I found this forum by searching a telephone number given by a female voice in one of the countless fake pop up ads I've been getting (for about a month or 2 now).
My problems are very similar to Speargun's, who posted the phone number I received in his thread (Fake Update Pop Ups in Browser). In my case, after running ComboFix a few weeks ago, it informed me that I was infected with Rootkit.ZeroAccess. ComboFix seemed to remove ZeroAccess, but I was still getting the pop ups (as well as browser not responding), so searched and followed the instructions here Remove ZeroAccess rootkit (Uninstall Guide) Even after following these instructions exactly, the pop ups continue.
Speargun received a response from chemist, but I couldn't reply to that thread, so messaged chemist directly for help. He told me to start my own thread and instructed me on how to obtain logs (thank you!!!).
Any help getting rid of this would be GREATLY appreciated!
Here are my contents of DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.60.2
Run by s at 13:18:22 on 2014-08-31
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.247 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\s\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "c:\users\s\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} - hxxp://65.188.243.41/EDVR.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{960D22F3-6F6A-4692-AC59-C1797AAE3C67} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\155514C4944595023555944554350233 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\2456C6B696E6F574F505C65737F5D494D4F4F5030323345344 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\452554E444E65647635323 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\C416277656D4F6F63756 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\s\appdata\roaming\mozilla\firefox\profiles\hed6wy6v.default-1386405227143\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\s\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-6-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-5 51712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-19 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-19 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-19 51928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2014-8-20 50200]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-8-17 43368]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [2014-8-20 12568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-9 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-5 167424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-15 49152]
.
=============== Created Last 30 ================
.
2014-08-29 14:58:12 -------- d-----w- c:\programdata\Avg_Update_0814av
2014-08-28 00:46:25 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 00:46:24 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:13:29 -------- d-----w- c:\users\s\appdata\local\Apple
2014-08-21 23:50:08 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 23:49:22 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 23:48:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 23:48:02 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 03:07:30 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2014-08-21 02:55:34 -------- d-----w- C:\$RECYCLE.BIN
2014-08-20 14:45:29 -------- d-----w- c:\programdata\Avg_Update_0614a
2014-08-20 07:26:48 -------- d-----w- C:\EEK
2014-08-20 03:38:04 5488976 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-08-20 03:37:51 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f5cf4b5c-a7f2-4983-b5b0-4caaa88cb51e}\mpengine.dll
2014-08-20 03:33:28 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-20 03:30:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-20 03:30:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-20 03:30:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-20 02:32:44 -------- d-----w- c:\users\s\appdata\local\Diagnostics
2014-08-19 23:06:26 -------- d-----w- c:\programdata\RogueKiller
2014-08-19 21:13:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-18 06:28:28 -------- d-----w- c:\users\s\appdata\roaming\AVG2014
2014-08-18 06:23:41 -------- d-----w- c:\programdata\AVG2014
2014-08-18 06:23:41 -------- d-----w- C:\$AVG
2014-08-18 06:11:13 -------- d-----w- c:\users\s\appdata\local\MFAData
2014-08-18 06:11:13 -------- d-----w- c:\users\s\appdata\local\Avg2014
2014-08-18 05:56:18 -------- d-----w- c:\users\s\appdata\local\temp
2014-08-18 05:16:06 -------- d-----w- c:\users\s\appdata\roaming\TuneUp Software
2014-08-18 04:07:36 -------- d-----w- c:\program files\VS Revo Group
2014-08-18 03:40:24 20 ----a-w- c:\windows\system32\MM77LGN.SYS
2014-08-18 03:39:26 20 ----a-w- c:\windows\system32\ESTSPRT.SYS
2014-08-18 03:39:14 20 ----a-w- c:\windows\system32\ZOPENSSLD.SYS
2014-08-18 03:39:03 20 ----a-w- c:\windows\system32\FLASHDRV3.SYS
2014-08-18 03:38:58 20 ----a-w- c:\windows\system32\PRT21SKS.SYS
2014-08-18 03:38:42 20 ----a-w- c:\windows\system32\NCLABY.SYS
2014-08-18 03:38:31 20 ----a-w- c:\windows\system32\SCSIPSRVC.SYS
2014-08-18 03:37:59 20 ----a-w- c:\windows\system32\GDIW2K.SYS
2014-08-18 01:27:28 98816 ----a-w- c:\windows\sed.exe
2014-08-18 01:27:28 256000 ----a-w- c:\windows\PEV.exe
2014-08-18 01:27:28 208896 ----a-w- c:\windows\MBR.exe
2014-08-17 04:42:53 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-08-17 04:11:10 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2014-08-17 04:10:53 -------- d-----w- c:\users\s\appdata\roaming\Ad-Aware Antivirus
2014-08-17 01:40:20 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-08-16 03:56:33 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-08-16 03:56:16 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-16 03:56:02 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-08-16 03:55:45 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-08-16 03:55:45 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-16 03:55:44 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-08-16 03:55:43 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-08-16 03:55:41 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-08-16 03:55:41 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-08-16 03:55:39 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-08-16 03:55:37 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-08-16 03:51:07 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-14 05:17:13 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 05:16:50 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 05:15:45 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 05:15:23 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:35:56 -------- d-----w- C:\found.002
2014-08-14 01:17:09 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 01:17:06 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 01:17:06 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-14 01:15:59 10747392 ----a-w- c:\program files\internet explorer\F12Resources.dll
2014-08-14 01:15:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 01:14:39 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-14 01:14:39 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-14 01:14:37 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 01:14:37 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-14 01:14:03 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 01:13:58 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 01:13:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 01:13:05 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-08-28 05:19:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 05:19:32 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-05 13:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-22 14:39:25 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 16:43:12 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-24 06:32:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-22 05:45:21 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1403416238648
2014-06-22 05:45:21 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1403416238648
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-17 20:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 20:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 20:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 20:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 20:06:40 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 20:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 20:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
============= FINISH: 13:22:11.51 ===============
My problems are very similar to Speargun's, who posted the phone number I received in his thread (Fake Update Pop Ups in Browser). In my case, after running ComboFix a few weeks ago, it informed me that I was infected with Rootkit.ZeroAccess. ComboFix seemed to remove ZeroAccess, but I was still getting the pop ups (as well as browser not responding), so searched and followed the instructions here Remove ZeroAccess rootkit (Uninstall Guide) Even after following these instructions exactly, the pop ups continue.
Speargun received a response from chemist, but I couldn't reply to that thread, so messaged chemist directly for help. He told me to start my own thread and instructed me on how to obtain logs (thank you!!!).
Any help getting rid of this would be GREATLY appreciated!
Here are my contents of DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.60.2
Run by s at 13:18:22 on 2014-08-31
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.247 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\s\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "c:\users\s\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} - hxxp://65.188.243.41/EDVR.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{960D22F3-6F6A-4692-AC59-C1797AAE3C67} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\155514C4944595023555944554350233 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\2456C6B696E6F574F505C65737F5D494D4F4F5030323345344 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\452554E444E65647635323 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\C416277656D4F6F63756 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DF6C7AF5-3E12-4C17-A032-61F148362EB5}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\s\appdata\roaming\mozilla\firefox\profiles\hed6wy6v.default-1386405227143\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\s\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-6-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-5 51712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-19 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-19 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-19 51928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2014-8-20 50200]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-8-17 43368]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [2014-8-20 12568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-9 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-5 167424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-15 49152]
.
=============== Created Last 30 ================
.
2014-08-29 14:58:12 -------- d-----w- c:\programdata\Avg_Update_0814av
2014-08-28 00:46:25 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 00:46:24 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:13:29 -------- d-----w- c:\users\s\appdata\local\Apple
2014-08-21 23:50:08 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 23:49:22 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 23:48:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 23:48:02 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 03:07:30 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2014-08-21 02:55:34 -------- d-----w- C:\$RECYCLE.BIN
2014-08-20 14:45:29 -------- d-----w- c:\programdata\Avg_Update_0614a
2014-08-20 07:26:48 -------- d-----w- C:\EEK
2014-08-20 03:38:04 5488976 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-08-20 03:37:51 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f5cf4b5c-a7f2-4983-b5b0-4caaa88cb51e}\mpengine.dll
2014-08-20 03:33:28 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-20 03:30:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-20 03:30:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-20 03:30:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-20 02:32:44 -------- d-----w- c:\users\s\appdata\local\Diagnostics
2014-08-19 23:06:26 -------- d-----w- c:\programdata\RogueKiller
2014-08-19 21:13:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-18 06:28:28 -------- d-----w- c:\users\s\appdata\roaming\AVG2014
2014-08-18 06:23:41 -------- d-----w- c:\programdata\AVG2014
2014-08-18 06:23:41 -------- d-----w- C:\$AVG
2014-08-18 06:11:13 -------- d-----w- c:\users\s\appdata\local\MFAData
2014-08-18 06:11:13 -------- d-----w- c:\users\s\appdata\local\Avg2014
2014-08-18 05:56:18 -------- d-----w- c:\users\s\appdata\local\temp
2014-08-18 05:16:06 -------- d-----w- c:\users\s\appdata\roaming\TuneUp Software
2014-08-18 04:07:36 -------- d-----w- c:\program files\VS Revo Group
2014-08-18 03:40:24 20 ----a-w- c:\windows\system32\MM77LGN.SYS
2014-08-18 03:39:26 20 ----a-w- c:\windows\system32\ESTSPRT.SYS
2014-08-18 03:39:14 20 ----a-w- c:\windows\system32\ZOPENSSLD.SYS
2014-08-18 03:39:03 20 ----a-w- c:\windows\system32\FLASHDRV3.SYS
2014-08-18 03:38:58 20 ----a-w- c:\windows\system32\PRT21SKS.SYS
2014-08-18 03:38:42 20 ----a-w- c:\windows\system32\NCLABY.SYS
2014-08-18 03:38:31 20 ----a-w- c:\windows\system32\SCSIPSRVC.SYS
2014-08-18 03:37:59 20 ----a-w- c:\windows\system32\GDIW2K.SYS
2014-08-18 01:27:28 98816 ----a-w- c:\windows\sed.exe
2014-08-18 01:27:28 256000 ----a-w- c:\windows\PEV.exe
2014-08-18 01:27:28 208896 ----a-w- c:\windows\MBR.exe
2014-08-17 04:42:53 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-08-17 04:11:10 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2014-08-17 04:10:53 -------- d-----w- c:\users\s\appdata\roaming\Ad-Aware Antivirus
2014-08-17 01:40:20 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-08-16 03:56:33 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-08-16 03:56:16 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-16 03:56:02 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-08-16 03:55:45 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-08-16 03:55:45 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-16 03:55:44 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-08-16 03:55:43 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-08-16 03:55:41 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-08-16 03:55:41 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-08-16 03:55:39 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-08-16 03:55:37 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-08-16 03:51:07 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-14 05:17:13 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 05:16:50 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 05:15:45 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 05:15:23 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:35:56 -------- d-----w- C:\found.002
2014-08-14 01:17:09 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 01:17:06 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 01:17:06 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-14 01:15:59 10747392 ----a-w- c:\program files\internet explorer\F12Resources.dll
2014-08-14 01:15:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 01:14:39 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-14 01:14:39 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-14 01:14:37 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 01:14:37 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-14 01:14:03 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 01:13:58 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 01:13:08 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 01:13:05 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-08-28 05:19:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 05:19:32 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-05 13:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-22 14:39:25 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 16:43:12 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-24 06:32:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-22 05:45:21 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1403416238648
2014-06-22 05:45:21 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1403416238648
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-17 20:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 20:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 20:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 20:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 20:06:40 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 20:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 20:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
============= FINISH: 13:22:11.51 ===============