suspected cyber attack - ESET scan results??

[crinkles]

Wife was browsing a site (pretty regular, cardboard sellers) and a pop-up appeared in firefox (I don't know how it could in the first place). she said it offered to scan our computer. when she shut it, "somewhere" on the screen it started to say "6 trojans found etc", she hit the wall switch to kill the PC straight away.


OS is W7, with ESET Samrt security 4

she can't really describe well what happens, so this is the information i've got. it could also have been a fake site tempting you to download THEIR security stuff by scaring you into thinking that you have all those viruses when you don't have them/.

so i come home from work, do an ESET scan, and it finds nothing. I checked the log and it said a lot of files couldn't be accessed. I suspect something is preventing access to those files so ESET can't scan it. would someone be able to say if it is normal? here is the log.

C:\hiberfil.sys - error opening
C:\pagefile.sys - error opening
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\$WINDOWS.~Q\DATA\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Boot\BCD - error opening
C:\Boot\BCD.LOG - error opening
C:\Drivers\video\R211460\LANG\HDMI\esp\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R211460\LANG\HDMI\ita\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R211460\LANG\HDMI\ptb\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R211460\LANG\HDMI\ptg\license.txt » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » PROCESS_LIBRARY.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » HARDWARE_TRACKER.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » HIRING_REQUISITION.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » CUSTOMER_SUPPORT.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » TRACK_ISSUES.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » STATUS_REPORT.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab » CAB » POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Picasa3\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Customer Support.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hardware Tracker.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Status Report.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Paradox Interactive\East India Company\Config\keybinds.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01a9047a93d17a71895f46aaaa290528_411ed413-e070-48b4-8712-7c1eecf0604d - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening
C:\System Volume Information\Syscache.hve - error opening
C:\System Volume Information\Syscache.hve.LOG1 - error opening
C:\System Volume Information\Syscache.hve.LOG2 - error opening
C:\System Volume Information\{0912c13f-ffbc-11de-a93f-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{137349da-fa4a-11de-ab00-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{15d09606-1775-11df-9d31-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{2035e81c-014f-11df-a936-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{21e6723e-04ad-11df-a271-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{43701e1c-0334-11df-905b-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{43e9ddaf-190f-11df-9f61-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{57dcb6bf-f9d2-11de-9daf-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{57dcb6d9-f9d2-11de-9daf-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{57dcb6e1-f9d2-11de-9daf-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{5cc498de-fa4c-11de-b15e-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{5cc49935-fa4c-11de-b15e-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{5d3e7af5-0559-11df-9c12-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{6fdd2a82-15c2-11df-a49c-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{781997a0-03ae-11df-bec7-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{78798cae-fdd3-11de-ad0f-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{787f819a-f982-11de-b0b5-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{89361ff6-f9e8-11de-bca1-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{89362004-f9e8-11de-bca1-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{89362008-f9e8-11de-bca1-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{8caa04e4-1500-11df-8a5b-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{92e92a9b-f8b0-11de-99bc-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{95a8fde4-f830-11de-bccc-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{a0c7701d-f737-11de-8761-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{a1e7362f-0b91-11df-adf2-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{a620d964-048b-11df-ac1e-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b086b2b9-00e0-11df-a78c-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b08e71c8-fa59-11de-a897-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b08e71cf-fa59-11de-a897-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b08e71d4-fa59-11de-a897-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b08e71da-fa59-11de-a897-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b93b15e4-f9ed-11de-b43f-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b93b1642-f9ed-11de-b43f-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{b93b1657-f9ed-11de-b43f-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{bafc075e-f68a-11de-9fd0-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{c1ad044b-13b2-11df-ae63-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{c404e76a-fd89-11de-aafe-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{c5ce5e07-11cd-11df-acb9-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{c7c264a8-fa43-11de-85ef-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{cdc2ffa5-08a9-11df-8159-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{cef91e9a-0c4d-11df-8453-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{e1eb9784-fef7-11de-8536-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{e670c113-06c1-11df-a93c-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{e670c134-06c1-11df-a93c-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{e902f7c5-0abb-11df-add5-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{eadd84f8-f65b-11de-a836-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{eb55577d-f7e4-11de-9883-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{f1a37429-0f7a-11df-8de6-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening
C:\System Volume Information\{fd945426-fbcf-11de-adab-0021705e3670}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening

C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\MicrosoftDotNetFrameworkAssistant.xpi » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab » CAB » Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\0fbf62267125cfb41aa74548a5bbb960e816c63c.HomeGroupClassifier\656c83ebae3e9122a2c02f12ed88426c\grouping\db.mdb - error opening
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\0fbf62267125cfb41aa74548a5bbb960e816c63c.HomeGroupClassifier\656c83ebae3e9122a2c02f12ed88426c\grouping\edb.log - error opening
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\0fbf62267125cfb41aa74548a5bbb960e816c63c.HomeGroupClassifier\656c83ebae3e9122a2c02f12ed88426c\grouping\tmp.edb - error opening
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening
C:\Windows\System32\catroot2\edb.log - error opening
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening
C:\Windows\System32\DriverStore\FileRepository\dlbtprc.inf_amd64_neutral_863a0ab34ad3681e\common\italian\dlbteula.txt » MIME - is OK

 

[Keiser561]

Most of those are access denied by the OS. I think Ive seen the AD your wife saw. When you close it it opens up another one which has an animated photo of a Windows XP "My Computer" window and starts "scanning" and finds a load of viruses, trojans, and spyware. Its fake, an AD..

 

[greenaccord02]

You're fine. Nothing to worry about.

 

[crinkles]

oh dear. got a trojan in quarantine.
15/02/2010 4:08:14 PM HTTP filter
a variant of Win32/LockScreen.NY trojan connection terminated - quarantined
Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe.

seems to originate from an INDIAN website.

Also, constant DNS poisoning attack in my ESET firewall log...

not happy...

 

[SuperBusa]

Originally Posted By: crinkles
... she hit the wall switch to kill the PC straight away.


Cutting power like that is a dangerous move. I if the HD was writing it can cause file corruptions.

There are some nasty virus out there lately ... I fought my machine for a month trying to get it straightened back out.

I'm using Microsoft Security Essentials now ... seems to protect pretty well so far. Free from Microsoft to anyone with a valid copy of Windows.

I wish the Government would identify all sites that contain virus and by law somehow shut them all down!!

 

[TXMXTruck]

crinkles - As SuperBusa correctly stated, cutting power to the computer can be a dangerous move and it (mostly) results in minor file corruptions of any files that were open at the time. However, considering the consequences of getting slammed by a very serious Trojan, I say your wife is very smart for doing what she did.

As I explain to my computer consulting clients, these rogue / false virus and Trojan warnings are a multi-million dollar business. They have programmers re-writing code daily in an attempt to trick more users into downloading rogue anti-virus software and then paying a "ransom" to remove the [censored].

Some of these fake warnings are designed to look like Windows XP screens, while others may look like Windows Defender, Win 7, or even Eset 4.0. I've found that with most of these fake warnings, clicking YES or NO still downloads the payload. Therefore, short of pulling the power cord, the best option is to bring up task manager to kill the warning (usually it is just necessary to kill your web browser) and then immediately reboot your computer and run a full scan.

Some might say your wife had to be surfing on a bad website. No longer true! Think of the many banner or other ads running on almost every website, including main portals such as FoxNews. Fox isn't usually selling the ad space, it is most likely being served by Google or another provider.

Any ad service can only do so much to investigate the background of new customers. The new advertiser may run legitimate ads for a week or two and then slip in dangerous code.

Also, considering that the dangerous code is rewritten often daily, any top tier anti-virus can overlook this stuff and let it slip by. Therefore, it takes a little extra effort on the part of the user, as in being pro-active like your wife.

 

[ToyotaNSaturn]

Do you have UAC on? If so, that cuts down a LOT on what will attack your system.

As others have stated, it doesn't take much to get a fake window to come up any more...a mouse-over action, JPG file, etc.

For cases like yours, use the hosts file as a way of keeping nasties out: http://www.mvps.org/winhelp2002/hosts.htm the downside is that you'll need to do this regularly, say once a month or so.

 

[SuperBusa]

Originally Posted By: ToyotaNSaturn
Do you have UAC on? If so, that cuts down a LOT on what will attack your system.


What is UAC? ... something in Win7 ?

This virus world on the internet is getting totally out of control. I wish there was a way to shutdown ANY site that has any indication that viruses are propagating from them.

I think the Gov't should have the capability of shutting down any site that has viruses launching from it. Something needs to be done to control the level of activity IMO.

 

[Buffman]

User Access Control. Was in Vista, and was Toned down greatly in W7. Basically it's a nanny. Left on or medium to high setting, it will prompt you for everything to have permission to run. It's annoying for people like me, but helpful for some in situations as described.

Crinkles:

Download, and fully update malwarebytes. It's free. Beofre you run it lookup rkill.com. Should have a download for it on bleepingcomputer.com. Probably have to right click and run as an administrator on W7, but run it. It should run and terminate any processes. Run Malwarebytes, full scan. If it finds nothing, then great, but if she killed the power, there's a chance it's on there.

TNS, spybot with using the immunize, will edit the host file, and add entries. I've read there are compliants of system slow down with larger hosts files, but with how fast Pc's are today, I really doubt it's that much of an issue.

 

[ToyotaNSaturn]

I agree, large hosts files aren't a problem for any modern system.

UAC demotes IE to a base running level in the system even if you're an administrator of the system, thus it keeps things one more step away from the registry and from installing w/o your knowledge. Really, if MS would have had this in XP, malware wouldn't as easily affect XP systems.

Here's a decent tutorial on UAC in Windows 7:
http://www.7tutorials.com/uac-why-you-should-never-turn-it-off

 

[Rand]

thats a trojan popup.

if you hit anything on it.. including the close x in corner

it installs this nasty fake antivirus that holds your computer hostage until you pay them for their antivirus..

and it spams you have 32 virus or whatever constantly in corner and disables most of what you can do in windows.

I had to take the drive out and disinfect it with another computer as windows was completely locked down and unmanageable with this trojan.

 

[crinkles]

Well it seems the PC is no worse for wear.

I will turn UAC on. i turned it off when setting the PC up because it was driving me nuts.

ESET submitted the links for analyis - seems like trojan downloaders and winlock trojan.

At least ESET did what i paid moneyf or it to do.

 

[crinkles]

the DNS poisoning attacks noted int he ESET log still worries me. it has been going on apparently forever but i only found it out the other day. it is all from 192.168.2.1:53 source (i guess my router?) and the target is something like 192.168.2.1:76453

where the big number keeps alternating.

 

[crinkles]

Originally Posted By: ToyotaNSaturn
Do you have UAC on? If so, that cuts down a LOT on what will attack your system.

As others have stated, it doesn't take much to get a fake window to come up any more...a mouse-over action, JPG file, etc.

For cases like yours, use the hosts file as a way of keeping nasties out: http://www.mvps.org/winhelp2002/hosts.htm the downside is that you'll need to do this regularly, say once a month or so.


I'd love more info on the hosts file thing and how it works. do you download every month?