Hello.
My dad's PC will no update or keep the correct time along with a host of other problems. At first I did not think the issue could be a virus so I set the PC back to factory settings, but nothing has changed as non of the security certificates for websites are correct/ accepted, windows update will still not work and the date and time just will not set.
Thank you, for your help.
Below is the DDS.log and the aswMBR log is underneath.
___________________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16575
Run by Alan at 15:40:01 on 2013-08-12
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1322 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRunOnce: [PCDrProfiler] <no file>
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3} : DHCPNameServer = 192.168.0.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-27 1245064]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-27 180272]
.
=============== Created Last 30 ================
.
2013-08-12 14:07:20 -------- d-----w- c:\users\alan\appdata\local\ATI
2013-08-12 14:07:14 -------- d-----w- c:\users\alan\appdata\roaming\Symantec
2013-08-12 14:06:48 -------- d-----w- c:\users\alan\appdata\local\VirtualStore
2013-08-12 13:54:08 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 15:40:18.56 ===============
AND HERE IS THE aswMBR LOG
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-12 16:07:19
-----------------------------
16:07:19.095 OS Version: Windows 6.0.6000
16:07:19.095 Number of processors: 2 586 0x6B02
16:07:19.095 ComputerName: ALAN-PC UserName: Alan
16:07:19.657 Initialize success
16:07:42.854 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-12 16:11:43
-----------------------------
16:11:43.622 OS Version: Windows 6.0.6000
16:11:43.622 Number of processors: 2 586 0x6B02
16:11:43.637 ComputerName: ALAN-PC UserName: Alan
16:11:44.339 Initialize success
16:14:31.158 AVAST engine defs: 14042100
16:18:04.922 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
16:18:04.937 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
16:18:05.093 Disk 0 MBR read successfully
16:18:05.093 Disk 0 MBR scan
16:18:05.125 Disk 0 unknown MBR code
16:18:05.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 332744 MB offset 63
16:18:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 681461235
16:18:05.203 Disk 0 scanning sectors +703277505
16:18:05.359 Disk 0 scanning C:\Windows\system32\drivers
16:18:16.294 Service scanning
16:18:43.318 Modules scanning
16:18:47.861 Disk 0 trace - called modules:
16:18:47.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys USBPORT.SYS usbehci.sys netr73.sys usbhub.sys dxgkrnl.sys atikmdag.sys tcpip.sys NETIO.SYS i8042prt.sys mouclass.sys watchdog.sys
16:18:47.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c22ad8]
16:18:47.891 3 ntkrnlpa.exe[81cb07ee] -> nt!IofCallDriver -> [0x8486d710]
16:18:47.891 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000057[0x83a82910]
16:18:47.892 7 netr73.sys[8bf24f60] -> nt!IofCallDriver -> \Device\USBPDO-2[0x864c7030]
16:18:47.892 9 usbhub.sys[8b2ffe61] -> nt!IofCallDriver -> \Device\USBPDO-1[0x85587028]
16:18:49.219 AVAST engine scan C:\Windows
16:18:51.052 AVAST engine scan C:\Windows\system32
16:21:58.324 AVAST engine scan C:\Windows\system32\drivers
16:22:15.188 AVAST engine scan C:\Users\Alan
16:22:25.936 File: C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe **INFECTED** Win32:Malware-gen
16:22:39.539 AVAST engine scan C:\ProgramData
16:23:31.347 Scan finished successfully
16:24:32.400 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Documents\MBR.dat"
16:24:32.415 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"