Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious URL problem


  • This topic is locked This topic is locked
37 replies to this topic

#1 humdinger

humdinger

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 16 April 2014 - 03:34 AM

I am receiving frequent alerts from Avast pro advising me that a malicious site has been blocked. Object: daohang.114so.cn; Infection: MAL:URL; Action: Blocked; Process: C:\windows\system34\svchost.exe. The problem looks very similar to this: http://www.bleepingcomputer.com/forums/t/493755/avast-popup-malicious-url-blocked-and-malware-blocked-from-svchostexe/

 

I have Windows 7 Home Premium 64 bit and Chrome 34.0.1847.116. Full system scans with Avast pro and Malwarebytes have not detected the bug.

 

Can you advise me accordingly?

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16476
Run by Paul at 16:02:43 on 2014-04-16
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3885.1663 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\PicPick\picpick.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: WinGuard: {e4bf64e4-237e-48e7-b43b-da6e1b60d81a} - 
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe /startup
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"                                                                                        
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"                                                                                              
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s                                                                                                                                                                                              
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2783D46F-2E7A-415D-ACBB-F63CF6423CB0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41}\051455C4D20534F5E4564777F627B6 : DHCPNameServer = 120.193.102.243 192.168.1.1
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41}\342584D2338303D265340333 : DHCPNameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41}\44160516F6 : DHCPNameServer = 120.193.102.243 192.168.1.1
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41}\A787C6531343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{62EE52EC-C032-4EDF-B7AB-E63F0CF73B41}\F3F3 : DHCPNameServer = 120.193.102.243 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=frg_14_16_ie&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyzztC0D0E0BtAzyyCzyyDtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyD0FtAtByCtD0BtGzy0ByB0BtGzytB0EtCtG0CtCyDtDtGyC0DzztA0C0Fzyzy0C0E0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtCyDzyzztD0CtGtDtByByDtGyC0AtDyDtGtDtAtDtCtGtA0AtA0D0FyEtD0AtC0A0CyC2Q&cr=1859437079&ir=
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-7-7 15928]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-20 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-18 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-18 280408]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2013-12-17 61592]
R1 wStLibG64;wStLibG64;C:\Windows\System32\drivers\wStLibG64.sys [2014-4-8 61112]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-7 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-18 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-18 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-18 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CMB8100;CMB8100;C:\Windows\SysWOW64\drivers\CertClient.dat [2012-6-5 10784]
R2 CMBProtector;CMBProtector;C:\Windows\SysWOW64\drivers\CMBProtector.dat [2012-6-5 12320]
R2 PassGuard;PassGuard;C:\Windows\System32\drivers\PassGuard_x64.sys [2013-5-20 65392]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-24 5341536]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
R3 NdisrdMP;NdisrdMP;C:\Windows\System32\drivers\Ndisrd.sys [2011-7-13 27648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2012-9-24 31744]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-23 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 Ndisrd;WinpkFilter Service;C:\Windows\System32\drivers\Ndisrd.sys [2011-7-13 27648]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S4 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-7 2314240]
.
=============== Created Last 30 ================
.
2014-04-16 03:52:03 -------- d-----w- C:\$RECYCLE.BIN
2014-04-16 03:38:43 -------- d-----w- C:\Windows\System32\MRT
2014-04-16 03:33:19 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-04-16 03:33:19 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-04-16 03:33:19 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-04-16 03:33:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-04-16 03:33:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-04-16 03:23:24 98816 ----a-w- C:\Windows\sed.exe
2014-04-16 03:23:24 256000 ----a-w- C:\Windows\PEV.exe
2014-04-16 03:23:24 208896 ----a-w- C:\Windows\MBR.exe
2014-04-16 03:19:57 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-16 03:19:56 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-16 03:15:25 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2014-04-16 03:15:14 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2014-04-16 03:09:23 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-04-16 03:09:14 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-04-16 03:09:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-04-16 03:09:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-04-16 03:06:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2014-04-16 03:06:22 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-16 03:06:22 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-08 03:52:34 61112 ----a-w- C:\Windows\System32\drivers\wStLibG64.sys
2014-04-08 02:17:28 -------- d-----w- C:\Users\Paul\AppData\Local\Spoon
2014-04-08 02:17:20 2524808 ----a-w- C:\Windows\SysWow64\gdimgplug.dll
2014-04-08 02:17:20 1722880 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-04-08 02:17:19 587768 ----a-w- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v15.2.1.ocx
2014-04-08 02:17:19 2775032 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v15.2.1.ocx
2014-04-08 02:17:19 2536072 ----a-w- C:\Windows\SysWow64\gdpicturepro5.ocx
2014-04-08 02:17:19 1931256 ----a-w- C:\Windows\SysWow64\Codejock.Controls.Unicode.v15.2.1.ocx
2014-04-08 02:17:19 -------- d-----w- C:\Program Files (x86)\PDFArea
2014-04-05 08:04:44 -------- d-----w- C:\Users\Paul\.Repetitions
2014-04-05 08:04:33 -------- d-----w- C:\Program Files (x86)\Repetitions
.
==================== Find3M  ====================
.
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 16:03:03.73 ===============
 
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2011 7:15:31 PM
System Uptime: 4/16/2014 2:26:37 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | K52F
Processor: Intel® Core™ i5 CPU       M 450  @ 2.40GHz | Socket 989 | 1848/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 73.863 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 299.935 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
I: is FIXED (NTFS) - 298 GiB total, 184.414 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP151: 3/30/2014 5:33:33 PM - Scheduled Checkpoint
RP152: 4/7/2014 3:32:30 PM - Scheduled Checkpoint
RP153: 4/15/2014 11:01:13 AM - Scheduled Checkpoint
RP154: 4/16/2014 11:24:16 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Photoshop CS5.1
Adolix Split and Merge PDF v1.9
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ATK Package
avast! Pro Antivirus
BitTorrent
CCleaner
Choice Guard
CMB FirmBank
CMBEdit
Conexant HD Audio
ControlDeck
CyberLink LabelPrint
CyberLink Power2Go
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ETDWare PS/2-x64 7.0.5.11_WHQL
Fast Boot
Fences
FileZilla Client 3.8.0
FormatFactory 2.95
Foxit Advanced PDF Editor 3
Foxit Reader
Free Video Flip and Rotate version 2.1.5.1201
Google Chrome
Google Earth
Google Update Helper
Image to PDF Converter Free 6.5
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Turbo Boost Technology Monitor
IrfanView (remove only)
Jitsi
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
Malwarebytes Anti-Malware version 1.75.0.1300
MathType 6
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MKV Player 2.1
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Pazera Free MP4 to AVI Converter 1.6
PicPick
PxMergeModule
Repetitions
Rosetta Stone Ltd Services
Rosetta Stone Version 3
SavingsBull
SavingsbullFilter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Click to Call
Skype™ 6.14
TeamViewer 9
Tencent QQ
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
USB 2.0 VGA UVC WebCam
VirtualCloneDrive
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
WinRAR archiver
WinZip 15.0
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2014 12:36:55 PM, Error: Service Control Manager [7031]  - The Update Jotzey service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/9/2014 12:36:48 PM, Error: Service Control Manager [7031]  - The Util Jotzey service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/16/2014 9:03:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/16/2014 4:02:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 29 time(s).
4/16/2014 4:02:43 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218174.
4/16/2014 4:02:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 28 time(s).
4/16/2014 3:48:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 27 time(s).
4/16/2014 3:48:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 26 time(s).
4/16/2014 3:47:35 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
4/16/2014 3:37:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 25 time(s).
4/16/2014 3:37:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 24 time(s).
4/16/2014 3:16:41 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 23 time(s).
4/16/2014 2:53:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 22 time(s).
4/16/2014 2:53:24 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 21 time(s).
4/16/2014 2:53:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 20 time(s).
4/16/2014 2:53:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 19 time(s).
4/16/2014 2:53:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 18 time(s).
4/16/2014 2:53:05 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 17 time(s).
4/16/2014 2:53:03 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
4/16/2014 2:52:07 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
4/16/2014 2:51:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
4/16/2014 2:37:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
4/16/2014 2:37:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
4/16/2014 2:30:17 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
4/16/2014 2:30:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 10 time(s).
4/16/2014 2:30:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
4/16/2014 2:30:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
4/16/2014 2:29:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
4/16/2014 2:29:20 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
4/16/2014 2:29:19 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 5 time(s).
4/16/2014 2:29:19 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
4/16/2014 2:29:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
4/16/2014 2:28:38 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/16/2014 2:28:08 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/16/2014 2:19:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 188 time(s).
4/16/2014 2:05:50 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 187 time(s).
4/16/2014 2:05:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 186 time(s).
4/16/2014 2:03:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 185 time(s).
4/16/2014 12:59:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 154 time(s).
4/16/2014 12:59:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 153 time(s).
4/16/2014 12:57:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 152 time(s).
4/16/2014 12:57:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 151 time(s).
4/16/2014 12:56:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 150 time(s).
4/16/2014 12:56:20 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 149 time(s).
4/16/2014 12:48:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 148 time(s).
4/16/2014 12:48:00 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 147 time(s).
4/16/2014 12:47:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 146 time(s).
4/16/2014 12:47:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 145 time(s).
4/16/2014 12:47:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 144 time(s).
4/16/2014 12:47:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 143 time(s).
4/16/2014 12:47:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 142 time(s).
4/16/2014 12:47:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 141 time(s).
4/16/2014 12:47:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 140 time(s).
4/16/2014 12:47:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 139 time(s).
4/16/2014 12:47:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 138 time(s).
4/16/2014 12:47:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 137 time(s).
4/16/2014 12:47:20 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 136 time(s).
4/16/2014 12:47:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 135 time(s).
4/16/2014 12:47:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 134 time(s).
4/16/2014 12:47:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 133 time(s).
4/16/2014 12:47:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 132 time(s).
4/16/2014 12:47:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 131 time(s).
4/16/2014 12:47:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 130 time(s).
4/16/2014 12:47:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 129 time(s).
4/16/2014 12:46:50 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 128 time(s).
4/16/2014 12:46:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 127 time(s).
4/16/2014 12:46:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 126 time(s).
4/16/2014 12:46:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 125 time(s).
4/16/2014 12:46:45 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 124 time(s).
4/16/2014 12:46:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 123 time(s).
4/16/2014 12:46:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 122 time(s).
4/16/2014 12:46:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 121 time(s).
4/16/2014 12:46:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 120 time(s).
4/16/2014 12:46:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 119 time(s).
4/16/2014 12:46:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 118 time(s).
4/16/2014 12:46:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 117 time(s).
4/16/2014 12:46:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 116 time(s).
4/16/2014 12:46:07 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 115 time(s).
4/16/2014 12:45:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 114 time(s).
4/16/2014 12:45:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 113 time(s).
4/16/2014 12:45:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 112 time(s).
4/16/2014 12:45:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 111 time(s).
4/16/2014 12:45:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 110 time(s).
4/16/2014 12:45:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 109 time(s).
4/16/2014 12:45:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 108 time(s).
4/16/2014 12:45:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 107 time(s).
4/16/2014 12:45:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 106 time(s).
4/16/2014 12:45:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 105 time(s).
4/16/2014 12:45:03 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 104 time(s).
4/16/2014 12:45:00 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 103 time(s).
4/16/2014 12:44:58 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 102 time(s).
4/16/2014 12:44:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 101 time(s).
4/16/2014 12:44:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 100 time(s).
4/16/2014 12:44:52 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 99 time(s).
4/16/2014 12:44:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 98 time(s).
4/16/2014 12:44:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 97 time(s).
4/16/2014 12:44:41 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 96 time(s).
4/16/2014 12:43:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 95 time(s).
4/16/2014 12:43:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 94 time(s).
4/16/2014 12:43:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 93 time(s).
4/16/2014 12:43:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 92 time(s).
4/16/2014 12:43:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 91 time(s).
4/16/2014 12:43:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 90 time(s).
4/16/2014 12:42:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 89 time(s).
4/16/2014 12:42:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 88 time(s).
4/16/2014 12:42:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 87 time(s).
4/16/2014 12:42:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 86 time(s).
4/16/2014 12:42:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 85 time(s).
4/16/2014 12:42:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 84 time(s).
4/16/2014 12:42:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 83 time(s).
4/16/2014 12:42:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 82 time(s).
4/16/2014 12:42:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 81 time(s).
4/16/2014 12:42:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 80 time(s).
4/16/2014 12:42:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 79 time(s).
4/16/2014 12:42:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 78 time(s).
4/16/2014 12:42:24 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 77 time(s).
4/16/2014 12:41:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 76 time(s).
4/16/2014 12:41:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 75 time(s).
4/16/2014 12:41:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 74 time(s).
4/16/2014 12:41:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 73 time(s).
4/16/2014 12:41:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 72 time(s).
4/16/2014 12:40:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 71 time(s).
4/16/2014 12:40:27 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 70 time(s).
4/16/2014 12:40:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 69 time(s).
4/16/2014 12:40:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 68 time(s).
4/16/2014 12:40:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 67 time(s).
4/16/2014 12:40:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 66 time(s).
4/16/2014 12:40:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 65 time(s).
4/16/2014 12:40:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 64 time(s).
4/16/2014 12:40:02 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 63 time(s).
4/16/2014 12:40:02 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 62 time(s).
4/16/2014 12:39:58 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 61 time(s).
4/16/2014 12:39:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 60 time(s).
4/16/2014 12:39:49 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 59 time(s).
4/16/2014 12:39:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 58 time(s).
4/16/2014 12:39:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 57 time(s).
4/16/2014 12:37:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 56 time(s).
4/16/2014 12:37:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 55 time(s).
4/16/2014 12:35:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 54 time(s).
4/16/2014 12:35:44 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 53 time(s).
4/16/2014 12:35:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 52 time(s).
4/16/2014 12:35:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 51 time(s).
4/16/2014 12:35:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 50 time(s).
4/16/2014 12:35:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 49 time(s).
4/16/2014 12:35:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 48 time(s).
4/16/2014 12:35:27 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 47 time(s).
4/16/2014 12:35:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 46 time(s).
4/16/2014 12:35:19 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 45 time(s).
4/16/2014 12:35:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 44 time(s).
4/16/2014 12:35:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 43 time(s).
4/16/2014 12:35:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 42 time(s).
4/16/2014 12:35:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 41 time(s).
4/16/2014 12:35:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 40 time(s).
4/16/2014 12:34:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 39 time(s).
4/16/2014 12:34:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 38 time(s).
4/16/2014 12:34:40 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 37 time(s).
4/16/2014 12:33:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 36 time(s).
4/16/2014 12:33:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 35 time(s).
4/16/2014 12:32:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 34 time(s).
4/16/2014 12:32:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 33 time(s).
4/16/2014 12:32:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 32 time(s).
4/16/2014 12:32:08 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 31 time(s).
4/16/2014 12:32:07 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 30 time(s).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2790113).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2799926).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2786400).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2761217).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2732500).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2699779).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2790655).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2712808).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2698365).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2685939).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2660649).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2653956).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2644615).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2621440).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2619339).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2756920).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2742598).
4/16/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2817183).
4/16/2014 11:52:22 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/16/2014 11:52:22 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/16/2014 11:52:22 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2813347).
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2808735).
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2769369).
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2658846).
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).
4/16/2014 11:49:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656410).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition.
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition.
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition.
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2840149).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2631813).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2536276).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644).
4/16/2014 11:48:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2807986).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2757638).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2691442).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2676562).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
4/16/2014 11:48:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
4/16/2014 11:48:21 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/16/2014 11:46:20 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/16/2014 11:33:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2932677).
4/16/2014 1:55:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 184 time(s).
4/16/2014 1:31:00 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 183 time(s).
4/16/2014 1:31:00 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 182 time(s).
4/16/2014 1:27:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 181 time(s).
4/16/2014 1:27:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 180 time(s).
4/16/2014 1:27:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 179 time(s).
4/16/2014 1:27:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 178 time(s).
4/16/2014 1:27:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 177 time(s).
4/16/2014 1:27:04 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 176 time(s).
4/16/2014 1:26:19 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 175 time(s).
4/16/2014 1:26:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 174 time(s).
4/16/2014 1:26:03 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 173 time(s).
4/16/2014 1:25:59 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 172 time(s).
4/16/2014 1:25:50 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 171 time(s).
4/16/2014 1:25:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 170 time(s).
4/16/2014 1:25:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 169 time(s).
4/16/2014 1:22:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 168 time(s).
4/16/2014 1:21:44 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 167 time(s).
4/16/2014 1:21:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 166 time(s).
4/16/2014 1:21:36 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 165 time(s).
4/16/2014 1:21:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 164 time(s).
4/16/2014 1:18:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 163 time(s).
4/16/2014 1:08:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 162 time(s).
4/16/2014 1:05:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 161 time(s).
4/16/2014 1:04:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 160 time(s).
4/16/2014 1:04:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 159 time(s).
4/16/2014 1:04:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 158 time(s).
4/16/2014 1:04:40 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 157 time(s).
4/16/2014 1:04:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 156 time(s).
4/16/2014 1:04:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 155 time(s).
4/15/2014 9:53:00 AM, Error: Service Control Manager [7000]  - The BrowserDefendert service failed to start due to the following error:  The system cannot find the file specified.
4/15/2014 10:09:59 AM, Error: Service Control Manager [7030]  - The FileZilla Server FTP server service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 16 April 2014 - 04:14 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 16 April 2014 - 04:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Paul (administrator) on PAUL-PC on 16-04-2014 17:42:06
Running from C:\Users\Paul\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-27] ()
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3451496 2011-02-23] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3802050111-445205584-2414893703-1000\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [11480920 2013-06-19] (NTeWORKS)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: WinGuard - {e4bf64e4-237e-48e7-b43b-da6e1b60d81a} - C:\Program Files (x86)\WinGuard\winguard.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microdone.cn/UPEditor - C:\Windows\system32\UPEdit\npUPEditor.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 - %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultNewTabURL: &a=frg_14_16_ie&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyzztC0D0E0BtAzyyCzyyDtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyD0FtAtByCtD0BtGzy0ByB0BtGzytB0EtCtG0CtCyDtDtGyC0DzztA0C0Fzyzy0C0E0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtCyDzyzztD0CtGtDtByByDtGyC0AtDyDtGtDtAtDtCtGtA0AtA0D0FyEtD0AtC0A0CyC2Q&cr=1859437079&ir=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (QQ2011) - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
CHR Plugin: (NPTXSSO Dynamic Link Library) - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Extension: (Google Translate) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Paul\AppData\Local\speedial.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [dieamnlmngcabkakacnbgggaecncjpea] - C:\Program Files (x86)\WinGuard\winguard.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [jfeppecdjlffiofplphgefjojhmnoicl] - C:\ProgramData\SaveAs\jfeppecdjlffiofplphgefjojhmnoicl.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-02-23] (AVAST Software)
S4 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [1974080 2010-10-27] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-02-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64344 2011-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-02-23] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [505176 2011-02-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [280408 2011-02-23] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53592 2011-02-23] (AVAST Software)
R2 CMB8100; C:\Windows\SysWOW64\Drivers\CertClient.dat [10784 2008-09-24] ()
R2 CMBProtector; C:\Windows\SysWOW64\Drivers\CMBProtector.dat [12320 2008-09-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
R2 PassGuard; C:\Windows\system32\drivers\PassGuard_x64.sys [65392 2013-05-20] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-08] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; 
U3 tmwfp; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-16 17:42 - 2014-04-16 17:42 - 00019404 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-04-16 17:41 - 2014-04-16 17:41 - 02054144 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-04-16 17:18 - 2014-04-16 17:42 - 00000000 ____D () C:\FRST
2014-04-16 13:33 - 2014-04-16 13:44 - 00000040 _____ () C:\Users\Paul\Desktop\bleeping.txt
2014-04-16 13:26 - 2014-04-16 13:26 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.scr
2014-04-16 12:56 - 2014-04-16 17:34 - 00000000 ____D () C:\Users\Paul\Desktop\Virus scans
2014-04-16 11:43 - 2013-02-22 14:57 - 17817088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 11:43 - 2013-02-22 14:29 - 10925568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 11:43 - 2013-02-22 14:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 11:43 - 2013-02-22 14:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 11:43 - 2013-02-22 14:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 11:43 - 2013-02-22 14:19 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 11:43 - 2013-02-22 14:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-16 11:43 - 2013-02-22 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 11:43 - 2013-02-22 14:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-16 11:43 - 2013-02-22 14:15 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 11:43 - 2013-02-22 14:15 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 11:43 - 2013-02-22 14:14 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 11:43 - 2013-02-22 14:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 11:43 - 2013-02-22 14:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-16 11:43 - 2013-02-22 14:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 11:43 - 2013-02-22 14:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 11:43 - 2013-02-22 12:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 11:43 - 2013-02-22 11:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 11:43 - 2013-02-22 11:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 11:43 - 2013-02-22 11:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 11:43 - 2013-02-22 11:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 11:43 - 2013-02-22 11:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 11:43 - 2013-02-22 11:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-16 11:43 - 2013-02-22 11:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 11:43 - 2013-02-22 11:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-16 11:43 - 2013-02-22 11:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 11:43 - 2013-02-22 11:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 11:43 - 2013-02-22 11:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 11:43 - 2013-02-22 11:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 11:43 - 2013-02-22 11:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 11:43 - 2013-02-22 11:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-16 11:43 - 2013-02-22 11:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 11:38 - 2014-04-16 11:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-16 11:33 - 2012-03-01 14:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-16 11:33 - 2012-03-01 14:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-16 11:33 - 2012-03-01 14:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-16 11:33 - 2012-03-01 13:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-16 11:33 - 2012-03-01 13:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-16 11:23 - 2014-04-16 11:56 - 00000000 ____D () C:\Qoobox
2014-04-16 11:23 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 11:23 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 11:23 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 11:23 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 11:23 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 11:23 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 11:23 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 11:23 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 11:22 - 2014-04-16 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:19 - 2012-11-22 18:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-04-16 11:19 - 2012-11-22 17:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-04-16 11:09 - 2012-04-28 11:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-16 11:09 - 2012-02-15 14:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 11:09 - 2012-02-15 13:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 11:09 - 2012-02-15 12:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 11:07 - 2013-01-04 13:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-16 11:07 - 2013-01-04 13:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-16 11:07 - 2013-01-04 13:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-16 11:07 - 2013-01-04 13:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-16 11:07 - 2013-01-04 13:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-16 11:07 - 2013-01-04 13:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-16 11:07 - 2013-01-04 13:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 13:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-16 11:07 - 2013-01-04 12:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-16 11:07 - 2013-01-04 12:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 12:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 11:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-16 11:07 - 2013-01-04 10:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-16 11:07 - 2013-01-04 10:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-16 11:07 - 2013-01-04 10:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-16 11:07 - 2013-01-04 10:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-16 11:07 - 2013-01-04 10:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 10:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-16 11:07 - 2013-01-04 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-16 11:07 - 2012-05-14 13:20 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-16 11:07 - 2012-04-07 20:18 - 03213824 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-04-16 11:06 - 2013-01-04 13:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-16 11:06 - 2013-01-04 13:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-16 11:06 - 2012-04-07 19:34 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-04-16 11:04 - 2013-03-19 14:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-16 11:04 - 2013-03-19 13:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-16 11:04 - 2013-03-19 13:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-16 11:04 - 2013-03-19 13:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-16 11:04 - 2013-03-19 12:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-04-16 11:04 - 2013-03-19 11:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-16 11:04 - 2013-01-24 13:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-16 11:04 - 2012-05-05 16:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-16 11:04 - 2012-05-05 15:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-04-16 11:04 - 2011-11-17 15:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-16 11:04 - 2011-11-17 13:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-16 11:04 - 2011-10-15 14:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-04-16 11:04 - 2011-10-15 13:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-04-15 13:16 - 2014-04-15 19:18 - 00000000 ____D () C:\Users\Paul\Desktop\Insurance quotes
2014-04-15 10:32 - 2014-04-15 10:32 - 13282437 _____ () C:\Users\Paul\PAUL.7z
2014-04-15 10:20 - 2014-04-15 13:27 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\FileZilla
2014-04-15 10:19 - 2014-04-15 10:19 - 04968079 _____ (Tim Kosse) C:\Users\Paul\Downloads\FileZilla_3.8.0_win32-setup [1].exe
2014-04-15 10:19 - 2014-04-15 10:19 - 00002002 _____ () C:\Users\Paul\Desktop\FileZilla Client.lnk
2014-04-15 10:19 - 2014-04-15 10:19 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-04-15 10:19 - 2014-04-15 10:19 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-04-15 09:55 - 2014-04-15 10:09 - 01983995 _____ (FileZilla Project) C:\Users\Paul\Downloads\FileZilla_Server-0_9_44 [1].exe
2014-04-15 09:53 - 2014-04-15 09:53 - 00358193 _____ () C:\Users\Paul\AppData\Local\speedial.crx
2014-04-14 13:11 - 2014-04-14 13:11 - 00075776 _____ () C:\Users\Paul\Downloads\schedule sinotransea 20140414.xls
2014-04-14 11:45 - 2014-04-14 11:45 - 00090833 _____ () C:\Users\Paul\Downloads\乳粉文件-11.rar
2014-04-11 15:43 - 2014-04-15 15:24 - 00000000 ____D () C:\Users\Paul\Desktop\Huang He Long
2014-04-08 11:52 - 2014-04-08 11:52 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-08 11:37 - 2014-04-08 11:37 - 00001063 _____ () C:\Users\Paul\Desktop\Repetitions.lnk
2014-04-08 10:17 - 2014-04-08 10:17 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spoon
2014-04-08 10:17 - 2014-04-08 10:17 - 00000000 ____D () C:\Program Files (x86)\PDFArea
2014-04-08 10:17 - 2011-12-09 08:56 - 01931256 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.Unicode.v15.2.1.ocx
2014-04-08 10:17 - 2011-12-09 08:56 - 00587768 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.SkinFramework.Unicode.v15.2.1.ocx
2014-04-08 10:17 - 2011-12-09 08:55 - 02775032 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.Unicode.v15.2.1.ocx
2014-04-08 10:17 - 2009-12-29 11:35 - 02536072 _____ (gdpicture.com) C:\Windows\SysWOW64\gdpicturepro5.ocx
2014-04-08 10:17 - 2009-12-29 11:35 - 02524808 _____ (gdpicture.com) C:\Windows\SysWOW64\gdimgplug.dll
2014-04-08 10:17 - 2009-07-14 02:03 - 01722880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-04-05 16:10 - 2014-04-15 17:15 - 00032768 _____ () C:\Users\Paul\hanzi.srs
2014-04-05 16:04 - 2014-04-15 17:15 - 00000000 ____D () C:\Users\Paul\.Repetitions
2014-04-05 16:04 - 2014-04-05 16:04 - 00000000 ____D () C:\Program Files (x86)\Repetitions
2014-03-31 10:17 - 2014-04-15 16:33 - 00011561 _____ () C:\Users\Paul\Desktop\hanzi list.xlsx
 
==================== One Month Modified Files and Folders =======
 
2014-04-16 17:42 - 2014-04-16 17:42 - 00019404 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-04-16 17:42 - 2014-04-16 17:18 - 00000000 ____D () C:\FRST
2014-04-16 17:41 - 2014-04-16 17:41 - 02054144 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-04-16 17:41 - 2013-11-13 18:10 - 00000586 _____ () C:\Users\Paul\Desktop\fg.ini
2014-04-16 17:37 - 2010-07-07 19:45 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 17:37 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 17:36 - 2013-10-31 21:28 - 00064962 _____ () C:\Windows\setupact.log
2014-04-16 17:35 - 2011-07-26 15:42 - 01877411 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 17:34 - 2014-04-16 12:56 - 00000000 ____D () C:\Users\Paul\Desktop\Virus scans
2014-04-16 17:15 - 2011-02-25 13:32 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-04-16 16:56 - 2010-07-07 19:45 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 14:35 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 14:35 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 13:44 - 2014-04-16 13:33 - 00000040 _____ () C:\Users\Paul\Desktop\bleeping.txt
2014-04-16 13:26 - 2014-04-16 13:26 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.scr
2014-04-16 12:37 - 2010-07-07 19:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-16 12:35 - 2010-07-07 19:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-16 12:34 - 2011-11-21 13:00 - 00000000 ____D () C:\Program Files\Adobe
2014-04-16 12:34 - 2011-11-21 12:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-16 12:33 - 2011-11-18 13:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-16 11:56 - 2014-04-16 11:23 - 00000000 ____D () C:\Qoobox
2014-04-16 11:56 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 11:54 - 2014-04-16 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:52 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 11:50 - 2014-02-26 13:11 - 00123300 _____ () C:\Windows\PFRO.log
2014-04-16 11:49 - 2009-07-14 15:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-16 11:49 - 2009-07-14 10:34 - 78643200 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-04-16 11:49 - 2009-07-14 10:34 - 62128128 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-16 11:49 - 2009-07-14 10:34 - 17563648 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-16 11:49 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-16 11:49 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-16 11:49 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-16 11:45 - 2009-07-14 13:13 - 00740374 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 11:41 - 2014-04-16 11:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-16 11:25 - 2011-02-25 12:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-16 09:54 - 2011-02-27 21:06 - 00061952 _____ () C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 09:24 - 2012-03-27 10:28 - 00000000 ____D () C:\Users\Paul\Documents\Tencent Files
2014-04-15 19:18 - 2014-04-15 13:16 - 00000000 ____D () C:\Users\Paul\Desktop\Insurance quotes
2014-04-15 17:15 - 2014-04-05 16:10 - 00032768 _____ () C:\Users\Paul\hanzi.srs
2014-04-15 17:15 - 2014-04-05 16:04 - 00000000 ____D () C:\Users\Paul\.Repetitions
2014-04-15 16:33 - 2014-03-31 10:17 - 00011561 _____ () C:\Users\Paul\Desktop\hanzi list.xlsx
2014-04-15 15:24 - 2014-04-11 15:43 - 00000000 ____D () C:\Users\Paul\Desktop\Huang He Long
2014-04-15 15:17 - 2011-07-14 15:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\BitTorrent
2014-04-15 14:53 - 2011-02-23 19:15 - 00000000 ____D () C:\Users\Paul
2014-04-15 13:27 - 2014-04-15 10:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\FileZilla
2014-04-15 10:32 - 2014-04-15 10:32 - 13282437 _____ () C:\Users\Paul\PAUL.7z
2014-04-15 10:22 - 2011-02-23 19:16 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:19 - 2014-04-15 10:19 - 04968079 _____ (Tim Kosse) C:\Users\Paul\Downloads\FileZilla_3.8.0_win32-setup [1].exe
2014-04-15 10:19 - 2014-04-15 10:19 - 00002002 _____ () C:\Users\Paul\Desktop\FileZilla Client.lnk
2014-04-15 10:19 - 2014-04-15 10:19 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-04-15 10:19 - 2014-04-15 10:19 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-04-15 10:09 - 2014-04-15 09:55 - 01983995 _____ (FileZilla Project) C:\Users\Paul\Downloads\FileZilla_Server-0_9_44 [1].exe
2014-04-15 09:53 - 2014-04-15 09:53 - 00358193 _____ () C:\Users\Paul\AppData\Local\speedial.crx
2014-04-14 13:11 - 2014-04-14 13:11 - 00075776 _____ () C:\Users\Paul\Downloads\schedule sinotransea 20140414.xls
2014-04-14 11:45 - 2014-04-14 11:45 - 00090833 _____ () C:\Users\Paul\Downloads\乳粉文件-11.rar
2014-04-12 18:38 - 2013-09-26 08:44 - 00000000 ____D () C:\Users\Paul\Desktop\Adam Zhao
2014-04-09 09:49 - 2009-07-14 10:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-08 21:43 - 2010-07-07 20:07 - 00001441 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-08 11:52 - 2014-04-08 11:52 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-08 11:37 - 2014-04-08 11:37 - 00001063 _____ () C:\Users\Paul\Desktop\Repetitions.lnk
2014-04-08 10:17 - 2014-04-08 10:17 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spoon
2014-04-08 10:17 - 2014-04-08 10:17 - 00000000 ____D () C:\Program Files (x86)\PDFArea
2014-04-08 10:01 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-06 22:07 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 16:04 - 2014-04-05 16:04 - 00000000 ____D () C:\Program Files (x86)\Repetitions
2014-04-02 19:02 - 2009-07-14 13:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 15:28 - 2012-01-29 21:53 - 00000000 ____D () C:\Users\Paul\Documents\Documents for Migration 1
2014-03-31 03:51 - 2011-07-26 09:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-27 20:51 - 2010-07-07 19:45 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 20:51 - 2010-07-07 19:45 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 10:36 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-18 09:09 - 2013-07-01 11:57 - 00000132 _____ () C:\Users\Paul\AppData\Roaming\Adobe GIF Format CS5 Prefs
 
Files to move or delete:
====================
C:\ProgramData\aspg.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 16:57
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 16 April 2014 - 12:58 PM

Hello,

 

 

STEP 1
 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed!!
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 



STEP 2

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 16 April 2014 - 12:59 PM.

cXfZ4wS.png


#5 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 16 April 2014 - 11:26 PM

Step 1 

The report created by TDSKiller was too big to paste in pastebin.com. (They have a limit of 500kb only for non-subscribers).

Please advise me whether you want me to copy and paste it here or attach.

 

Step 2

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by Paul at 2014-04-17 12:17:29 Run:1
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Paul\AppData\Local\speedial.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [jfeppecdjlffiofplphgefjojhmnoicl] - C:\ProgramData\SaveAs\jfeppecdjlffiofplphgefjojhmnoicl.crx [2014-04-15]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; 
U3 tmwfp; 
2014-04-15 09:53 - 2014-04-15 09:53 - 00358193 _____ () C:\Users\Paul\AppData\Local\speedial.crx
end
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => Key deleted successfully.
C:\Users\Paul\AppData\Local\speedial.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfeppecdjlffiofplphgefjojhmnoicl => Key deleted successfully.
"C:\ProgramData\SaveAs\jfeppecdjlffiofplphgefjojhmnoicl.crx" => File/Directory not found.
catchme => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
"C:\Users\Paul\AppData\Local\speedial.crx" => File/Directory not found.
 

 

==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 17 April 2014 - 01:15 AM

Hello,

 

Please upload the log here => http://www.filedropper.com/ and post the link to the log in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 17 April 2014 - 01:22 AM

http://www.filedropper.com/tdsskiller3003117042014120422log



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 17 April 2014 - 01:37 AM

Hello,

 

Do you still receive notifications from avast?

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 15 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerx64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download aswMBR.exe to your desktop.
 

  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    unledyfm.png
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note - do NOT attempt any Fix or FixMBR yet.

 

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 17 April 2014 - 09:20 AM

Yes, I am still receiving notifications from Avast.

 

Step 1

Rkill 2.6.5 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/17/2014 02:51:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 2852) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/17/2014 02:54:03 PM
Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s)
 
Step 2
 
Step 3
Please note: This scan kept crashing at:
 
16:28:35.414 Avast engine scan c:\
16:56:15.132 Scanning c:\ProgramData\Microsoft\Office\UICaptions\30821\XLSLICER.DLL.trx_dll
 
This is the log saved at the point of crash:
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-17 16:25:16
-----------------------------
16:25:16.976    OS Version: Windows x64 6.1.7600 
16:25:16.976    Number of processors: 4 586 0x2505
16:25:16.977    ComputerName: PAUL-PC  UserName: Paul
16:25:18.015    Initialize success
16:25:18.151    AVAST engine defs: 14041601
16:25:57.463    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:57.463    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
16:25:58.649    Disk 0 MBR read successfully
16:25:58.649    Disk 0 MBR scan
16:25:58.649    Disk 0 Windows 7 default MBR code
16:25:58.711    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
16:25:58.805    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119235 MB offset 40965752
16:25:58.821    Disk 0 Partition - 00     0F Extended LBA            337701 MB offset 285159424
16:25:58.883    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       337700 MB offset 285161472
16:25:59.991    Disk 0 scanning C:\Windows\system32\drivers
16:28:12.560    Service scanning
16:28:34.400    Modules scanning
16:28:34.400    Disk 0 trace - called modules:
16:28:34.493    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
16:28:34.493    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c65060]
16:28:34.509    3 CLASSPNP.SYS[fffff880013c943f] -> nt!IofCallDriver -> [0xfffffa8004999be0]
16:28:34.509    5 ACPI.sys[fffff88000f4a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a1050]
16:28:35.414    AVAST engine scan C:\
17:06:44.609    Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
17:06:44.624    The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"
 
Step 4
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2014
Scan Time: 5:41:08 PM
Logfile: 
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.17.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Paul
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 47719
Time Elapsed: 14 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Step 5
HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : PAUL-PC
   Windows . . . . . . . : 6.1.0.7600.X64/4
   User name . . . . . . : Paul-PC\Paul
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-04-17 19:37:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 14s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 15
   Traces  . . . . . . . : 33
 
   Objects scanned . . . : 1,874,587
   Files scanned . . . . : 129,707
   Remnants scanned  . . : 704,551 files / 1,040,329 keys
 
Malware _____________________________________________________________________
 
   C:\Program Files\AVAST Software\Avast\ashBase.dll
      Size . . . . . . . : 349,176 bytes
      Age  . . . . . . . : 881.2 days (2011-11-18 13:58:18)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 997DA7F72467225FD99084C899E400C8FA7489D46E54B8F767BBD0C9D1231031
      Product  . . . . . : avast! Antivirus 
      Publisher  . . . . : AVAST Software
      Description  . . . : Basic Functionality Module
      Version  . . . . . : 6.0.999.0
      Copyright  . . . . : Copyright (c) 2011 AVAST Software
    > G Data . . . . . . : Trojan.Generic.7583867
      Fuzzy  . . . . . . : 98.0
 
 
Malware remnants ____________________________________________________________
 
   mysearchdial.com
   C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   C:\Users\Paul\AppData\Local\SearchProtect\ (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\SearchProtect\rep\ (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\UI\rep\ (SearchProtect)
   C:\Users\Paul\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (SearchProtect)
   C:\Users\Paul\AppData\LocalLow\MySearchDial\ (MySearchDial)
   HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}\ (MySearchDial)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
   HKLM\SOFTWARE\Wow6432Node\MySearchDial\ (MySearchDial)
   HKLM\SOFTWARE\Wow6432Node\SearchProtect\ (SearchProtect)
 
Potential Unwanted Programs _________________________________________________
 
   C:\ProgramData\Babylon\ (Babylon)
   ask.com
   C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   conduit.search
   C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Conduit\ (Conduit)
   HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Softonic\ (Softonic)
 
Cookies _____________________________________________________________________
 
   C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\1SZ5178G.txt
   C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\2AK8VBTX.txt
   C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\JXI5J7XJ.txt
   C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\ZZ6D2QMW.txt
 
 

Edited by humdinger, 17 April 2014 - 09:36 AM.


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 17 April 2014 - 02:50 PM

Hello,

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also after the script above there will be MBRDUMP.txt saved where FRST/FRST64 has been downloaded to.

Please attach it to your next reply as well.

 

 

Also the log from RogueKiller indicates that you use an old version of the tool - RogueKiller V8.6.3 _x64. The latest version is 8.8.15!

Please download the latest version from here and run a new scan with it. Then please post the log from the scan as well.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 17 April 2014 - 07:36 PM

**Please note: After running this fix malicious URL messages are still appearing from Avast.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by Paul at 2014-04-18 08:24:05 Run:2
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\Paul\AppData\Local\SearchProtect
C:\Users\Paul\AppData\LocalLow\MySearchDial
C:\ProgramData\Babylon
Reg: reg delete "HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\MySearchDial" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\SearchProtect" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\AppID\esrv.EXE" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Prod.cap" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Conduit" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\DataMngr" /f
Reg: reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow" /f
Reg: reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome" /f
Reg: reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Softonic" /f
SaveMbr: drive=0
C:\Users\Paul\AppData\Local\Temp
Reboot:
end
*****************
 
C:\Users\Paul\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Paul\AppData\LocalLow\MySearchDial => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
 
========= reg delete "HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\MySearchDial" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\SearchProtect" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Classes\AppID\esrv.EXE" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Classes\Prod.cap" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\Conduit" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\DataMngr" /f =========
 
ERROR: Access is denied.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3802050111-445205584-2414893703-1000\Software\Softonic" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
MBRDUMP.txt is made successfully.
 
"C:\Users\Paul\AppData\Local\Temp" directory move:
 
C:\Users\Paul\AppData\Local\Temp\amline_data.xml => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\amline_settings.xml => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\Paul\AppData\Local\Temp\etilqs_PBKaYXa5lgzjrGa" => Scheduled to move on reboot.
Could not move "C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Paul\AppData\Local\Temp\I)ZL4$)Y0EISO}~[A7RLHCF.tmp => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\oobelib.log => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\PDApp.log => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\QDW4H%F6_VD5}08_GARX46J.xml => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\swtag.log => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\~docwkqz => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\~hooroux => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\VBE\MSForms.exd => Moved successfully.
Could not move "C:\Users\Paul\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-18 08:25:53)<=
 
C:\Users\Paul\AppData\Local\Temp\etilqs_PBKaYXa5lgzjrGa => Is moved successfully.
C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Paul\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 04/18/2014 08:15:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] fg742p.exe -- C:\Users\Paul\Desktop\fg742p.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8580 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] PeriodicScanRetry : %windir%\ehome\MCUpdate.exe - -pscn 0 [7][-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 535c3e64eddb2150bc7d79f4752e1c79
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 20002 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965752 | Size: 119235 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 285159424 | Size: 337701 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04182014_081526.txt >>
RKreport[0]_S_04172014_145744.txt

Attached Files


Edited by humdinger, 17 April 2014 - 07:58 PM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 18 April 2014 - 01:08 AM

Hello,

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Please re-run RogueKiller.
Wait until Prescan has finished.
Click on Scan.
Now click the FixHost, FixProxy and FixDns buttons located on the right side (under the scan button).
If asked to restart the computer, please do so immediately.
When it is finished, new log files will appear on your desktop.
Post the logs in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 18 April 2014 - 02:01 AM

Step 1

# AdwCleaner v3.023 - Report created 18/04/2014 at 14:29:12

# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Tencent
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Paul\AppData\Local\PackageAware
Folder Deleted : C:\Users\Paul\AppData\LocalLow\GutscheinCodes
Folder Deleted : C:\Users\Paul\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Paul\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Paul\AppData\Roaming\DSite
Folder Deleted : C:\Users\Paul\AppData\Roaming\Tencent
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Key Deleted : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKCU\Software\5f2dadabd3ae544
Key Deleted : HKLM\SOFTWARE\5f2dadabd3ae544
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-flip-and-rotate_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-flip-and-rotate_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_k-lite-codec-pack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_k-lite-codec-pack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull
Key Deleted : [x64] HKLM\SOFTWARE\SavingsBull Filter
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [5200 octets] - [18/04/2014 14:19:57]
AdwCleaner[R1].txt - [5260 octets] - [18/04/2014 14:26:21]
AdwCleaner[R2].txt - [5320 octets] - [18/04/2014 14:28:13]
AdwCleaner[S0].txt - [5203 octets] - [18/04/2014 14:29:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5263 octets] ##########
 
Step 2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paul on Fri 04/18/2014 at 14:37:27.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/18/2014 at 14:50:45.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Step 3
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : HOSTSFix -- Date : 04/18/2014 14:55:17
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost
 
 
Finished : << RKreport[0]_H_04182014_145517.txt >>
RKreport[0]_S_04182014_145357.txt
 
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : ProxyFix -- Date : 04/18/2014 14:55:24
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_PR_04182014_145524.txt >>
RKreport[0]_H_04182014_145517.txt;RKreport[0]_S_04182014_145357.txt
 
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : DNSFix -- Date : 04/18/2014 14:55:29
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_DN_04182014_145529.txt >>
RKreport[0]_H_04182014_145517.txt;RKreport[0]_S_04182014_145357.txt
 
 
 


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:19 AM

Posted 18 April 2014 - 02:19 AM

Hello,

 

Go ahead and uninstall the following programs (if they are listed in the Control Panel):

 

BitTorrent

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

 

 

TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)

 

 

Registry Editor / Cleaner Warning !!



The following is referring to TuneUp Utilities.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools
 

 

 

 

This is adware program:

 

SavingsBull
SavingsbullFilter

 

 

Temporary uninstall Tencent QQ and Skype Click to Call.
 

 

Reboot the computer and let me know if the issue still persist.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 April 2014 - 02:19 AM.

cXfZ4wS.png


#15 humdinger

humdinger
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 19 April 2014 - 01:40 AM

1. I uninstalled all the programs you advised.

2. When using my office network, the problem persisted

3. Then, I used my computer on my home network and did not experience the problem at all.

 

The problem restated: I am getting frequent malicious URL warnings from Avast when I use my office network. These warnings appear randomly, even when I am not actively trying to access a website.  The process in question is c:\windows\system34\svchost.exe. I do not know whether there is some DNS problem at the ISP side, which I cannot really control, or whether there is malware in my computer trying to make these frequent connections. I have observed that the problem occurs when I am on my office network but not on my home network. 

 

Therefore, I want to thoroughly check my computer for viruses, rootkits etc. to determine the cause of the problem. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users