : YUV Chroma subsampling : 4:2:0 Bit depth : 8 bits Scan type : Progressive Title : [H264] Writing library : x264 core 120 r2127 f33c8cb Encoding settings : cabac=1 / ref=12 / deblock=1:1:1 / analyse=0x3:0x133 / me=umh / subme=10 / psy=1 / psy_rd=1.00:0.00 / mixed_ref=1 / me_range=24 / chroma_me=1 / trellis=2 / 8x8dct=1 / cqm=0 / deadzone=21,11 / fast_pskip=0 / chroma_qp_offset=-4 / threads=8 / sliced_threads=0 / nr=0 / decimate=0 / interlaced=0 / bluray_compat=0 / constrained_intra=0 / bframes=12 / b_pyramid=1 / b_adapt=2 / b_bias=0 / direct=3 / weightb=1 / open_gop=0 / weightp=2 / keyint=250 / keyint_min=23 / scenecut=40 / intra_refresh=0 / rc=crf / mbtree=0 / crf=17.0 / qcomp=0.60 / qpmin=10 / qpmax=51 / qpstep=4 / ip_ratio=1.40 / pb_ratio=1.30 / aq=1:0.50 Language : Japanese Audio ID : 2 Format : FLAC Format/Info : Free Lossless Audio Codec Codec ID : A_FLAC Duration : 1mn 35s Bit rate mode : Variable Channel(s) : 2 channels Sampling rate : 48.0 KHz Bit depth : 24 bits Title : [FLAC 2.0] Writing library : libFLAC 1.2.1 (UTC 2007-09-17) Language : Japanese Text ID : 3 Format : ASS Codec ID : S_TEXT/ASS Codec ID/Info : Advanced Sub Station Alpha Compression mode : Lossless Title : [ASS] Language : English
Tom
- 16 Jun 2012 #3My System Specs
Re: "Trojan, Alureon, Winrscmde"
As per your request.
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.06.13.04
Windows Vista Service Pack 2 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
ED :: ED-PC [administrator]
6/16/2012 6:52:23 AM
mbam-log-2012-06-16 (06-52-23).txt
Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
- 16 Jun 2012 #4
٩(͡๏̯͡๏)۶
My System SpecsRe: "Trojan, Alureon, Winrscmde"
Thanks for the log. Yeah, that's definitely malicious. The real svchost.exe is found in %SYSTEMROOT%\system32 (usually C:\Windows\System32), if you have this file anywhere else, the chances are that it's malicious.
Does MBAM pick anything else up if you run a full scan? Your MBAM definitions are also out of date, I would suggest updating them
Tom
- 16 Jun 2012 #5My System Specs
Re: "Trojan, Alureon, Winrscmde"
I ran a full scan with SuperAntiSpyware by mistake and discovered the following.
Now I will run MalwareBytes and post the results.
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 06/16/2012 at 08:23 PM
Application Version : 5.0.1150
Core Rules Database Version : 8750
Trace Rules Database Version: 6562
Scan type : Complete Scan
Total Scan Time : 01:07:50
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 572
Memory threats detected : 0
Registry items scanned : 65767
Registry threats detected : 0
File items scanned : 109033
File threats detected : 3
Trojan.Agent/Gen-Decay
C:\PROGRAM FILES (X86)\ADOBE\READER 10.0\READER\READER_SL.EXE
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE
PUP.CNETInstaller
C:\USERS\PUBLIC\DOWNLOADS\CNET_REGCLEANER630_EXE.EXE
- 16 Jun 2012 #6My System Specs
Re: "Trojan, Alureon, Winrscmde"
And here is the Malwarebytes log.
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.06.16.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
ED :: ED-PC [administrator]
6/16/2012 8:52:24 PM
mbam-log-2012-06-16 (20-52-24).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 430194
Time elapsed: 1 hour(s), 10 minute(s), 26 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3864 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
- 17 Jun 2012 #7
٩(͡๏̯͡๏)۶
My System SpecsRe: "Trojan, Alureon, Winrscmde"
I wouldn't be worried about those Adobe Reader files, they appear to be false positives:
Originally Posted by EJF 
Trojan.agent/gen-decay? - SUPERAntiSpyware.com
It's back again Originally Posted by EJF 
I'm not allowed to help with malware removal, so I'm going to ask an expert to assist you with this. In the mean time, I would suggest you back up all of your files. I would also like you to run DDS in preparation for this expert - she'll get you to run it anyway so we might as well save some time and run it before hand:
Please download DDS and save it to your desktop.
- Disable any script blocking protection
- Double click dds.scr to run the tool.
- When done, DDS.txt will open.
- Click Yes at the next prompt for Optional Scan.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Please attach the second file; Attach.txt. To attach a file, do the following:
Screenshots and Files - Upload and Post in Vista Forums
Tom
- 17 Jun 2012 #8My System Specs
Re: "Trojan, Alureon, Winrscmde"
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by ED at 9:54:46 on 2012-06-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2616 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
-netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {D071359C-30AD-4645-9B78-7A3283571F25} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: msn.com\www
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: windowsupdates.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{A0769753-1693-4781-8497-D622E206BFB8} : DhcpNameServer = 68.237.161.12 71.250.0.12
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {D071359C-30AD-4645-9B78-7A3283571F25} - No File
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\eh6kxwdy.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110806&tt=270312_bext_fix&babsrc=adbartrp&mntrId=6ac83d39000000000000001d92ab714c&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\eh6kxwdy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110806
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 6ac83d39000000000000001d92ab714c
FF - user.js: extensions.BabylonToolbar_i.hardId - 6ac83d39000000000000001d92ab714c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15426
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:06:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\system32\DRIVERS\vsflt67.sys --> C:\Windows\system32\DRIVERS\vsflt67.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files (x86)\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-6-2 3459024]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-6-27 21504]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-6-28 89920]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2011-6-27 19968]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
S3 wimmount;wimmount;C:\Windows\system32\DRIVERS\wimmount.sys --> C:\Windows\system32\DRIVERS\wimmount.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-06-12 21:14:57 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-12 21:14:57 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-03 10:31:45 455552 ----a-w- C:\Program Files (x86)\SSUPDATE64.EXE
2012-06-03 10:31:44 4786048 ----a-w- C:\Program Files (x86)\SUPERANTISPYWARE.EXE
2012-06-03 00:38:56 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-06-03 00:38:26 1294432 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2012-06-03 00:38:18 994912 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-06-03 00:37:52 211552 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-06-03 00:37:51 146528 ----a-w- C:\Windows\System32\drivers\vsflt67.sys
2012-06-03 00:37:42 320096 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-06-03 00:37:41 137312 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-05-05 11:21:42 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 11:21:42 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 11:21:12 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-04-14 14:09:46 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-08-11 23:38:04 140672 ----a-w- C:\Program Files (x86)\SASCore64.exe
2011-07-22 16:26:56 14928 ----a-w- C:\Program Files (x86)\sasdifsv64.sys
2011-07-20 20:55:40 313728 ----a-w- C:\Program Files (x86)\RUNSAS.EXE
2011-07-19 00:08:58 210816 ----a-w- C:\Program Files (x86)\SASCTXMN64.DLL
2011-07-12 21:55:18 12368 ----a-w- C:\Program Files (x86)\saskutil64.sys
2011-05-04 17:52:35 533888 ----a-w- C:\Program Files (x86)\Uninstall.exe
2011-05-04 17:52:29 46464 ----a-w- C:\Program Files (x86)\SASTask.exe
2004-05-07 22:31:40 348160 ----a-w- C:\Program Files (x86)\msvcr71.dll
.
============= FINISH: 9:59:49.44 ===============
Sorry, I have tried numerous times to attach the zip file to this forum with no success.
My menu does not have a paperclip for attaching a file and my Paint program menu does not have the same menu as is shown in the instructions you referenced.
Any other suggestions?
- 17 Jun 2012 #9
٩(͡๏̯͡๏)۶
My System SpecsRe: "Trojan, Alureon, Winrscmde"
Don't worry about attach.txt for now, if our expert needs it then she'll be able to guide you through attaching it Originally Posted by EJF When waiting for her to come, please be be patient and bear in mind that there are significant time differences between the various helpers here.
- 17 Jun 2012 #10My System Specs
Re: "Trojan, Alureon, Winrscmde"
Take your time.
This 77 year old body moves slowly.
Thank you for your understanding.
Reply With Quote
"Trojan, Alureon, Winrscmde" problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| "Trojan" in Appdata/local/temp.. annoying and killing my performance | Frez121212 | Vista security | 1 | 29 Oct 2009 |
| "Registry Editor has stopped working" /Trojan.Packed.NSAnti Kavo V | vic | Vista General | 5 | 05 Jan 2009 |
| Vista not wotking with "My Computer" or "Control Panel", "Screen Saver" | Platebanger | Vista General | 6 | 05 Feb 2008 |
| "YOUR COMPUTER WAS INFECTED BY UNKNOWN TROJAN IT'S DANGE..." | Tristan | Vista General | 6 | 03 Feb 2008 |
| WM5 Sync with Vista "Windows Calender", "Contacts", and "Mail" | Tony | Vista General | 1 | 16 Feb 2007 |
