Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP!

Started by stuck_n_loop , Oct 12 2016 02:41 PM

  • Please log in to reply

#1
stuck_n_loop
Posted 12 October 2016 - 02:41 PM

stuck_n_loop

    New Member

  • Member
  • Pip
  • 2 posts

Where to begin?

 

Kaspersky found "Trojan.Multi.GenAutorun.Reg.a" a week or so ago but I've suspected malware for at least 3 or 4 months now.  Sluggishness and the occasional corrupted file fueled those suspicions.  Now if i try to boot up normally, I get the dreaded BSOD.  In Safe mode it does boot eventually but everything is god awfully slow.  I mean seriously slow, like the sloths in Zootopia .  You can almost see each individual pixel get written to the screen.  To boot up with any possibility of decent performance, I boot my aging quad core with a windows 10 WinPE DVD.

 

My infected OS is for the most part 32bit XP. I add the most part because now this Trojan has showed up on my new I7 machine despite being careful not to share removable media.  Obviously I wasn't careful enough. So that was my clean computer and as a result i will need to find something else when I need to download or burn from an uninfected computer.

 

Anyways, one of the effects of my problem is that it appears this culprit is able to "bob and weave" like a champion prizefighter or like an experienced magician, you know, with "smoke and mirrors".    A virus or malware checker scan will return no detections one minute and later the same program will indicate it found15 objects.  Or the app will get nearly complete, like 98%, and then crash.  And all the while my hard drives are seeming to get more and more filled up with stuff I don't  remember ever installing. Or, files I know existed yesterday, I can not locate today.

 

As a result, I need some help from geekstogo to get my sanity back and maybe stop pulling my hair out long enough for it to grow back on its own.

 

From reading some posts, I see that one of the first recommendations is to run FRST and attach the log.  I am not sure if I could do it by downloading to my hard drive when running on a winpe dvd (uninfected I think) and then after rebooting to my safe mode XP on my hard drive (infected) run the tool.  The log file file ends up on my hard drive and then after rebooting to DVD I can get online, like presently, and upload the *.txt file.  Hopefully that works to start this repair process, but if not, I can do it differently.  TIA & awaiting your reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2016
Ran by Administrator (administrator) on MSI (12-10-2016 12:13:07)
Running from F:\kavv
Loaded Profiles: Administrator (Available Profiles: Admin & UpdatusUser & OGG & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [20064872 2011-08-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => E:\WINDOWS\system32\NvMCTray.dll [108392 2012-08-30] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => E:\WINDOWS\system32\NvCpl.dll [15512424 2012-08-30] (NVIDIA Corporation)
HKLM\...\Run: [SpyHunter Security Suite] => E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7445672 2016-09-30] (Enigma Software Group USA, LLC.)
HKLM\...\Run: [nwiz] => E:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-08-30] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-515967899-562591055-527237240-500\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-21-515967899-562591055-527237240-500\...\RunOnce: [_nltide_3] => E:\WINDOWS\system32\advpack.dll [128512 2009-03-07] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => E:\WINDOWS\system32\advpack.dll [128512 2009-03-07] (Microsoft Corporation)
SecurityProviders: schannel.dll, credssp.dll, digest.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - E:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => E:\WINDOWS\system32\AcSignIcon.dll [2005-03-05] (Autodesk)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-20\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{BA91585A-AD2D-41CC-8923-708ADE611006}: [DhcpNameServer] 192.168.29.1
 
Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-562591055-527237240-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-515967899-562591055-527237240-500\Software\Microsoft\Internet Explorer\Main,Start Page = 
URLSearchHook: [S-1-5-21-515967899-562591055-527237240-500] ATTENTION => Default URLSearchHook is missing
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> E:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - E:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - E:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)
 
FireFox:
========
FF DefaultProfile: lpfj87xt.default
FF ProfilePath: E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lpfj87xt.default [2016-09-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-10] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (No Name) - E:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16] [not signed]
FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml [2014-04-26]
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> E:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> E:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF ExtraCheck: E:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
FF ExtraCheck: E:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2014-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: E:\Program Files\mozilla firefox\firefox.cfg [2014-04-26] <==== ATTENTION
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-09-19] (SUPERAntiSpyware.com)
S2 AVP16.0.1; E:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 BITS; C:\WINDOWS\system32\qmgr.dll [706560 2007-02-17] (Microsoft Corporation) [File not signed]
S3 dmadmin; E:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S2 FoxitCloudUpdateService; E:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-08] (Oracle Corporation)
S2 Net Driver HPZ12; E:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S4 OmniForm Printer; E:\WINDOWS\system32\ofps.exe [32768 2001-09-14] () [File not signed]
S2 Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S2 ReimageRealTimeProtector; E:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6489456 2016-09-28] (Reimage®)
S2 SpyHunter 4 Service; E:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [797352 2016-09-30] (Enigma Software Group USA, LLC.)
S2 ss_conn_service; E:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation) [File not signed]
S2 gupdate; "E:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "E:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 PDFProFiltSrv; E:\Program Files\Nuance\PDF Create 8\PDFProFiltSrv.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 81AF6CE3; E:\WINDOWS\System32\drivers\81AF6CE3.sys [153784 2016-10-09] (Kaspersky Lab ZAO)
S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
S3 anvsnddrv; E:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
S1 BANTExt; E:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 BazisVirtualCDBus; E:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 cm_km; E:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
S4 dmboot; E:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S3 epmntdrv; E:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 esgiguard; E:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-05-08] (Enigma Software Group USA, LLC.)
S3 EsgScanner; E:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-05-08] ()
S3 EuGdiDrv; E:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R0 kl1; E:\WINDOWS\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; E:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; E:\WINDOWS\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; E:\WINDOWS\System32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
S3 klflt; E:\WINDOWS\System32\DRIVERS\klflt.sys [148872 2015-12-11] (AO Kaspersky Lab)
S1 klhk; E:\WINDOWS\System32\DRIVERS\klhk.sys [51024 2016-08-16] (AO Kaspersky Lab)
S3 klids; E:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-10-09] (AO Kaspersky Lab)
S1 KLIF; E:\WINDOWS\System32\DRIVERS\klif.sys [773464 2016-08-16] (AO Kaspersky Lab)
S3 klim5; E:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; E:\WINDOWS\System32\DRIVERS\klkbdflt.sys [45440 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; E:\WINDOWS\System32\DRIVERS\klmouflt.sys [37040 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; E:\WINDOWS\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
S1 kltdf; E:\WINDOWS\System32\DRIVERS\kltdf.sys [83328 2015-11-23] (AO Kaspersky Lab)
S1 kltdi; E:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
S1 kneps; E:\WINDOWS\System32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
R0 mv61xxmm; E:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2014-07-13] (Marvell Semiconductor Inc.)
R0 mv64xxmm; E:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2014-07-13] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; E:\WINDOWS\system32\Drivers\mvxxmm.sys [6656 2014-07-13] (Marvell Semiconductor Inc.) [File not signed]
S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2014-07-13] (Microsoft Corporation)
S3 NVHDA; E:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
R0 Ramdisk; E:\WINDOWS\System32\DRIVERS\ramdisk.sys [8192 2002-10-06] (QSoft [ Quality Software ]  ) [File not signed]
S1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SCDEmu; E:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-06-07] (Power Software Ltd)
S1 Tcpip; E:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2014-07-13] (Microsoft Corporation) [File not signed]
S3 cpuz134; \??\E:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GPUZ; \??\E:\DOCUME~1\Admin\LOCALS~1\Temp\GPUZ.sys [X]
S4 IntelIde; no ImagePath
S3 NTIOLib_1_0_C; \??\F:\NTIOLib.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-12 12:08 - 2016-10-12 12:13 - 00000000 ____D E:\FRST
2016-10-11 13:36 - 2016-10-11 13:36 - 00000000 ____D E:\Documents and Settings\Administrator\Application Data\Intuit
2016-10-11 13:33 - 2016-10-11 13:33 - 00001324 _____ E:\WINDOWS\system32\d3d9caps.tmp
2016-10-11 11:26 - 2016-10-11 11:27 - 00101432 _____ E:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-10-11 09:40 - 2016-10-11 09:40 - 00000476 _____ E:\Documents and Settings\Administrator\Desktop\Shortcut to KVRT.exe.lnk
2016-10-10 06:44 - 2016-10-10 07:47 - 00005466 _____ E:\WINDOWS\SchedLgU.Txt
2016-10-09 13:32 - 2016-10-12 09:34 - 00493242 _____ E:\WINDOWS\ntbtlog.txt
2016-10-09 04:39 - 2016-10-09 04:39 - 00153784 _____ (Kaspersky Lab ZAO) E:\WINDOWS\system32\Drivers\81AF6CE3.sys
2016-10-07 03:11 - 2016-10-07 03:11 - 00000320 _____ E:\WINDOWS\Tasks\PC Health Advisor Update.job
2016-10-06 19:49 - 2016-10-12 09:32 - 00000328 _____ E:\WINDOWS\Tasks\ReimageUpdater.job
2016-10-06 19:49 - 2016-10-06 19:49 - 00000270 _____ E:\WINDOWS\Tasks\Reimage Reminder.job
2016-10-06 19:48 - 2016-10-10 06:44 - 00000000 ____D E:\Program Files\Reimage
2016-10-06 19:48 - 2016-10-06 19:49 - 00000000 ____D E:\rei
2016-10-06 19:48 - 2016-10-06 19:49 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Reimage Protector
2016-10-06 19:48 - 2016-10-06 19:48 - 00001797 _____ E:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
2016-10-06 19:48 - 2016-10-06 19:48 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
2016-10-06 19:47 - 2016-10-06 19:49 - 00000150 _____ E:\WINDOWS\Reimage.ini
2016-10-03 00:27 - 2016-10-03 00:27 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\F-Secure
2016-09-30 23:15 - 2016-10-01 02:08 - 00000000 ____D E:\KVRT_Data
2016-09-30 23:01 - 2016-10-12 09:32 - 00000000 ____D E:\Documents and Settings\OGG\Local Settings\Temp
2016-09-30 22:32 - 2016-09-30 22:32 - 00001160 _____ E:\malware.txt
2016-09-30 22:23 - 2016-10-02 23:34 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\39946098.sys
2016-09-30 22:22 - 2016-09-30 22:22 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\409B5FA9.sys
2016-09-29 14:49 - 2016-09-29 14:49 - 00000000 ____D E:\Documents and Settings\Administrator\Application Data\Windows Search
2016-09-29 13:38 - 2016-09-29 13:38 - 00000080 _____ E:\Documents and Settings\All Users\Desktop\Need for SpeedT Carbon.lnk
2016-09-29 13:37 - 2016-09-29 13:37 - 00001072 _____ E:\malwarebytes.txt
2016-09-29 13:23 - 2016-09-29 13:23 - 00000000 ____D E:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2016-09-29 13:17 - 2016-09-29 13:17 - 00000000 ____D E:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2016-09-29 13:03 - 2016-10-12 12:13 - 00000000 ____D E:\Documents and Settings\Administrator\Local Settings\Temp
2016-09-29 13:03 - 2016-10-11 21:16 - 00000178 ___SH E:\Documents and Settings\Administrator\ntuser.ini
2016-09-29 13:03 - 2016-10-10 05:36 - 00000000 ____D E:\Documents and Settings\Administrator
2016-09-29 13:03 - 2016-09-29 13:38 - 00001609 _____ E:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2016-09-29 13:03 - 2016-09-29 13:23 - 00000000 ____D E:\Documents and Settings\Administrator\Application Data\Mozilla
2016-09-29 13:03 - 2014-08-08 12:40 - 00000000 __SHD E:\Documents and Settings\Administrator\IETldCache
2016-09-29 13:03 - 2014-08-08 07:31 - 00000000 ____D E:\Documents and Settings\Administrator\My Documents
2016-09-26 05:25 - 2016-09-29 15:00 - 00000000 ____D E:\Documents and Settings\OGG\Application Data\12adb9cc
2016-09-26 05:24 - 2016-09-29 12:52 - 01179648 _____ E:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-09-26 05:24 - 2016-09-26 05:26 - 00065536 _____ E:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2016-09-26 05:24 - 2016-09-26 05:25 - 00000000 ____D E:\Documents and Settings\OGG\Local Settings\Application Data\gibuw
2016-09-26 05:24 - 2016-09-26 05:24 - 00000000 __HDC E:\WINDOWS\$968930Uinstall_KB968930$
2016-09-26 05:24 - 2016-09-26 05:24 - 00000000 ____D E:\WINDOWS\system32\winrm
2016-09-26 05:24 - 2016-09-26 05:24 - 00000000 ____D E:\WINDOWS\$NtUninstallKB968930$
2016-09-24 10:36 - 2016-09-24 10:36 - 00024064 _____ E:\Documents and Settings\OGG\My Documents\taxable_income and more (version 1).xls
2016-09-23 21:27 - 2016-09-30 21:46 - 00000000 ____D E:\Program Files\Mozilla Firefox
2016-09-23 05:38 - 2016-09-23 05:38 - 00000857 _____ E:\Documents and Settings\OGG\Desktop\TurboTax Premier 2006.lnk
2016-09-23 05:33 - 2016-10-03 23:33 - 00002293 _____ E:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
2016-09-23 05:33 - 2016-09-23 05:33 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012
2016-09-23 05:28 - 2016-10-11 13:29 - 00002293 _____ E:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
2016-09-23 05:28 - 2016-09-23 05:28 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
2016-09-20 23:45 - 2016-09-29 13:38 - 00000825 _____ E:\Documents and Settings\All Users\Desktop\TurboTax Premier Investments 2006.lnk
2016-09-20 00:13 - 2016-09-29 13:38 - 00001620 _____ E:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2016-09-20 00:13 - 2016-09-20 00:13 - 00000000 ____D E:\Program Files\HitmanPro
2016-09-20 00:13 - 2016-09-20 00:13 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2016-09-19 13:02 - 2016-09-19 13:02 - 00000931 _____ E:\Documents and Settings\OGG\Desktop\ttax.exe 2005.lnk
2016-09-13 09:38 - 2016-09-13 09:38 - 00000036 _____ E:\WINDOWS\ttax.INI
2016-09-12 21:48 - 2016-09-12 21:48 - 00136512 _____ E:\Documents and Settings\OGG\My Documents\2007 grundy g Tax Return.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-12 09:34 - 2016-07-12 01:00 - 2145386496 _____ E:\WINDOWS\MEMORY.DMP
2016-10-12 09:32 - 2015-02-12 01:55 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2016-10-12 09:31 - 2014-08-08 12:43 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2016-10-12 09:31 - 2008-04-14 05:00 - 00002206 _____ E:\WINDOWS\system32\wpa.dbl
2016-10-11 21:16 - 2015-05-08 05:19 - 00196608 _____ E:\WINDOWS\system32\config\Kaspersk.evt
2016-10-11 13:33 - 2014-08-08 12:48 - 00001324 _____ E:\WINDOWS\system32\d3d9caps.dat
2016-10-11 09:31 - 2015-09-19 07:53 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-11 04:37 - 2015-05-31 12:55 - 00000178 ___SH E:\Documents and Settings\OGG\ntuser.ini
2016-10-10 07:47 - 2016-03-05 09:27 - 00000000 ____D E:\Documents and Settings\OGG\Local Settings\Application Data\Newsbin
2016-10-10 07:47 - 2015-05-31 13:03 - 02007105 _____ E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-562591055-527237240-1006-0.dat
2016-10-10 07:47 - 2015-02-12 01:13 - 00264934 _____ E:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-10-10 07:15 - 2014-07-09 06:45 - 00000830 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-10 06:57 - 2015-02-09 15:57 - 00000414 _____ E:\WINDOWS\Tasks\At1.job
2016-10-10 06:50 - 2015-04-24 11:45 - 00000360 _____ E:\WINDOWS\Tasks\Canon OIP Product Extended Survey Program.job
2016-10-10 06:45 - 2008-04-14 05:00 - 00000595 _____ E:\WINDOWS\win.ini
2016-10-10 06:45 - 2008-04-14 05:00 - 00000227 _____ E:\WINDOWS\system.ini
2016-10-10 05:36 - 2015-05-31 12:55 - 00000000 ____D E:\Documents and Settings\OGG
2016-10-10 05:36 - 2014-08-08 15:49 - 00000000 ____D E:\Documents and Settings\UpdatusUser
2016-10-10 05:36 - 2014-08-08 12:43 - 00000000 __SHD E:\Documents and Settings\NetworkService
2016-10-10 05:36 - 2014-08-08 12:43 - 00000000 __SHD E:\Documents and Settings\LocalService
2016-10-10 05:36 - 2014-08-08 12:43 - 00000000 ____D E:\Documents and Settings\Admin
2016-10-10 05:36 - 2014-08-08 07:29 - 00000000 ___HD E:\Documents and Settings\Default User
2016-10-10 05:36 - 2014-08-08 07:29 - 00000000 ____D E:\Documents and Settings\All Users
2016-10-09 14:53 - 2015-02-12 01:25 - 00000000 ____D E:\WINDOWS\pss
2016-10-09 13:28 - 2015-07-06 11:21 - 00000000 ____D E:\Documents and Settings\OGG\Application Data\uTorrent
2016-10-09 03:16 - 2016-07-09 15:48 - 00000354 _____ E:\WINDOWS\Tasks\PC Health Advisor.job
2016-10-09 02:28 - 2014-08-10 18:26 - 00000384 ____H E:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-10-07 03:14 - 2016-07-09 15:48 - 00000372 _____ E:\WINDOWS\Tasks\PC Health Advisor Defrag.job
2016-10-07 03:11 - 2016-07-09 15:48 - 00000848 _____ E:\Documents and Settings\OGG\Desktop\ParetoLogic PC Health Advisor.lnk
2016-10-07 03:11 - 2016-07-09 15:48 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\ParetoLogic
2016-10-06 23:09 - 2015-11-14 19:08 - 00000000 ____D E:\Program Files\TurboTax
2016-10-06 10:55 - 2015-11-14 19:13 - 00000000 ____D E:\Documents and Settings\OGG\My Documents\TurboTax
2016-10-06 10:54 - 2015-05-31 12:55 - 00000000 ___RD E:\Documents and Settings\OGG\My Documents
2016-10-06 10:27 - 2016-03-27 06:18 - 00444464 _____ E:\Documents and Settings\OGG\My Documents\2007 grundy g Tax Return.tax
2016-10-06 09:33 - 2016-03-07 01:40 - 00000925 _____ E:\Documents and Settings\All Users\Desktop\TurboTax Premier 2007.lnk
2016-10-06 09:07 - 2016-04-03 14:08 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\TurboTax Premier 2005
2016-10-06 09:05 - 2015-11-14 19:10 - 00000000 ____D E:\Documents and Settings\OGG\Application Data\Intuit
2016-10-06 07:51 - 2016-08-30 23:36 - 00000284 _____ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-10-05 12:31 - 2015-06-15 12:05 - 00000000 ____D E:\Documents and Settings\OGG\Local Settings\Application Data\Adobe
2016-10-04 00:20 - 2016-08-19 03:06 - 00000000 ____D E:\Documents and Settings\OGG\Start Menu\Programs\Newsbin6
2016-10-04 00:19 - 2014-08-08 07:02 - 00000000 ____D E:\WINDOWS\security
2016-10-03 02:04 - 2015-11-14 19:10 - 00001485 _____ E:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2016-10-02 11:33 - 2015-09-17 05:52 - 00000000 ____D E:\Documents and Settings\OGG\Application Data\vlc
2016-10-02 11:27 - 2016-09-04 21:46 - 00075264 _____ E:\Documents and Settings\OGG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-30 22:08 - 2016-02-12 17:21 - 00000000 ____D E:\Program Files\rFactor
2016-09-30 21:56 - 2015-09-19 07:53 - 00000787 _____ E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 21:56 - 2015-09-19 07:53 - 00000000 ____D E:\Program Files\Malwarebytes Anti-Malware
2016-09-30 21:56 - 2015-09-19 07:53 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 01:54 - 2016-03-04 02:29 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\R.G. Mechanics
2016-09-30 01:51 - 2016-08-30 23:36 - 00002265 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2016-09-30 01:28 - 2016-05-09 10:13 - 00025768 _____ E:\WINDOWS\system32\sh4native.exe
2016-09-30 01:28 - 2016-05-08 10:04 - 00000945 _____ E:\Documents and Settings\OGG\Desktop\SpyHunter.lnk
2016-09-30 01:27 - 2014-08-08 18:06 - 00001485 _____ E:\Documents and Settings\Admin\Desktop\Windows Explorer (2).lnk
2016-09-29 13:40 - 2015-09-19 05:43 - 00000000 ____D E:\Program Files\SUPERAntiSpyware
2016-09-29 13:38 - 2016-08-30 23:46 - 00001552 _____ E:\Documents and Settings\All Users\Desktop\iTunes.lnk
2016-09-29 13:38 - 2016-07-17 22:33 - 00000450 _____ E:\Documents and Settings\All Users\Desktop\Winamp.lnk
2016-09-29 13:38 - 2016-07-16 18:31 - 00001645 _____ E:\Documents and Settings\All Users\Desktop\HP Print and Scan Doctor.lnk
2016-09-29 13:38 - 2016-07-15 16:06 - 00000504 _____ E:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2016-09-29 13:38 - 2016-07-11 19:12 - 00001721 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2016-09-29 13:38 - 2016-07-11 19:12 - 00001715 _____ E:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2016-09-29 13:38 - 2016-06-23 11:11 - 00000623 _____ E:\Documents and Settings\All Users\Desktop\EaseUS Data Recovery Wizard.lnk
2016-09-29 13:38 - 2016-06-16 01:06 - 00000971 _____ E:\Documents and Settings\All Users\Desktop\EaseUS Partition Master 10.0.lnk
2016-09-29 13:38 - 2016-06-09 00:18 - 00002008 _____ E:\Documents and Settings\All Users\Desktop\Safe Money.lnk
2016-09-29 13:38 - 2016-06-09 00:18 - 00001984 _____ E:\Documents and Settings\All Users\Desktop\Kaspersky Total Security.lnk
2016-09-29 13:38 - 2016-05-07 17:38 - 00000692 _____ E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-09-29 13:38 - 2016-04-13 05:34 - 00000506 _____ E:\Documents and Settings\All Users\Desktop\Win32DiskImager.lnk
2016-09-29 13:38 - 2016-04-03 15:26 - 00000857 _____ E:\Documents and Settings\All Users\Desktop\TurboTax Premier 2006.lnk
2016-09-29 13:38 - 2016-02-13 04:12 - 00002583 _____ E:\Documents and Settings\All Users\Desktop\Launch Gravity 3.0.lnk
2016-09-29 13:38 - 2015-12-19 14:07 - 00000746 _____ E:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
2016-09-29 13:38 - 2015-12-17 10:01 - 00000921 _____ E:\Documents and Settings\All Users\Desktop\Smart Switch.lnk
2016-09-29 13:38 - 2015-09-19 05:43 - 00001688 _____ E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-09-29 13:38 - 2015-09-17 06:10 - 00000729 _____ E:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2016-09-29 13:38 - 2015-07-06 11:32 - 00000692 _____ E:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2016-09-29 13:38 - 2015-07-02 01:58 - 00000711 _____ E:\Documents and Settings\All Users\Desktop\DVD Shrink.lnk
2016-09-29 13:38 - 2015-05-16 20:59 - 00001685 _____ E:\Documents and Settings\All Users\Desktop\PhotoImpact X3.lnk
2016-09-29 13:38 - 2015-04-30 01:07 - 00002347 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-29 13:38 - 2015-04-30 01:07 - 00001744 _____ E:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2016-09-29 13:38 - 2015-04-29 16:33 - 00000640 _____ E:\Documents and Settings\All Users\Desktop\µTorrent.lnk
2016-09-29 13:38 - 2014-11-22 10:56 - 00001620 _____ E:\Documents and Settings\All Users\Desktop\Samsung Kies 3.lnk
2016-09-29 13:38 - 2014-08-22 07:17 - 00000665 _____ E:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2016-09-29 13:38 - 2014-08-08 15:49 - 00000660 _____ E:\Documents and Settings\All Users\Desktop\ASUS GPU Tweak.lnk
2016-09-29 13:03 - 2014-08-08 07:07 - 00000000 ____D E:\Documents and Settings
2016-09-26 05:46 - 2014-08-08 12:43 - 00000178 ___SH E:\Documents and Settings\Admin\ntuser.ini
2016-09-26 05:31 - 2014-08-08 12:46 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
2016-09-26 05:25 - 2014-08-08 07:02 - 00000000 ___HD E:\WINDOWS\inf
2016-09-26 05:24 - 2014-08-08 07:02 - 00000000 ____D E:\WINDOWS\Help
2016-09-22 09:41 - 2016-03-05 09:27 - 00000000 ____D E:\Documents and Settings\OGG\My Documents\Newsbin
2016-09-20 23:42 - 2016-09-10 22:14 - 00000562 _____ E:\WINDOWS\Instcomp.lyt
2016-09-20 11:25 - 2015-12-27 11:31 - 00000000 ____D E:\AdwCleaner
2016-09-20 11:15 - 2016-07-09 12:07 - 00290304 _____ (Microsoft Corporation) E:\WINDOWS\system32\subinacl.exe
2016-09-17 12:04 - 2014-08-08 12:43 - 00000000 ____D E:\Documents and Settings\Admin\Local Settings\Temp
2016-09-14 03:16 - 2016-04-02 01:15 - 00002582 _____ E:\Documents and Settings\OGG\Start Menu\µTorrent.lnk
2016-09-14 03:16 - 2016-04-02 01:15 - 00002582 _____ E:\Documents and Settings\OGG\Desktop\µTorrent.lnk
 
==================== Files in the root of some directories =======
 
2015-04-28 17:13 - 2015-08-05 05:03 - 0000079 _____ () E:\Program Files\prefs.js
2014-08-24 23:54 - 2016-07-12 21:09 - 0004870 _____ () E:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-11-14 19:10 - 2016-10-03 02:04 - 0001485 _____ () E:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
E:\Windows\Tasks\At1.job
 
 
Some files in TEMP:
====================
E:\Documents and Settings\OGG\Local Settings\Temp\hwkexy6u.dll
E:\Documents and Settings\OGG\Local Settings\Temp\om8o4hru.dll
E:\Documents and Settings\OGG\Local Settings\Temp\ReimagePackage.exe
E:\Documents and Settings\OGG\Local Settings\Temp\setup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   31.95KB   135 downloads

Edited by RKinner, 23 October 2016 - 01:02 PM.

  • 0

Advertisements

#2
stuck_n_loop
Posted 20 October 2016 - 11:07 PM

stuck_n_loop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Original topic was posted on 12 Oct 2016 concerning my inability to get the "Trojan.Muolti.GenAutoRunReg.a" off of my computer because it most likely is related to the slow responsiveness of my computer,the  apparent corruption  of some of my files and/or deletions of others, and the BSOD I would ld get when I tried to boot  normally..  Mysteriously, I get no more BSOD when booting up normally, and display regenerations are happening at a decent rate unlike before at the time when I originally posted.  This Forum may be a bit overkill now, for the moment, probably.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP