Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Prism on steroids that killed Task manager & only safe mode [Solve


  • This topic is locked This topic is locked

#1
steveAA

steveAA

    Member

  • Member
  • PipPip
  • 65 posts
I had the Prism and thought I had killed it and conduit and more. Then Task Manager became minature and unable to see and all the dialog boxes are blank. Can't see what to do. Then all AV and AM didn't work well, Panda didn't catch and the rescue disc didn't really work, nor MBAM, now I automatically start in Safe mode only. Hitman pro helped at first, then didn't and efix couldn't help anymore. Tried TSSkiller too. CTL will not run so I can't run it. I think a nasty rootkit hit me. GTG has been great in the past and as I read the similar topic posts this looks like a senior fixer is needed. The closest description I read was like the Sality virus. Help as I'm pretty dead in the water. Steve
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello steveAA and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

For this step you will need clean machine to download tool first. Let's begin

Step 1

  • On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system 32bit or 64bit version.

    Plug the flashdrive into the infected PC.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Step 2

Please don't forget to include these items in your reply:

  • FRST log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thank you very much Maliprog. I really appreciate the help. I've printed out the instructions and downloaded the FRST program and will use tonight and post the results when I get home. As I was on the website, I also downloaded the other programs to the flash drive should I need them later. I will not run them unless you recommend. On the flashdrive are Combofix, Adwcleaner, rkill and tdsswkiller.
  • 0

#4
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I ran the FRST and here's the log. BTW. Is that flashdrive now infected as I used it in the offending computer?
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by New at 2013-09-16 22:47:43
Running from D:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615)
Advanced SystemCare 6 (x32 Version: 6.4)
Ant.com IE add-on (x32 Version: 2.2.4.1076)
Apple Application Support (x32 Version: 2.3)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
Applet (HKCU)
Bonjour (Version: 3.0.0.10)
Debug Diagnostics 1.2 (Version: 1.2.0.52)
DefaultTab (x32 Version: 1.2.8.0)
eFix Pro (Version: 1.7.0.5)
Exterminate It! (x32 Version: 2.05.01.15)
File Type Assistant (x32)
Final Media Player 2010 (x32)
FreeFixer (x32 Version: 1.03)
Google Chrome (x32 Version: 29.0.1547.62)
Google Quick Search Box (x32 Version: 1.2.1151.245)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Google Updater (x32 Version: 2.4.2432.1652)
HiJackThis (x32 Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.7.205)
iCloud (Version: 1.0.2.17)
IObit Malware Fighter (x32 Version: 2.0)
iTunes (Version: 10.5.2.11)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 35 (x32 Version: 6.0.350)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
MixiDJ V37 Toolbar (x32 Version: 6.15.0.27)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MyPC Backup (Version: )
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Panda Cloud Cleaner (x32 Version: 1.0.50)
Panda Global Protection 2014 (x32 Version: 7.00.01)
Panda Gold Protection (x32 Version: 7.00.01)
Panda Security URL Filtering (x32 Version: 2.0.0.14)
Password Depot 6 - Panda Secure Vault Edition (x32 Version: 6.1.5)
Picasa 3 (x32 Version: 3.9)
Prism Video File Converter (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.71.80.42)
Search Protect by conduit (x32 Version: 1.5.0.71)
Smart Defrag 2 (x32 Version: 2.7)
Spyware Doctor 7.0 (x32 Version: 7.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Video Free Files Convert 1.1 (x32 Version: 1.1)
VideoPad Video Editor (x32)
WebM Media Foundation Components (x32 Version: 1.0.0.0)

==================== Restore Points =========================

31-08-2013 19:40:28 Installed SpyHunter
31-08-2013 20:08:54 Windows Update
03-09-2013 00:04:58 eFix Pro Restore Point
03-09-2013 02:33:17 Installed Microsoft Fix it 50123
04-09-2013 07:19:18 eFix Pro Restore Point

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-05-26 23:24 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {009E31C8-8D36-4760-B70A-5451E5E14E7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {02EB9635-457F-4217-B91D-E870E4A059D0} - System32\Tasks\User_Feed_Synchronization-{2BAD8D52-DBE8-464C-972C-BFE20FA50F24} => C:\Windows\system32\msfeedssync.exe [2013-03-21] (Microsoft Corporation)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0CBF8358-A1B9-43CE-AE37-CD53B4A9EA3E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3875981451-602879983-1112890082-1005 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {12E2ADDD-6703-4F4A-82A6-1B4B10AA6ED5} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-12-25] (IObit)
Task: {1F1690A9-61DC-448A-871C-13223DF5EA4E} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)
Task: {22F1CF82-B257-404E-86C7-DC8CA9427CB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3E3DB247-8AB7-47B5-AF8C-1201EC42002B} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {4B98FA49-DC9C-41DB-9BC9-E59AF24893D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {79A5E9EA-54CC-4F06-BD4F-6E36A7AB83BD} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files (x86)\NCH Software\Prism\Prism.exe [2012-07-30] (NCH Software)
Task: {858059C6-0B62-403A-BD1C-1FE09ADE4809} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-09-22] (Bitberry Software)
Task: {AFF1D205-632D-4E6D-859C-820F2514A567} - System32\Tasks\Basic clean-up => C:\Program Files (x86)\Panda Security\Panda Gold Protection\PlaTasks.exe [2012-05-17] (Panda Security, S.L.)
Task: {C4127D93-655C-4443-941D-D956B6E2A1C0} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {C6325DF0-05C9-4EED-920A-309F11C6CB92} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-01] (Google)
Task: {D0083C91-5F15-4151-964D-A76624D34504} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {D5316DE3-0D04-4A36-A1DD-078E01BED9D1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D696754B-C61B-43A7-8C2A-9C3F320C224B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Basic clean-up.job => C:\Program Files (x86)\Panda Security\Panda Gold Protection\PlaTasks.exe
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 10:42:30 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/16/2013 10:42:25 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/16/2013 10:40:46 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (09/16/2013 10:40:46 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (09/11/2013 01:40:53 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/11/2013 01:40:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/10/2013 09:59:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\eFix\eFix Pro\eFixProMain.exe Files\eFix\eFix Pro\eFixProMain.exe" http://www.efix.com/...e4ec2a049a1a7f7 ; Description = eFix Pro Restore Point; Error = 0x8007043c).

Error: (09/10/2013 07:28:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 6828. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (09/10/2013 07:28:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/10/2013 07:28:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 6828. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


System errors:
=============
Error: (09/16/2013 10:42:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
cdrom
CSC
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
ShldFlt
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:15 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (09/16/2013 10:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-09-05 21:47:48.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 19:15:57.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 18:36:03.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 18:00:49.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 11:20:35.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 04:04:53.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 20:51:57.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 18:01:24.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 13:37:21.465
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-04 06:21:14.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 7935.24 MB
Available physical RAM: 7131.98 MB
Total Pagefile: 15868.67 MB
Available Pagefile: 15074.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:13.07 GB) NTFS
Drive d: () (Removable) (Total:0.95 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 02EB7ED7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 970 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=970 MB) - (Type=06)

==================== End Of Log ============================


  • 0

#5
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Forgot to ask one thing. When Windows opens in SAFE mode, The Help screen opens with it. Is that normal? Thanks.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi steveAA,

I ran the FRST and here's the log. BTW. Is that flashdrive now infected as I used it in the offending computer?


You should run this scan in System Recovery Mode not in Safe Mode. This is why I posted that instruction.

Can you please post FRST.txt log for me. It should be in the same folder from where you run FRST. You posted only Additional scan log from FRST.
  • 0

#7
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Opps. Sorry. Here it is. BTW, I went to Firefox to sign into GTG. I Couldn't because the dialog boxes were so small I couldn't click on them to sign in??? Similar reduced graphics are on Task Manager. Here's the log. Looks like some bad actors in there, but you're the judge.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by SYSTEM on MININT-B9GIBOJ on 17-09-2013 08:00:28
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet004
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\RunOnce: [eFix Pro: Post-Reboot] - C:\eFixUndo\PostReboot\PR.lnk [1019 2013-09-10] ()
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKLM-x32\...\Run: [ISTray] - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe [1287120 2010-05-11] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1514816 2013-06-07] (IObit)
HKLM-x32\...\Run: [APVXDWIN] - C:\Program Files (x86)\Panda Security\Panda Gold Protection\APVXDWIN.EXE [1054688 2013-06-20] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] - C:\Program Files (x86)\Panda Security\Panda Gold Protection\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Guest\...\Run: [SearchProtect] - C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Guest\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKU\New\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\New\...\Run: [SearchProtect] - C:\Users\New\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\New\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKU\New\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-08-19] (Adobe Systems Incorporated)
HKU\New\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE, <==== ATTENTION
HKU\Steve\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-21] (Google Inc.)
HKU\Steve\...\Policies\system: [LogonHoursAction] 2
HKU\Steve\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
BootExecute: autocheck autochk * native.exe

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-07] (Conduit)
S2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
S2 eFixRealTimeProtection; C:\Program Files\eFix\eFix Pro\ReiGuard.exe [4394856 2013-08-28] (Reimage®)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-31] (SurfRight B.V.)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
S2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Gold Protection\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
S2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
S2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Gold Protection\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
S2 PSHost; c:\program files (x86)\panda security\panda gold protection\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
S2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
S2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Gold Protection\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
S2 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools)
S2 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools)
S2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Gold Protection\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)
S2 0013031366238810mcinstcleanup;
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 MsMpSvc;
S3 NisSrv;

==================== Drivers (Whitelisted) ====================

S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
S2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
S2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2013-08-25] ()
S2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2013-08-25] ()
S2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
S2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
S3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [233488 2010-03-29] (PC Tools)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.)
S1 bziifcaf; No ImagePath
S3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
S1 zagxrjah; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 21:46 - 2013-09-16 21:46 - 00000000 ___DC C:\FRST
2013-09-10 18:26 - 2013-09-10 18:26 - 00000000 ____D C:\Windows\LastGood
2013-09-08 20:42 - 2013-09-08 20:43 - 00000000 ____D C:\Users\New\Desktop\Geekstogosteps
2013-09-08 20:32 - 2013-09-08 20:32 - 00522240 _____ (OldTimer Tools) C:\Users\New\Downloads\OTM.exe
2013-09-08 20:32 - 2013-09-08 20:32 - 00000000 ____D C:\Windows\ERDNT
2013-09-08 20:31 - 2013-09-08 20:31 - 00000000 ____D C:\Users\New\Documents\erunt
2013-09-08 19:42 - 2013-09-08 19:42 - 00602112 _____ (OldTimer Tools) C:\Users\New\Desktop\OTL.com
2013-09-08 19:41 - 2013-09-08 19:41 - 00602112 _____ (OldTimer Tools) C:\Users\New\Downloads\OTL.exe
2013-09-05 22:41 - 2013-09-05 22:41 - 01440846 _____ C:\Users\New\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Panda Security
2013-09-03 00:07 - 2013-09-03 00:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SearchProtect
2013-09-03 00:00 - 2013-09-03 00:00 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-02 23:57 - 2013-09-02 23:57 - 04454952 _____ (Piriform Ltd) C:\Users\New\Downloads\ccsetup405(1).exe
2013-09-02 23:51 - 2013-09-02 23:52 - 04454952 _____ (Piriform Ltd) C:\Users\New\Downloads\ccsetup405.exe
2013-09-02 18:38 - 2013-09-10 22:05 - 00005038 _____ C:\Windows\PFRO.log
2013-09-02 18:38 - 2013-09-03 22:08 - 00000560 _____ C:\Windows\setupact.log
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 _____ C:\Windows\setuperr.log
2013-08-31 18:18 - 2013-08-31 18:18 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-31 18:18 - 2013-08-31 18:18 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-31 18:17 - 2013-09-02 18:40 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-31 18:17 - 2013-08-31 18:17 - 00001087 _____ C:\Users\New\Desktop\MyPC Backup.lnk
2013-08-31 18:16 - 2013-09-06 07:07 - 00000000 ____D C:\Users\New\AppData\Roaming\SearchProtect
2013-08-31 18:16 - 2013-09-06 07:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-31 18:16 - 2013-08-31 18:16 - 00584600 _____ C:\Users\New\Downloads\cbsidlm-tr1_14-HitmanPro_3_64bit-SEO-75110395(1).exe
2013-08-31 18:16 - 2013-08-31 18:16 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37
2013-08-31 18:16 - 2013-05-07 22:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-31 18:16 - 2013-05-07 22:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-31 18:15 - 2013-08-31 18:16 - 00000009 ____C C:\END
2013-08-31 18:15 - 2013-08-31 18:15 - 00584600 _____ C:\Users\New\Downloads\cbsidlm-tr1_14-HitmanPro_3_64bit-SEO-75110395.exe
2013-08-31 17:46 - 2013-08-31 17:46 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-31 17:46 - 2013-08-31 17:46 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-31 17:46 - 2013-08-31 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-31 17:39 - 2013-08-31 17:40 - 00281776 _____ (Mozilla) C:\Users\New\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-31 12:29 - 2013-08-31 17:08 - 00000000 ____D C:\Program Files (x86)\Secure Speed Dial
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2013-08-31 11:36 - 2013-08-31 11:37 - 74188800 _____ C:\Users\Steve\Downloads\pandarescuedisk.iso
2013-08-30 11:09 - 2013-08-30 11:09 - 00000000 ____D C:\Users\Steve\AppData\Local\Panda Security
2013-08-30 10:49 - 2013-08-30 10:49 - 00003416 ____N C:\bootsqm.dat
2013-08-28 04:35 - 2013-08-28 04:35 - 00000000 __SHD C:\found.001
2013-08-28 04:25 - 2013-08-29 22:43 - 00000302 _____ C:\Windows\System32\Drivers\etc\pfdnnt.act
2013-08-28 04:05 - 2013-08-28 04:05 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-08-28 03:50 - 2013-08-28 03:50 - 00000004 _____ C:\Users\New\AppData\Roaming\skype.ini
2013-08-26 23:32 - 2013-08-26 23:32 - 00001661 _____ C:\Users\New\Desktop\Temporary Internet Files - Shortcut (2).lnk
2013-08-26 22:09 - 2013-08-26 22:09 - 00003266 _____ C:\Windows\System32\Tasks\{23C60D41-8E28-4EDE-98B6-97F9FC37D294}
2013-08-26 14:01 - 2013-08-26 14:02 - 00001282 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2013-08-25 18:10 - 2013-09-10 18:28 - 00005122 _____ C:\Windows\System32\PerfStringBackup.TMP
2013-08-25 18:02 - 2013-09-16 22:00 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt
2013-08-25 18:02 - 2013-09-03 22:21 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt.bck
2013-08-25 18:02 - 2013-09-03 22:21 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg.bck
2013-08-25 18:02 - 2013-09-03 22:21 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg
2013-08-25 18:02 - 2013-09-03 22:21 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg.bck
2013-08-25 18:02 - 2013-09-03 22:21 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg
2013-08-25 18:01 - 2013-09-03 22:21 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg.bck
2013-08-25 18:01 - 2013-09-03 22:21 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 _____ C:\Windows\System32\dummy.001
2013-08-25 18:00 - 2013-09-03 22:12 - 00000072 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt.bck
2013-08-25 18:00 - 2013-09-03 22:12 - 00000072 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt
2013-08-25 17:58 - 2013-09-02 14:28 - 00001056 _____ C:\Windows\System32\SettingsFile
2013-08-25 17:57 - 2013-09-03 22:21 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg.bck
2013-08-25 17:57 - 2013-09-03 22:21 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg
2013-08-25 00:20 - 2013-09-03 22:12 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg.bck
2013-08-25 00:20 - 2013-09-03 22:12 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg
2013-08-25 00:14 - 2013-08-25 00:14 - 00015928 _____ C:\Windows\System32\Drivers\COMFiltr.sys
2013-08-25 00:14 - 2013-08-25 00:14 - 00000253 _____ C:\Windows\System32\PavCPL64.dat
2013-08-25 00:13 - 2013-09-03 22:52 - 00347500 _____ C:\Windows\System32\Drivers\APPFCONT.DAT.bck
2013-08-25 00:13 - 2013-09-03 22:52 - 00347500 _____ C:\Windows\System32\Drivers\APPFCONT.DAT
2013-08-25 00:13 - 2013-09-03 22:21 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls.bck
2013-08-25 00:13 - 2013-09-03 22:21 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls
2013-08-25 00:13 - 2013-09-03 22:21 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG.bck
2013-08-25 00:13 - 2013-09-03 22:21 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG
2013-08-25 00:13 - 2013-08-25 00:19 - 00000486 _____ C:\Windows\Tasks\Basic clean-up.job
2013-08-25 00:13 - 2013-08-25 00:13 - 00003332 _____ C:\Windows\System32\Tasks\Basic clean-up
2013-08-25 00:13 - 2013-08-25 00:13 - 00002465 _____ C:\Users\Public\Desktop\Install remote access.lnk
2013-08-25 00:13 - 2013-08-25 00:13 - 00002184 _____ C:\Users\Public\Desktop\Panda Gold Protection.lnk
2013-08-25 00:13 - 2011-01-31 15:41 - 00129096 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\APPFLT64.SYS
2013-08-25 00:13 - 2010-09-09 15:23 - 00078920 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\idsflt64.sys
2013-08-25 00:13 - 2009-09-25 13:54 - 00170504 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\NETTDI64.SYS
2013-08-25 00:13 - 2009-09-25 13:54 - 00082952 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\dsaflt64.sys
2013-08-25 00:13 - 2009-09-25 13:54 - 00074760 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\wnmflt64.sys
2013-08-25 00:13 - 2009-09-25 13:54 - 00031752 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\fnetm64.sys
2013-08-25 00:13 - 2009-08-13 17:07 - 00729424 _____ (WeOnlyDo Software) C:\Windows\SysWOW64\wodSFTP.dll
2013-08-25 00:13 - 2009-08-13 17:07 - 00672024 _____ (WeOnlyDo! COM) C:\Windows\SysWOW64\wodKeys.dll
2013-08-25 00:12 - 2013-08-25 00:12 - 00000000 ____D C:\Windows\SysWOW64\PAV
2013-08-25 00:12 - 2012-11-20 11:20 - 00545056 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll
2013-08-25 00:12 - 2012-11-16 11:08 - 00837920 _____ (Panda Security, S.L.) C:\Windows\System32\PavSHook64.dll
2013-08-25 00:12 - 2012-05-22 14:54 - 00087328 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll
2013-08-25 00:12 - 2012-05-22 14:52 - 00117024 _____ (Panda Security, S.L.) C:\Windows\System32\PavLspHook64.dll
2013-08-25 00:12 - 2012-04-20 12:42 - 00024064 _____ (Panda Security, S.L.) C:\Windows\System32\sysHelper64.dll
2013-08-25 00:12 - 2012-03-26 17:57 - 00071432 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\amm6460.sys
2013-08-25 00:12 - 2010-09-01 10:09 - 00216648 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\n64i1644.sys
2013-08-25 00:12 - 2010-06-21 16:02 - 00323392 _____ (Panda Security, S.L.) C:\Windows\System32\TpUtil64.dll
2013-08-25 00:12 - 2010-06-21 16:02 - 00202048 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll
2013-08-25 00:12 - 2010-06-21 16:01 - 00090944 _____ (Panda Security, S.L.) C:\Windows\System32\PavIpc64.dll
2013-08-25 00:12 - 2010-06-21 16:01 - 00066880 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll
2013-08-25 00:12 - 2010-03-24 11:56 - 00064768 _____ (On-Access Anti-Malware Scanner Sync) C:\Windows\System32\avldr64.dll
2013-08-25 00:12 - 2009-10-27 11:07 - 00048136 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\ShldFlt.sys
2013-08-25 00:12 - 2009-08-10 12:46 - 00025344 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll
2013-08-25 00:12 - 2007-03-15 18:38 - 00046640 _____ (Panda Software) C:\Windows\System32\pavcpl64.cpl
2013-08-25 00:12 - 2003-10-22 17:23 - 00446464 _____ (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll
2013-08-24 17:33 - 2013-08-27 18:35 - 00000000 ____D C:\Windows\Minidump
2013-08-24 15:40 - 2013-08-24 15:41 - 74188800 _____ C:\Users\New\Desktop\pandarescuedisk.iso
2013-08-23 13:03 - 2013-09-02 23:08 - 00000358 _____ C:\Windows\System32\.crusader

==================== One Month Modified Files and Folders =======

2013-09-16 22:00 - 2013-08-25 18:02 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt
2013-09-16 21:46 - 2013-09-16 21:46 - 00000000 ___DC C:\FRST
2013-09-10 22:05 - 2013-09-02 18:38 - 00005038 _____ C:\Windows\PFRO.log
2013-09-10 22:05 - 2013-05-26 22:34 - 00000000 _____ C:\Windows\System32\reimage.rep
2013-09-10 21:33 - 2013-05-29 20:27 - 00000000 ___DC C:\rei
2013-09-10 21:29 - 2012-09-13 19:29 - 00000360 _____ C:\Windows\efix.ini
2013-09-10 21:29 - 2011-04-26 18:28 - 00091648 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2013-09-10 20:59 - 2013-05-29 21:33 - 00009728 ____C C:\Windows\System32\Native.exe
2013-09-10 20:59 - 2013-05-29 21:33 - 00000000 ___DC C:\eFixUndo
2013-09-10 18:28 - 2013-08-25 18:10 - 00005122 _____ C:\Windows\System32\PerfStringBackup.TMP
2013-09-10 18:26 - 2013-09-10 18:26 - 00000000 ____D C:\Windows\LastGood
2013-09-08 20:43 - 2013-09-08 20:42 - 00000000 ____D C:\Users\New\Desktop\Geekstogosteps
2013-09-08 20:32 - 2013-09-08 20:32 - 00522240 _____ (OldTimer Tools) C:\Users\New\Downloads\OTM.exe
2013-09-08 20:32 - 2013-09-08 20:32 - 00000000 ____D C:\Windows\ERDNT
2013-09-08 20:31 - 2013-09-08 20:31 - 00000000 ____D C:\Users\New\Documents\erunt
2013-09-08 19:50 - 2011-01-06 19:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-08 19:42 - 2013-09-08 19:42 - 00602112 _____ (OldTimer Tools) C:\Users\New\Desktop\OTL.com
2013-09-08 19:41 - 2013-09-08 19:41 - 00602112 _____ (OldTimer Tools) C:\Users\New\Downloads\OTL.exe
2013-09-06 08:11 - 2013-04-14 00:17 - 00000000 ____D C:\users\UpdatusUser.New-PC
2013-09-06 08:11 - 2012-01-12 11:07 - 00000000 ____D C:\users\Guest
2013-09-06 08:05 - 2010-12-30 19:58 - 00000000 ____D C:\users\Steve
2013-09-06 07:07 - 2013-08-31 18:16 - 00000000 ____D C:\Users\New\AppData\Roaming\SearchProtect
2013-09-06 07:07 - 2013-08-31 18:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-06 07:07 - 2013-06-10 03:47 - 00000000 ____D C:\ProgramData\CDB
2013-09-06 07:07 - 2012-09-13 21:30 - 00000000 ____D C:\Users\New\AppData\Roaming\IObit
2013-09-06 07:07 - 2012-07-30 19:40 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-06 07:07 - 2011-10-27 17:43 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-06 07:07 - 2011-01-06 21:14 - 00000000 ____D C:\Program Files (x86)\Video Free Files Convert
2013-09-06 07:07 - 2010-12-26 13:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-06 07:07 - 2010-08-16 04:32 - 00000000 ____D C:\users\New
2013-09-06 07:07 - 2010-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\Spyware Doctor
2013-09-06 07:07 - 2010-08-15 14:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-06 07:07 - 2010-08-15 13:43 - 00000000 ____D C:\Program Files\7-Zip
2013-09-06 07:07 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-06 07:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-09-06 07:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-09-06 07:06 - 2012-10-01 20:01 - 00000000 ____D C:\Program Files\DebugDiag
2013-09-06 07:06 - 2010-08-15 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-06 07:06 - 2009-07-13 19:20 - 00000000 ____D C:\users\Default
2013-09-05 22:41 - 2013-09-05 22:41 - 01440846 _____ C:\Users\New\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-09-05 17:53 - 2009-07-13 20:45 - 00015168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 17:53 - 2009-07-13 20:45 - 00015168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 23:14 - 2010-08-16 04:29 - 01271982 _____ C:\Windows\WindowsUpdate.log
2013-09-03 23:08 - 2010-08-15 15:12 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 22:53 - 2013-05-29 20:27 - 00001780 _____ C:\Users\Public\Desktop\eFix Pro.lnk
2013-09-03 22:52 - 2013-08-25 00:13 - 00347500 _____ C:\Windows\System32\Drivers\APPFCONT.DAT.bck
2013-09-03 22:52 - 2013-08-25 00:13 - 00347500 _____ C:\Windows\System32\Drivers\APPFCONT.DAT
2013-09-03 22:36 - 2012-04-10 17:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 22:21 - 2013-08-25 18:02 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt.bck
2013-09-03 22:21 - 2013-08-25 18:02 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg.bck
2013-09-03 22:21 - 2013-08-25 18:02 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg
2013-09-03 22:21 - 2013-08-25 18:02 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg.bck
2013-09-03 22:21 - 2013-08-25 18:02 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg
2013-09-03 22:21 - 2013-08-25 18:01 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg.bck
2013-09-03 22:21 - 2013-08-25 18:01 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg
2013-09-03 22:21 - 2013-08-25 17:57 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg.bck
2013-09-03 22:21 - 2013-08-25 17:57 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg
2013-09-03 22:21 - 2013-08-25 00:13 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls.bck
2013-09-03 22:21 - 2013-08-25 00:13 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls
2013-09-03 22:21 - 2013-08-25 00:13 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG.bck
2013-09-03 22:21 - 2013-08-25 00:13 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG
2013-09-03 22:19 - 2011-01-06 21:26 - 00000406 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-09-03 22:19 - 2010-08-15 15:12 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 22:12 - 2013-08-25 18:00 - 00000072 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt.bck
2013-09-03 22:12 - 2013-08-25 18:00 - 00000072 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt
2013-09-03 22:12 - 2013-08-25 00:20 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg.bck
2013-09-03 22:12 - 2013-08-25 00:20 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg
2013-09-03 22:08 - 2013-09-02 18:38 - 00000560 _____ C:\Windows\setupact.log
2013-09-03 22:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Panda Security
2013-09-03 00:11 - 2012-01-12 11:09 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-03 00:07 - 2013-09-03 00:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SearchProtect
2013-09-03 00:07 - 2013-03-16 19:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\IObit
2013-09-03 00:00 - 2013-09-03 00:00 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-02 23:57 - 2013-09-02 23:57 - 04454952 _____ (Piriform Ltd) C:\Users\New\Downloads\ccsetup405(1).exe
2013-09-02 23:52 - 2013-09-02 23:51 - 04454952 _____ (Piriform Ltd) C:\Users\New\Downloads\ccsetup405.exe
2013-09-02 23:08 - 2013-08-23 13:03 - 00000358 _____ C:\Windows\System32\.crusader
2013-09-02 22:11 - 2011-01-06 21:08 - 00138752 ___SH C:\Users\New\Documents\Thumbs.db
2013-09-02 18:44 - 2013-02-16 22:23 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BAD8D52-DBE8-464C-972C-BFE20FA50F24}
2013-09-02 18:40 - 2013-08-31 18:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 18:30 - 2010-08-16 05:25 - 00000000 ____D C:\Windows\Panther
2013-09-02 15:22 - 2012-10-06 11:30 - 00008627 _____ C:\Windows\SysWOW64\PAV_FOG.OPC
2013-09-02 14:39 - 2009-07-13 21:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-02 14:28 - 2013-08-25 17:58 - 00001056 _____ C:\Windows\System32\SettingsFile
2013-08-31 21:44 - 2010-08-15 14:21 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-31 18:25 - 2013-08-17 11:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-31 18:18 - 2013-08-31 18:18 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-31 18:18 - 2013-08-31 18:18 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-31 18:17 - 2013-08-31 18:17 - 00001087 _____ C:\Users\New\Desktop\MyPC Backup.lnk
2013-08-31 18:17 - 2013-08-17 10:53 - 09879648 _____ (SurfRight B.V.) C:\Users\New\Downloads\HitmanPro_x64.exe
2013-08-31 18:16 - 2013-08-31 18:16 - 00584600 _____ C:\Users\New\Downloads\cbsidlm-tr1_14-HitmanPro_3_64bit-SEO-75110395(1).exe
2013-08-31 18:16 - 2013-08-31 18:16 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37
2013-08-31 18:16 - 2013-08-31 18:15 - 00000009 ____C C:\END
2013-08-31 18:15 - 2013-08-31 18:15 - 00584600 _____ C:\Users\New\Downloads\cbsidlm-tr1_14-HitmanPro_3_64bit-SEO-75110395.exe
2013-08-31 18:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-08-31 17:58 - 2011-06-06 18:54 - 00001010 __RSH C:\Users\Steve\ntuser.pol
2013-08-31 17:46 - 2013-08-31 17:46 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-31 17:46 - 2013-08-31 17:46 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-31 17:46 - 2013-08-31 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-31 17:40 - 2013-08-31 17:39 - 00281776 _____ (Mozilla) C:\Users\New\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-31 17:08 - 2013-08-31 12:29 - 00000000 ____D C:\Program Files (x86)\Secure Speed Dial
2013-08-31 17:08 - 2013-05-26 22:26 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-31 17:08 - 2012-09-13 21:30 - 00000000 ____D C:\ProgramData\IObit
2013-08-31 17:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-31 17:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-31 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-31 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-31 12:22 - 2013-08-03 21:06 - 00000000 ____D C:\Windows\System32\MRT
2013-08-31 11:49 - 2013-08-31 11:49 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2013-08-31 11:49 - 2010-12-30 20:01 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2013-08-31 11:37 - 2013-08-31 11:36 - 74188800 _____ C:\Users\Steve\Downloads\pandarescuedisk.iso
2013-08-31 11:27 - 2010-12-30 19:59 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2013-08-30 11:09 - 2013-08-30 11:09 - 00000000 ____D C:\Users\Steve\AppData\Local\Panda Security
2013-08-30 11:07 - 2010-12-30 19:59 - 00109296 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 11:06 - 2013-01-20 22:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\IObit
2013-08-30 10:54 - 2010-08-15 15:09 - 00000880 _____ C:\Windows\Tasks\Google Software Updater.job
2013-08-30 10:49 - 2013-08-30 10:49 - 00003416 ____N C:\bootsqm.dat
2013-08-29 23:27 - 2011-01-06 21:14 - 09079808 _____ C:\Windows\SysWOW64\alltoall.exe
2013-08-29 22:43 - 2013-08-28 04:25 - 00000302 _____ C:\Windows\System32\Drivers\etc\pfdnnt.act
2013-08-29 22:28 - 2013-01-28 21:57 - 00001200 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-08-29 22:28 - 2013-01-28 21:57 - 00001149 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-08-28 23:48 - 2013-06-10 03:49 - 00002993 _____ C:\Windows\System32\ScanResults.xml
2013-08-28 04:35 - 2013-08-28 04:35 - 00000000 __SHD C:\found.001
2013-08-28 04:05 - 2013-08-28 04:05 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-08-28 03:50 - 2013-08-28 03:50 - 00000004 _____ C:\Users\New\AppData\Roaming\skype.ini
2013-08-27 18:35 - 2013-08-24 17:33 - 00000000 ____D C:\Windows\Minidump
2013-08-27 10:15 - 2011-08-16 16:15 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 23:32 - 2013-08-26 23:32 - 00001661 _____ C:\Users\New\Desktop\Temporary Internet Files - Shortcut (2).lnk
2013-08-26 22:09 - 2013-08-26 22:09 - 00003266 _____ C:\Windows\System32\Tasks\{23C60D41-8E28-4EDE-98B6-97F9FC37D294}
2013-08-26 14:02 - 2013-08-26 14:01 - 00001282 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2013-08-26 14:01 - 2011-01-17 21:19 - 00000000 ____D C:\Program Files (x86)\Panda Security
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 _____ C:\Windows\System32\dummy.001
2013-08-25 00:19 - 2013-08-25 00:13 - 00000486 _____ C:\Windows\Tasks\Basic clean-up.job
2013-08-25 00:14 - 2013-08-25 00:14 - 00015928 _____ C:\Windows\System32\Drivers\COMFiltr.sys
2013-08-25 00:14 - 2013-08-25 00:14 - 00000253 _____ C:\Windows\System32\PavCPL64.dat
2013-08-25 00:13 - 2013-08-25 00:13 - 00003332 _____ C:\Windows\System32\Tasks\Basic clean-up
2013-08-25 00:13 - 2013-08-25 00:13 - 00002465 _____ C:\Users\Public\Desktop\Install remote access.lnk
2013-08-25 00:13 - 2013-08-25 00:13 - 00002184 _____ C:\Users\Public\Desktop\Panda Gold Protection.lnk
2013-08-25 00:12 - 2013-08-25 00:12 - 00000000 ____D C:\Windows\SysWOW64\PAV
2013-08-25 00:12 - 2011-01-17 21:21 - 00000000 ____D C:\Users\New\AppData\Roaming\Panda Security
2013-08-25 00:12 - 2011-01-17 21:19 - 00000000 ____D C:\ProgramData\Panda Security
2013-08-24 23:38 - 2010-12-24 00:49 - 00000000 ____D C:\Users\New\Documents\Images
2013-08-24 23:27 - 2013-08-15 18:18 - 19221504 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 15407616 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-24 23:27 - 2013-08-15 18:18 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 02240512 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 02046464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 01766912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-24 23:27 - 2013-08-15 18:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-24 23:27 - 2013-08-15 17:32 - 01219584 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-24 23:27 - 2013-08-15 17:32 - 01159680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-24 23:27 - 2013-08-15 17:32 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 23:27 - 2013-08-15 17:32 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-24 23:27 - 2013-08-15 17:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-24 23:27 - 2013-06-09 23:33 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-08-24 23:27 - 2013-05-18 13:50 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-08-24 23:27 - 2013-05-18 13:50 - 12873728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-24 23:27 - 2013-05-18 13:50 - 00196608 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-08-24 23:27 - 2013-04-13 11:11 - 00112640 ____N (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-08-24 23:27 - 2013-01-10 00:06 - 00800256 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-08-24 23:27 - 2013-01-10 00:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-08-24 23:27 - 2013-01-10 00:05 - 02746880 _____ (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-08-24 23:27 - 2012-11-15 21:23 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-08-24 23:27 - 2012-11-15 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-08-24 23:27 - 2012-11-15 21:23 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-08-24 23:27 - 2012-06-15 10:26 - 03211776 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-08-24 23:27 - 2012-06-15 10:26 - 00209920 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-08-24 23:27 - 2012-02-15 21:57 - 00515584 _____ (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-08-24 23:27 - 2012-02-15 21:57 - 00509952 _____ (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2013-08-24 23:27 - 2011-08-10 15:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2013-08-24 23:27 - 2010-08-15 15:53 - 70004024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-24 23:27 - 2010-08-15 13:48 - 00270720 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-08-24 23:26 - 2013-08-15 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-24 23:26 - 2013-08-15 17:32 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-24 23:26 - 2013-08-15 17:32 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-24 23:26 - 2013-07-18 23:26 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-08-24 23:26 - 2013-06-09 23:32 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-08-24 23:26 - 2013-05-18 13:50 - 01927680 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-08-24 23:26 - 2013-05-18 13:50 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-08-24 23:26 - 2013-04-13 11:11 - 00043520 ____N (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-08-24 23:26 - 2012-11-15 21:22 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-08-24 23:26 - 2012-11-15 21:22 - 00054272 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-08-24 23:26 - 2011-04-26 18:29 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-24 23:26 - 2011-04-26 18:28 - 02565632 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-08-24 23:26 - 2009-07-13 18:34 - 00000403 ____N C:\Windows\win.ini
2013-08-24 17:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 15:45 - 2012-10-07 21:32 - 00000000 ___DC C:\Panda Software
2013-08-24 15:41 - 2013-08-24 15:40 - 74188800 _____ C:\Users\New\Desktop\pandarescuedisk.iso
2013-08-22 22:15 - 2011-01-27 00:14 - 00002150 _____ C:\Windows\epplauncher.mif
2013-08-22 20:36 - 2012-04-10 17:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 20:36 - 2012-04-10 17:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 20:36 - 2011-05-16 21:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-18 20:00 - 2009-07-13 20:45 - 00413312 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-18 19:40 - 2010-08-15 13:53 - 00000000 ____D C:\ProgramData\Microsoft Help

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3875981451-602879983-1112890082-1000\$0ad07e67133f837142c29a0767cd5586

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586

Files to move or delete:
====================
C:\ProgramData\3aofi.bat
C:\ProgramData\3aofi.pad
C:\ProgramData\iwh9r.bat
C:\ProgramData\iwh9r.pad
C:\Users\New\AppData\Roaming\skype.ini


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

5
Restore point made on: 2013-08-31 11:41:40
Restore point made on: 2013-08-31 12:09:05
Restore point made on: 2013-09-02 16:06:10
Restore point made on: 2013-09-02 18:33:35
Restore point made on: 2013-09-03 23:20:58

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 7935.24 MB
Available physical RAM: 7156.66 MB
Total Pagefile: 7933.39 MB
Available Pagefile: 7150.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:13.07 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 02EB7ED7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 970 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=970 MB) - (Type=06)


LastRegBack: 2013-08-24 16:58

==================== End Of Log ============================


  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi steveAA,

You are right. You have nasty infection on your system. Let's try to remove it.

Step 1

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-21-3875981451-602879983-1112890082-1000\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\ProgramData\3aofi.bat
C:\ProgramData\3aofi.pad
C:\ProgramData\iwh9r.bat
C:\ProgramData\iwh9r.pad
C:\Users\New\AppData\Roaming\skype.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


On Vista or Windows 7: Now please enter System Recovery Options as you did last time.

Run FRST and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

Step 2

Let's try to configure to boot your system in Normal mode.

  • Click Start then Run type in msconfig and press Enter;
  • Go to the Boot tab
  • Uncheck the Safe boot box in the Boot Options section;
  • Click OK
  • Select Restart when prompted.

Restart your system and let me know if your system is booting in Normal mode.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • FRST fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the Fixlog.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 01
Ran by SYSTEM at 2013-09-17 22:56:12 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-21-3875981451-602879983-1112890082-1000\$0ad07e67133f837142c29a0767cd5586
C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586
C:\ProgramData\3aofi.bat
C:\ProgramData\3aofi.pad
C:\ProgramData\iwh9r.bat
C:\ProgramData\iwh9r.pad
C:\Users\New\AppData\Roaming\skype.ini
*****************

C:\$Recycle.Bin\S-1-5-18\$0ad07e67133f837142c29a0767cd5586 => Moved successfully.

==== End of Fixlog ====

.


  • 0

#10
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
NOW is where we have a problem.
I had mentioned before that Task Manager had been "Miniaturized". The dialog boxes and tabs are so small you can't read them. Plus, the Dialog boxes are blank. There's no words on the page and only the small boxes or circles are shown.
The same thing is on the msconfig page. I can't tell where to check "Run"
Suggestions?
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Try to click Start then type msconfig in Search box. You will get msconfig as search result and then click on it.
  • 0

#12
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I did use the search box with "msconfig" The System Configuration page is "miniature". I can see the 5 tabs on top which are maybe 1/4" wide. 3 check circles to the left and 3 small boxes below that. NO Graphics or words are shown. The page is longer than the window too. <BR>The very last tab is the only one that shows words. It's like a command dialog box and in it has has C:\Windows\System32\winver.exe.

Edited by steveAA, 18 September 2013 - 12:23 AM.

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. I understand. Please run Combofix as I described and I'll try to find solution for this problem.
  • 0

#14
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Same problem with Combofix. I can't read the disclaimer. There's no words in the dialog boxes so I can't see which box to click on.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download

Attached File  getid.bat   42bytes   226 downloads

  • Right click on it and select Run as Administartor
  • It will create getid.txt and open it
  • Copy content of that file here to me.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP