Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

3rd time unlucky


  • This topic is locked This topic is locked
6 replies to this topic

#1 fiftygrit

fiftygrit

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 14 September 2014 - 04:53 AM

Hi Gary

 

You were very helpful in ridding my PC of malware 3 or so weeks ago (multiple infections (vundo, catchme), black screen, started 3 Aug).

 

Unfortunately, my computer is once again severely infected.  Whilst it may be the typical causes, I doubt that this is the case because (and this is a guess because I not an expert).  We are not prolific users of the PC and our habits tend to be careful. The original cause was my fault though, I downloaded Hijack This when my firewall was off.

 

I suspect that there is a downloader hidden in my computer that appears to activate on a Thursday.

 

Could you please advise:  Do I wipe my drives and reload the operating system or do I have another go with bleeping computers?  (I do not want to hog your valuable resources)

 

Simptoms: very slow logging on and shutting down, file changes do not show up in windows explorer unless F5 is pressed.  Malwarebytes, Spybot S&D and Avast are blocked.  DDS apears to freeze and am unable to produce a DDS log.

 

Thank you

Peter

 

Stopzilla log (going back 2 weeks with standard Sz processes deleted):

Block/Extraction        General        2014-09-14 21:15:41    Extracted package System Policies.DisableTaskMgr
Block/Extraction        General        2014-09-14 21:15:39    Extracted package System Policies.DisableRegistryTools
Warning/Detection        General        2014-09-14 21:14:46    Detected malicious registry entry DisableTaskMgr in hkus\S-1-5-21-3587537355-4055296389-3146589605-1000\software\microsoft\windows\currentversion\policies\system
Block/Extraction        General        2014-09-14 21:14:46    Deleted registry value DisableTaskMgr in hkus\S-1-5-21-3587537355-4055296389-3146589605-1000\software\microsoft\windows\currentversion\policies\system
Warning/Detection        General        2014-09-14 21:14:44    Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-3587537355-4055296389-3146589605-1000\software\microsoft\windows\currentversion\policies\system
Block/Extraction        General        2014-09-14 21:14:44    Deleted registry value DisableRegistryTools in hkus\S-1-5-21-3587537355-4055296389-3146589605-1000\software\microsoft\windows\currentversion\policies\system

Block/Extraction        General        2014-09-13 11:21:04    Terminated service: WSearch - Windows Search
Block/Extraction        General        2014-09-13 11:20:53    Terminated service: SysMain - Superfetch

Block/Extraction        General        2014-09-12 22:37:23    Terminated service: WSearch - Windows Search

Block/Extraction        General        2014-09-12 22:37:21    Terminated service: SysMain - Superfetch


Block/Extraction        General        2014-09-09 19:20:18    Terminated service: WSearch - Windows Search

Block/Extraction        General        2014-09-09 19:20:07    Terminated service: SysMain - Superfetch

Block/Extraction        General        2014-09-06 12:04:30    Terminated service: WSearch - Windows Search

Block/Extraction        General        2014-09-06 12:04:29    Terminated service: SysMain - Superfetch

Block/Extraction        General        2014-09-02 22:36:55    Extracted package Trojan.Win32.Mal.gen!b56
Block/Extraction        General        2014-09-02 22:36:54    Extracted package VirTool.Win32.Obfuscator

Block/Extraction        General        2014-09-02 21:52:00    Terminated service: WSearch - Windows Search

Block/Extraction        General        2014-09-02 21:51:59    Terminated service: SysMain - Superfetch


Edited by fiftygrit, 14 September 2014 - 06:53 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:11 PM

Posted 18 September 2014 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 fiftygrit

fiftygrit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 19 September 2014 - 09:13 PM

Hi nasdaq

 

Thank you.  BTW I am operating in safe mode only.

 

AdwCleaner did not appear to have found much:

 

# AdwCleaner v3.310 - Report created 20/09/2014 at 11:25:37
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : peter - POE-PC
# Running from : C:\Users\peter\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Peter_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R22].txt - [1681 octets] - [14/09/2014 20:17:11]
AdwCleaner[R23].txt - [1344 octets] - [14/09/2014 21:21:23]
AdwCleaner[R24].txt - [965 octets] - [20/09/2014 11:25:37]
AdwCleaner[S12].txt - [1751 octets] - [14/09/2014 20:19:02]
AdwCleaner[S13].txt - [1410 octets] - [14/09/2014 21:23:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [1147 octets] ##########
 

 

FRST got stuck at 'Listing Partitions, please wait...'.  After 45min, I rebooted and will give it another go.

 

Regards

Peter



#4 fiftygrit

fiftygrit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 19 September 2014 - 09:31 PM

FRST completed this time and here is the log. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by peter (administrator) on POE-PC on 20-09-2014 12:13:51
Running from C:\Users\peter\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [1] => C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.exe [750392 2014-05-12] (MalwareBytes)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3587537355-4055296389-3146589605-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S13].txt [1410 2014-09-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk.disabled
ShortcutTarget: CineForm Status.lnk.disabled -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SyncBackSE.lnk
ShortcutTarget: SyncBackSE.lnk -> C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe (2BrightSparks Pte Ltd)
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled
ShortcutTarget: Dropbox.lnk.disabled -> C:\Users\Peter_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7194FBD84D6CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {E5DE9D9F-9FB8-4D08-9741-9BCBDD7A06C1} URL = https://www.google.com/search?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: avast! EasyPass Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-17]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-06-26]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default ->
CHR CustomProfile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (avast! EasyPass) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjenocndklfkoihpolcfmgcpfdlbdln [2014-07-13]
CHR Extension: (avast! Online Security) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM\...\Chrome\Extension: [egjenocndklfkoihpolcfmgcpfdlbdln] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
S2 ASDiskUnlocker; C:\Program Files\ASUS\Disk Unlocker\ASPFSVS.exe [187552 2012-06-18] (ASUSTeK Computer Inc.)
S2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.22\aaHMSvc.exe [945664 2013-06-13] (ASUSTeK Computer Inc.) [File not signed]
S2 AsusFanControlService; C:\Program Files\ASUS\AsusFanControlService\1.02.26\AsusFanControlService.exe [1652024 2013-06-25] (ASUSTeK Computer Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-19] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [171632 2013-01-02] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MAXPCDO_SRV; C:\Program Files\MAXpc\MAXPCDefragSrv.exe [248072 2010-01-12] (iS3, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 szserver; C:\Program Files\STOPzilla!\SZServer.exe [57136 2014-08-19] (iS3, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\System32\drivers\AiChargerPlus.sys [13952 2013-01-28] (ASUSTek Computer Inc.)
S3 ASFLTDrv.sys; C:\Program Files\ASUS\Disk Unlocker\ASFLTDrv.sys [17408 2010-09-16] (ASUSTeK Computer Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-22] ()
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [110408 2012-08-20] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [331080 2012-08-20] (ASMedia Technology Inc)
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\System32\drivers\ASUSFILTER.sys [37448 2011-09-20] (MCCI Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-19] (AVAST Software)
S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-19] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-19] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-19] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-19] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-19] ()
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-31] (Intel Corporation)
S0 is3srv; C:\Windows\System32\drivers\is3srv.sys [61328 2014-05-05] (iS3 Inc.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-13] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-03-12] (Intel Corporation)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-17] ()
R0 szkg5; C:\Windows\System32\DRIVERS\szkg.sys [61328 2014-05-05] (iS3 Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [29160 2014-08-02] ()
S1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus32.sys [37664 2012-06-01] (ASUSTeK Computer Inc.)
S1 A2DDA; \??\C:\EEK\RUN\a2ddax86.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 11:28 - 2014-09-20 12:13 - 00000000 ____D () C:\FRST
2014-09-20 11:24 - 2014-09-20 11:24 - 00000633 _____ () C:\Users\peter\Desktop\JRT.txt
2014-09-20 11:24 - 2014-09-20 11:17 - 01097728 _____ (Farbar) C:\Users\peter\Desktop\FRST.exe
2014-09-20 11:24 - 2014-09-20 11:15 - 01373475 _____ () C:\Users\peter\Desktop\adwcleaner_3.310.exe
2014-09-14 20:17 - 2014-09-20 11:26 - 00000000 ____D () C:\AdwCleaner
2014-09-14 20:13 - 2014-09-14 20:07 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\peter\Desktop\rkill.exe
2014-09-13 12:33 - 2014-09-13 12:33 - 00000000 ____D () C:\Users\peter\AppData\Local\Adobe
2014-09-13 09:39 - 2014-09-13 09:40 - 00555168 _____ () C:\Windows\Minidump\091314-86221-01.dmp
2014-09-13 09:39 - 2014-09-13 09:39 - 349008667 _____ () C:\Windows\MEMORY.DMP
2014-09-11 22:21 - 2014-08-20 03:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 22:21 - 2014-08-19 08:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 22:21 - 2014-08-19 08:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 22:21 - 2014-08-19 07:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 22:21 - 2014-08-19 07:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 22:21 - 2014-08-19 07:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 22:21 - 2014-08-19 07:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 22:21 - 2014-08-19 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 22:21 - 2014-08-19 07:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 22:21 - 2014-08-19 07:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 22:21 - 2014-08-19 07:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 22:21 - 2014-08-19 07:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 22:21 - 2014-08-19 07:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 22:21 - 2014-08-19 07:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 22:21 - 2014-08-19 07:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 22:21 - 2014-08-19 07:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 22:21 - 2014-08-19 07:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 22:21 - 2014-08-19 07:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 22:21 - 2014-08-19 07:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 22:21 - 2014-08-19 07:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 22:21 - 2014-08-19 07:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 22:21 - 2014-08-19 07:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 22:21 - 2014-08-19 07:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 22:21 - 2014-08-19 07:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 22:21 - 2014-08-19 07:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 22:21 - 2014-08-19 07:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 22:21 - 2014-08-19 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 22:21 - 2014-08-19 06:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 22:21 - 2014-08-19 06:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 22:21 - 2014-08-19 06:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 17:34 - 2014-06-27 11:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 17:25 - 2014-09-05 11:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 17:25 - 2014-09-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 17:25 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 17:25 - 2014-07-07 11:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 17:25 - 2014-07-07 11:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 17:25 - 2014-06-24 12:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 17:19 - 2014-09-11 17:19 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-02 19:49 - 2014-09-02 19:51 - 00000000 ___SD () C:\Users\Public\Documents\Peter
2014-09-02 19:48 - 2014-09-02 19:48 - 00002761 _____ () C:\Users\Peter_2\Desktop\Historian 4.lnk
2014-09-02 19:48 - 2014-09-02 19:48 - 00000000 ____D () C:\Users\Peter_2\AppData\Roaming\Panstoria
2014-09-02 19:47 - 2014-09-02 19:52 - 00000000 ___SD () C:\Users\Public\Documents\Gail
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Gail\Documents\Personal Art Kits
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Gail\Documents\Artisan Projects
2014-09-02 19:43 - 2014-09-02 19:46 - 00000000 ____D () C:\Users\Gail\AppData\Roaming\Panstoria
2014-09-02 19:43 - 2014-09-02 19:43 - 00002761 _____ () C:\Users\Gail\Desktop\Historian 4.lnk
2014-09-02 19:43 - 2014-09-02 19:43 - 00002048 _____ () C:\Users\Gail\Desktop\Panstoria Artisan 4.lnk
2014-08-28 18:24 - 2014-08-23 11:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 18:24 - 2014-08-23 10:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 22:02 - 2014-08-24 22:02 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-24 22:02 - 2014-08-24 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-24 21:46 - 2014-08-24 21:46 - 00001932 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-24 11:09 - 2014-05-15 02:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 11:09 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 11:09 - 2014-05-15 02:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 11:09 - 2014-05-15 02:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 11:09 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 11:09 - 2014-05-15 02:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 11:09 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 11:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 11:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 20:44 - 2014-08-31 14:07 - 00000000 ____D () C:\Users\Peter_2\AppData\Local\Adobe
2014-08-21 20:32 - 2014-08-21 20:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-21 20:32 - 2014-08-21 20:32 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-21 20:28 - 2014-08-21 20:28 - 00000000 ____D () C:\Windows\Sun
2014-08-21 20:26 - 2014-08-21 20:26 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-21 20:26 - 2014-08-21 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 20:26 - 2014-08-21 20:26 - 00000000 ____D () C:\Program Files\Java
2014-08-21 20:23 - 2014-08-21 20:23 - 00918440 _____ (Oracle Corporation) C:\Users\Peter_2\Downloads\chromeinstall-7u67.exe
2014-08-21 20:13 - 2014-08-21 20:13 - 00854417 _____ () C:\Users\Peter_2\Downloads\SecurityCheck.exe
2014-08-21 20:13 - 2014-08-21 20:13 - 00854417 _____ () C:\Users\Peter_2\Desktop\SecurityCheck.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 12:13 - 2014-09-20 11:28 - 00000000 ____D () C:\FRST
2014-09-20 12:13 - 2014-08-12 20:56 - 00005651 _____ () C:\Users\peter\Desktop\FRST.txt
2014-09-20 12:12 - 2014-05-10 21:50 - 00787118 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 11:29 - 2014-08-12 20:57 - 00022768 _____ () C:\Users\peter\Desktop\Addition.txt
2014-09-20 11:26 - 2014-09-14 20:17 - 00000000 ____D () C:\AdwCleaner
2014-09-20 11:24 - 2014-09-20 11:24 - 00000633 _____ () C:\Users\peter\Desktop\JRT.txt
2014-09-20 11:23 - 2014-06-01 23:54 - 00005334 _____ () C:\Users\peter\Desktop\Rkill.txt
2014-09-20 11:17 - 2014-09-20 11:24 - 01097728 _____ (Farbar) C:\Users\peter\Desktop\FRST.exe
2014-09-20 11:15 - 2014-09-20 11:24 - 01373475 _____ () C:\Users\peter\Desktop\adwcleaner_3.310.exe
2014-09-14 21:26 - 2014-05-11 05:08 - 00115760 _____ () C:\Windows\PFRO.log
2014-09-14 21:23 - 2014-05-17 12:32 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-09-14 20:07 - 2014-09-14 20:13 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\peter\Desktop\rkill.exe
2014-09-14 20:07 - 2014-06-02 06:03 - 01016261 _____ (Thisisu) C:\Users\peter\Desktop\JRT.exe
2014-09-14 20:06 - 2009-01-01 00:03 - 00688992 ____R (Swearware) C:\Users\peter\Desktop\dds.com
2014-09-13 18:19 - 2014-06-08 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-13 17:55 - 2014-07-02 20:38 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 17:54 - 2014-07-02 20:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-13 16:31 - 2014-07-26 15:42 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-09-13 14:36 - 2014-07-02 20:38 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 14:19 - 2014-06-08 17:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 13:56 - 2009-07-14 14:34 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 13:56 - 2009-07-14 14:34 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 13:54 - 2014-05-10 21:47 - 02053621 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 13:51 - 2014-07-05 13:40 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 13:50 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 13:50 - 2009-07-14 14:39 - 00053056 _____ () C:\Windows\setupact.log
2014-09-13 13:45 - 2014-07-05 13:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 12:33 - 2014-09-13 12:33 - 00000000 ____D () C:\Users\peter\AppData\Local\Adobe
2014-09-13 11:19 - 2014-05-17 12:32 - 00000000 ____D () C:\Program Files\STOPzilla!
2014-09-13 09:40 - 2014-09-13 09:39 - 00555168 _____ () C:\Windows\Minidump\091314-86221-01.dmp
2014-09-13 09:39 - 2014-09-13 09:39 - 349008667 _____ () C:\Windows\MEMORY.DMP
2014-09-13 09:39 - 2014-06-02 06:01 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 20:10 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 19:03 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Peter_2\Documents\My Avast EasyPass Data
2014-09-12 10:26 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 22:22 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 22:20 - 2014-05-11 12:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 17:34 - 2014-05-11 05:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:28 - 2014-05-11 05:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 17:19 - 2014-09-11 17:19 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-11 17:19 - 2014-05-17 11:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-11 17:19 - 2014-05-17 11:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 19:48 - 2014-07-05 13:40 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 19:19 - 2014-07-20 14:55 - 00000000 ___RD () C:\Users\Peter_2\Dropbox
2014-09-09 19:19 - 2014-07-19 13:19 - 00000000 ____D () C:\Users\Peter_2\AppData\Roaming\Dropbox
2014-09-07 15:46 - 2014-08-17 11:56 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-07 15:41 - 2014-08-01 22:10 - 00000000 ____D () C:\Users\peter\AppData\Local\CrashDumps
2014-09-06 18:21 - 2009-07-14 14:53 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 11:52 - 2014-09-11 17:25 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 11:47 - 2014-09-11 17:25 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 19:59 - 2014-05-13 21:44 - 00001284 _____ () C:\Users\Gail\Desktop\mexico originals - Shortcut.lnk
2014-09-02 19:52 - 2014-09-02 19:47 - 00000000 ___SD () C:\Users\Public\Documents\Gail
2014-09-02 19:51 - 2014-09-02 19:49 - 00000000 ___SD () C:\Users\Public\Documents\Peter
2014-09-02 19:48 - 2014-09-02 19:48 - 00002761 _____ () C:\Users\Peter_2\Desktop\Historian 4.lnk
2014-09-02 19:48 - 2014-09-02 19:48 - 00000000 ____D () C:\Users\Peter_2\AppData\Roaming\Panstoria
2014-09-02 19:46 - 2014-09-02 19:43 - 00000000 ____D () C:\Users\Gail\AppData\Roaming\Panstoria
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Gail\Documents\Personal Art Kits
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Gail\Documents\Artisan Projects
2014-09-02 19:43 - 2014-09-02 19:43 - 00002761 _____ () C:\Users\Gail\Desktop\Historian 4.lnk
2014-09-02 19:43 - 2014-09-02 19:43 - 00002048 _____ () C:\Users\Gail\Desktop\Panstoria Artisan 4.lnk
2014-08-31 14:07 - 2014-08-21 20:44 - 00000000 ____D () C:\Users\Peter_2\AppData\Local\Adobe
2014-08-31 14:07 - 2014-05-18 21:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-08-31 13:52 - 2009-07-14 14:33 - 00407416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 22:02 - 2014-08-24 22:02 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-24 22:02 - 2014-08-24 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-24 22:02 - 2014-05-17 16:16 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-08-24 21:50 - 2014-05-10 21:56 - 00273796 _____ () C:\Windows\DPINST.LOG
2014-08-24 21:46 - 2014-08-24 21:46 - 00001932 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-24 21:46 - 2014-05-17 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-24 21:46 - 2014-05-10 21:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-24 18:26 - 2014-07-20 17:38 - 00000000 ____D () C:\Users\Peter_2\AppData\Roaming\Skype
2014-08-23 11:46 - 2014-08-28 18:24 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 10:42 - 2014-08-28 18:24 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:32 - 2014-08-21 20:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-21 20:32 - 2014-08-21 20:32 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-21 20:32 - 2014-05-10 22:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-21 20:32 - 2014-05-10 22:07 - 00000000 ____D () C:\Program Files\Adobe
2014-08-21 20:31 - 2014-05-10 22:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-21 20:28 - 2014-08-21 20:28 - 00000000 ____D () C:\Windows\Sun
2014-08-21 20:27 - 2014-05-11 13:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-21 20:26 - 2014-08-21 20:26 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-21 20:26 - 2014-08-21 20:26 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-21 20:26 - 2014-08-21 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-21 20:26 - 2014-08-21 20:26 - 00000000 ____D () C:\Program Files\Java
2014-08-21 20:23 - 2014-08-21 20:23 - 00918440 _____ (Oracle Corporation) C:\Users\Peter_2\Downloads\chromeinstall-7u67.exe
2014-08-21 20:13 - 2014-08-21 20:13 - 00854417 _____ () C:\Users\Peter_2\Downloads\SecurityCheck.exe
2014-08-21 20:13 - 2014-08-21 20:13 - 00854417 _____ () C:\Users\Peter_2\Desktop\SecurityCheck.exe
2014-08-21 03:13 - 2014-08-20 21:34 - 00000000 ____D () C:\Users\Peter_2\AppData\Roaming\X-NetStat

Some content of TEMP:
====================
C:\Users\Peter_2\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn1fc79.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 14:46

==================== End Of Log ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:11 PM

Posted 20 September 2014 - 08:06 AM


Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Let see if we can restore this computer.

Get the Last Good Configuration.

Follow the instructions on this page.

http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration

How is the computer running now?

#6 fiftygrit

fiftygrit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 20 September 2014 - 11:16 PM

Hi nasdaq

 

Thank you.  I don't know that I have had a good configuration that I can identify. 

 

The PC is new.  Soon after loading the operating system and several applications, the machine became severely infected (infection #1).   Through multiple scans I was able to clean the machine but a combination of running rkill, JRT scans always revealed something was lingering - (Stopzilla would find things).

 

Then the PC became severely infected again (#2) and Gary Bleeping Computer assisted in fixing this.  Then the current infection.  I suspect that rebuilding the PC is the best action at this time.

 

Thank you for your time.

 

Peter



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:11 PM

Posted 21 September 2014 - 06:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users