PDA

View Full Version : adload and delf virus attack



mhonparica
2012-12-10, 13:22
I would like to ask for help with regards to the problem of my personal laptop.
My Windows has detected PWS:Win32/Delf, a known virus, on mycomputer and another Delf virus. I don't know what to do. I think it started when i start using ultrasurf circumventor due to some restrictions in my office as i use my personal laptop to connect to social networking sites. As i browse the net for possible solution i have downloaded the malwarebytes and it deleted trojan viruses, but i don't know it my computer was fixed. I have read the forum in this link http://forums.spybot.info/showthread.php?t=66037 I think we encountered the same problem but the difference is our computer. Can anyone help? I would really appreciate it.

shelf life
2012-12-16, 15:28
hi mhonparica,

Since its helpful to have something to start with: please see post number 2 here (http://forums.spybot.info/showthread.php?t=288) about how to download and post both a DDS log and a aswMBR log.

mhonparica
2012-12-17, 11:31
good day sir! Thank you for replying to my post as per instructions here's the dds code. I have to inform you also that i am not a good computer person i may have hard time understanding technical computer terms so kindly extend your patients and lastly i am also having problem retrieving my admin password. i don't know how to crack it, if you could also give suggestion as to how i will proceed it will be greatly appreciated.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.4.1
Run by acer at 14:06:35 on 2012-12-17
Microsoft Windows 7 Starter 6.1.7600.0.1252.63.1033.18.1013.221 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Stardock\MyColors\VistaSrv.exe
C:\Program Files\Stardock\MyColors\WBVista.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Program Files\SMART BRO\AssistantServices.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\SMART BRO\UIExec.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Encarta\Encarta Premium 2006\EDICT.EXE
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SMART BRO\UIMain.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\SMART BRO\CMUpdater.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Windows\Explorer.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=ao532h&r=27b50310r305l04f4ww75w5482r845
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uProxyOverride = local
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - c:\program files\mobile media converter toolbar\tbhelper.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Encarta Web Companion Helper Object: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\mobile media converter toolbar\tbcore3.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Encarta Web Companion: {147D6308-0614-4112-89B1-31402F9B82C4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Mobile Media Converter Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\mobile media converter toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: Encarta Web Companion: {147D6308-0614-4112-89B1-31402F9B82C4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Mobile Media Converter Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\mobile media converter toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [E06ADXRC_290068] "c:\program files\microsoft encarta\encarta premium 2006\EDICT.EXE" -m
mRun: [Yahoo Messenger] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{28039CD4-3331-47F2-B89B-3E83C4120F9E} : NameServer = 121.1.3.172 121.1.3.89
TCP: Interfaces\{A7F69CF2-C5E5-4D13-BEFF-A5109858E2D4} : DHCPNameServer = 192.168.12.1
TCP: Interfaces\{A7F69CF2-C5E5-4D13-BEFF-A5109858E2D4}\34F6E6E6563647966697D2D656 : DHCPNameServer = 192.168.66.1
TCP: Interfaces\{A7F69CF2-C5E5-4D13-BEFF-A5109858E2D4}\445616E675966696 : DHCPNameServer = 192.168.66.1
TCP: Interfaces\{A7F69CF2-C5E5-4D13-BEFF-A5109858E2D4}\55E6966756273796479702F666023516D60716C6F636 : DHCPNameServer = 192.168.66.1
TCP: Interfaces\{A7F69CF2-C5E5-4D13-BEFF-A5109858E2D4}\C696E6B6379737F5E657273796E676 : DHCPNameServer = 192.168.0.9 202.124.128.2 202.124.128.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-11 361032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-12-4 35064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 36072]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-11 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-11 58680]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2009-10-28 102784]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2011-1-24 107776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-3 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-11 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-28 54784]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-3-2 9216]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-12-6 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-12-6 10200]
.
=============== Created Last 30 ================
.
2012-12-17 00:42:47 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d10899ae-fd26-492e-b4ab-5dab534330b8}\offreg.dll
2012-12-16 23:33:49 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d10899ae-fd26-492e-b4ab-5dab534330b8}\mpengine.dll
2012-12-13 19:15:31 42760 ----a-w- c:\windows\system32\certsentry.dll
2012-12-13 18:51:58 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 18:51:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 18:51:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 10:26:45 -------- d-----w- c:\program files\ophcrack
2012-12-13 07:47:51 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.6.1
2012-12-12 02:11:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 02:11:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-10 22:41:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-10 22:41:10 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-10 22:41:06 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-10 22:38:23 41224 ----a-w- c:\windows\avastSS.scr
2012-12-10 22:37:26 -------- d-----w- c:\programdata\AVAST Software
2012-12-10 22:37:26 -------- d-----w- c:\program files\AVAST Software
2012-12-10 05:31:57 -------- d-----w- c:\users\acer\appdata\roaming\Malwarebytes
2012-12-10 05:31:38 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 11:54:24 -------- d-----w- c:\users\acer\appdata\roaming\Nitro
2012-12-08 11:54:23 -------- d-----w- c:\users\acer\appdata\roaming\FileOpen
2012-12-08 11:54:23 -------- d-----w- c:\programdata\FileOpen
2012-12-08 11:53:57 -------- d-----w- c:\programdata\Canneverbe Limited
2012-12-08 11:53:56 -------- d-----w- c:\users\acer\appdata\roaming\Canneverbe Limited
2012-12-08 10:57:30 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-12-08 10:57:30 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-12-08 10:57:01 -------- d-----w- c:\program files\Nitro
2012-12-08 10:57:00 -------- d-----w- c:\programdata\Nitro
2012-12-08 10:57:00 -------- d-----w- c:\program files\common files\Nitro
2012-12-08 10:12:53 -------- d-----w- c:\users\acer\appdata\roaming\OpenCandy
2012-12-08 04:10:22 -------- d-----w- C:\GeekBuddyRSP
2012-12-08 04:09:54 -------- d-----w- c:\program files\common files\Comodo
2012-12-08 03:52:38 -------- d-----w- c:\programdata\CPA_VA
2012-12-07 13:15:22 -------- d-----w- c:\programdata\Comodo
2012-12-07 13:15:03 -------- d-----w- c:\users\acer\appdata\local\Comodo
2012-12-07 13:14:37 -------- d-----w- c:\program files\Comodo
2012-12-07 13:14:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-06 14:48:04 -------- d-----w- c:\program files\Spower Windows Password Reset Professional Trial
2012-12-06 14:16:43 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-12-06 14:16:40 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-12-06 14:15:56 10200 ------w- c:\windows\system32\pwdspio.sys
2012-12-04 08:41:28 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-12-04 03:03:44 -------- d-----w- c:\users\acer\appdata\local\SkinSoft
2012-12-03 02:17:02 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-12-04 08:41:28 35064 ----a-w- c:\windows\inf\cfrmd\cfrmd.sys
2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-07 15:37:56 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 15:37:56 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 15:37:54 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 15:37:36 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 15:37:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-02 04:48:28 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-25 21:55:17 78336 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 14:11:35.59 ===============


Here's the result of aswMBR


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-17 15:39:30
-----------------------------
15:39:30.281 OS Version: Windows 6.1.7600
15:39:30.281 Number of processors: 2 586 0x1C0A
15:39:30.289 ComputerName: RAMON UserName: acer
15:39:55.398 Initialize success
15:39:58.416 AVAST engine defs: 12121601
15:40:04.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:40:04.348 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
15:40:04.633 Disk 0 MBR read successfully
15:40:04.644 Disk 0 MBR scan
15:40:04.718 Disk 0 Windows 7 default MBR code
15:40:04.750 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
15:40:04.889 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
15:40:04.943 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150389 MB offset 25382700
15:40:05.016 Disk 0 Partition - 00 0F Extended LBA 75689 MB offset 333380880
15:40:05.056 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 75689 MB offset 333380943
15:40:05.129 Disk 0 scanning sectors +488392065
15:40:05.396 Disk 0 scanning C:\Windows\system32\drivers
15:40:33.487 Service scanning
15:41:27.059 Modules scanning
15:41:51.890 Disk 0 trace - called modules:
15:41:51.905 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:41:51.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86527030]
15:41:51.907 3 CLASSPNP.SYS[88ce159e] -> nt!IofCallDriver -> [0x85b338c0]
15:41:51.907 5 ACPI.sys[886193b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b61028]
15:41:53.081 AVAST engine scan C:\Windows
15:41:59.720 AVAST engine scan C:\Windows\system32
15:47:03.491 AVAST engine scan C:\Windows\system32\drivers
15:47:25.098 AVAST engine scan C:\Users\acer
16:29:26.847 AVAST engine scan C:\ProgramData
16:32:13.019 Scan finished successfully
17:06:35.275 Disk 0 MBR has been saved successfully to "C:\Users\acer\Desktop\MBR.dat"
17:06:35.371 The log file has been saved successfully to "C:\Users\acer\Desktop\aswMBR.txt"

shelf life
2012-12-18, 03:54
Ok no problem. Look in the add remove programs panel and uninstall My Web Search. Other than that the log looks ok.


i don't know how to crack it,

Look likes somebody has been trying: ophcrack, Spower Windows Password Reset

mhonparica
2012-12-20, 02:04
sir good day! I could not uninstall the "my web search" it says "specified module could no be found" what should i do sir?

With regards to ophcrack sir, yes i did tried to use it when i read about it in google but it didn't work.

I bought this laptop 2 years ago and during that time i put an admin password so that my little siblings could not accidentally alter the programs installed in here. Coz they play a lot that time. It wasn't a problem until only last month when i tried to download mozilla and it says i need an admin password. i could not really recall it and i can't install mozilla. Sir if you have suggestion i would really be indebted to you. Thanks for having time. :santa:

shelf life
2012-12-20, 04:07
Hi,

It looks like its already been uninstalled based on the log. So you must be a "standard user" and cant get elevated privileges to install software.
You might try creating a new account (http://www.howtogeek.com/howto/5261/beginner-geek-add-a-new-user-account-in-windows-7/) for yourself as a administrator.