Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maxwebsearch and catchme virus on the computer with Dropping Network Connection


  • This topic is locked This topic is locked
5 replies to this topic

#1 luvallcomputers2

luvallcomputers2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 04 July 2014 - 02:50 AM

I have ran security check, adwcleaner, roguekiller, and hijackthis.  I have pasted my log files in order to see if the virus has been removed.  Thank you for checking my logs.  I do not seem to be able to use the internet with the computer and the network quites or just does not connect like it should.  It drops off the network every few minutes.

 

Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 60  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

________________________________________________

 

# AdwCleaner v3.214 - Report created 04/07/2014 at 02:15:11
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Tom - TOM-HOME
# Running from : C:\Users\Tom\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Tom\AppData\Roaming\Activeris

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\i0yl6isp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10121 octets] - [03/07/2014 22:51:08]
AdwCleaner[R1].txt - [1139 octets] - [04/07/2014 02:13:51]
AdwCleaner[S0].txt - [10085 octets] - [03/07/2014 22:53:05]
AdwCleaner[S1].txt - [1069 octets] - [04/07/2014 02:15:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1129 octets] ##########

 

________________________________________________________
 

Adwcleaner after I pushed the delete button.

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Remove -- Date : 07/04/2014  02:24:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> REPLACED ()

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500630NS ATA Device +++++
--- User ---
[MBR] cc87fe30f7070790b82a549c82c62821
[BSP] ec9fd387811638b1178594041447c275 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07032014_215423.log - RKreport_DEL_07032014_224950.log - RKreport_DEL_07042014_001640.log - RKreport_DEL_07042014_002406.log
RKreport_SCN_07032014_212107.log - RKreport_SCN_07032014_220212.log - RKreport_SCN_07042014_001307.log - RKreport_SCN_07042014_002137.log
RKreport_SCN_07042014_022338.log

 

 

_______________________________________________

 

This is the roguekiller report

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 07/04/2014  02:23:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A396F840-C894-44EE-B020-3C6E72F25B75} | DhcpNameServer : 172.16.1.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FF58BC9F-F7EC-4212-9EC2-5B647AB1B3F2} | DhcpNameServer : 172.16.1.254  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500630NS ATA Device +++++
--- User ---
[MBR] cc87fe30f7070790b82a549c82c62821
[BSP] ec9fd387811638b1178594041447c275 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07032014_215423.log - RKreport_DEL_07032014_224950.log - RKreport_DEL_07042014_001640.log - RKreport_DEL_07042014_002406.log
RKreport_SCN_07032014_212107.log - RKreport_SCN_07032014_220212.log - RKreport_SCN_07042014_001307.log - RKreport_SCN_07042014_002137.log

 

 

_________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:39 AM, on 7/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Users\Tom\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Monitor Ink Alerts - HP Officejet 6700.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SupraSavingsService - Unknown owner - C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService.exe
O23 - Service: vxlsnyaiet32 - Unknown owner - C:\Program Files\003\vxlsnyaiet32.exe (file missing)

--
End of file - 4220 bytes

 

Thank you for helping with this problem.  It is nice to have someone reveiw the logs and see if there are more steps needed to finish killing the bugs.

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 04 July 2014 - 09:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 luvallcomputers2

luvallcomputers2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 04 July 2014 - 09:52 AM

Thank you for your help.  I have removed some virus in the past but it seems to be harder to find all of them now.  Here is the two text for frst.  I am running aswmbr now so will post back in a few minutes the report.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-07-2014
Ran by Tom (administrator) on TOM-HOME on 04-07-2014 09:45:33
Running from C:\Users\Tom\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Southwest Airlines) C:\Program Files\Southwest Airlines\Ding\Ding.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-11-22] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2832712168-2157025328-2507826519-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD942C1699397CF01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\i0yl6isp.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Tom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\i0yl6isp.default\Extensions\staged [2014-06-27]
FF Extension: Shop to Win 31 - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\i0yl6isp.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi [2013-09-21]
FF Extension: Spring Smart - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\i0yl6isp.default\Extensions\{a88c5367-7ba7-4188-92bf-b63ed9a9e22e}.xpi [2014-02-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

========================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [3795560 2010-04-30] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SupraSavingsService; C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
S2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF [X]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl961ca9e2; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78321D62-2452-4836-91D0-0730CAA7B459}\MpKsl961ca9e2.sys [39464 2014-07-04] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-06-12] (NetFilterSDK.com) [File not signed]
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [693760 2011-02-10] (Realtek Semiconductor Corporation                           )
S1 netfilter2; system32\drivers\netfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 09:45 - 2014-07-04 09:45 - 00008885 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-07-04 09:45 - 2014-07-04 09:45 - 00000000 ____D () C:\FRST
2014-07-04 09:43 - 2014-07-04 09:42 - 05185536 _____ (AVAST Software) C:\Users\Tom\Desktop\aswmbr.exe
2014-07-04 09:43 - 2014-07-04 09:42 - 01073664 _____ (Farbar) C:\Users\Tom\Desktop\FRST.exe
2014-07-04 08:47 - 2014-07-04 08:50 - 00000000 ____D () C:\drivers for this computer
2014-07-04 08:47 - 2014-07-04 08:45 - 00081899 _____ () C:\Users\Tom\Desktop\cports.zip
2014-07-04 02:26 - 2014-07-04 02:26 - 00004221 _____ () C:\Users\Tom\Desktop\hijackthis.log
2014-07-04 02:16 - 2014-07-04 02:27 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-04 02:09 - 2014-07-04 02:08 - 01346519 _____ () C:\Users\Tom\Desktop\AdwCleaner.exe
2014-07-04 02:09 - 2014-07-04 02:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tom\Desktop\HijackThis.exe
2014-07-04 02:09 - 2014-07-04 01:57 - 04721240 _____ () C:\Users\Tom\Desktop\RogueKiller.exe
2014-07-04 02:09 - 2014-07-04 01:53 - 00854390 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-07-04 02:07 - 2014-07-04 02:08 - 01346519 _____ () C:\Users\Tom\Downloads\AdwCleaner.exe
2014-07-04 02:02 - 2014-07-04 02:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tom\Downloads\HijackThis.exe
2014-07-04 01:54 - 2014-07-04 01:57 - 04721240 _____ () C:\Users\Tom\Downloads\RogueKiller.exe
2014-07-04 01:52 - 2014-07-04 01:53 - 00854390 _____ () C:\Users\Tom\Downloads\SecurityCheck.exe
2014-07-03 23:46 - 2011-02-10 05:35 - 00693760 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192cu.sys
2014-07-03 22:51 - 2014-07-04 02:15 - 00000000 ____D () C:\AdwCleaner
2014-07-03 21:10 - 2014-07-04 02:17 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-03 21:09 - 2014-07-03 21:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-29 19:05 - 2014-07-04 02:16 - 00001558 _____ () C:\Windows\setupact.log
2014-06-29 19:05 - 2014-07-04 02:15 - 00002822 _____ () C:\Windows\PFRO.log
2014-06-29 19:05 - 2014-06-29 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 18:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-29 18:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-29 18:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-29 18:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-29 18:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-29 18:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-29 18:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-29 18:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-29 18:16 - 2014-07-03 23:20 - 00000000 ____D () C:\Qoobox
2014-06-29 18:16 - 2014-06-29 18:23 - 00000000 ____D () C:\Windows\erdnt
2014-06-29 18:07 - 2014-07-04 01:39 - 00000000 ____D () C:\Users\Tom\Downloads\virus removal
2014-06-27 04:10 - 2014-06-27 04:10 - 00000000 ____D () C:\MININT
2014-06-27 04:05 - 2014-06-27 04:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
2014-06-27 04:05 - 2014-06-27 04:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Apps\2.0
2014-06-26 17:30 - 2014-06-29 23:10 - 00000000 ____D () C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF
2014-06-13 15:30 - 2014-07-04 09:35 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001UA.job
2014-06-13 15:30 - 2014-07-02 16:24 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001Core.job
2014-06-13 15:30 - 2014-06-13 15:31 - 00000000 ____D () C:\Users\Tom\AppData\Local\Facebook
2014-06-13 14:17 - 2014-07-04 02:16 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2014-06-13 14:17 - 2014-06-13 14:18 - 00000000 ___RD () C:\Program Files\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\ProgramData\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 13:56 - 2014-07-04 09:25 - 00916498 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 13:51 - 2014-06-13 13:51 - 00000000 ____D () C:\Program Files\PsudToPung
2014-06-13 13:42 - 2014-06-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-13 13:42 - 2014-06-13 13:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-13 13:42 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-13 13:42 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-13 13:42 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-13 13:42 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-13 13:41 - 2014-06-13 13:42 - 00004300 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-12 20:29 - 2014-06-12 20:29 - 00000000 ____D () C:\Program Files\YTDownloader
2014-06-12 20:27 - 2014-06-12 20:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashRpt
2014-06-12 20:19 - 2014-06-29 19:03 - 00000000 ____D () C:\temp
2014-06-12 14:05 - 2014-06-12 14:05 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-12 03:07 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:07 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 03:07 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:07 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 03:07 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:07 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:07 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:07 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:07 - 2014-05-30 03:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 03:07 - 2014-05-30 03:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 03:07 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:07 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 03:07 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:07 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:07 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:07 - 2014-05-30 02:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:07 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:07 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 03:07 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:07 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:07 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:07 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:07 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 03:06 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:06 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:06 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:06 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 03:06 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:05 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:05 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:05 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:05 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 03:04 - 2014-06-08 03:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 03:04 - 2014-06-08 03:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 03:04 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:04 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:04 - 2014-04-04 21:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 05:29 - 2014-05-08 04:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 05:29 - 2014-05-08 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-07-04 09:45 - 2014-07-04 09:45 - 00008885 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-07-04 09:45 - 2014-07-04 09:45 - 00000000 ____D () C:\FRST
2014-07-04 09:43 - 2009-07-13 23:34 - 00016016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 09:43 - 2009-07-13 23:34 - 00016016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 09:42 - 2014-07-04 09:43 - 05185536 _____ (AVAST Software) C:\Users\Tom\Desktop\aswmbr.exe
2014-07-04 09:42 - 2014-07-04 09:43 - 01073664 _____ (Farbar) C:\Users\Tom\Desktop\FRST.exe
2014-07-04 09:35 - 2014-06-13 15:30 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001UA.job
2014-07-04 09:25 - 2014-06-13 13:56 - 00916498 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 09:21 - 2012-08-23 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 08:50 - 2014-07-04 08:47 - 00000000 ____D () C:\drivers for this computer
2014-07-04 08:49 - 2014-05-06 13:44 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 08:45 - 2014-07-04 08:47 - 00081899 _____ () C:\Users\Tom\Desktop\cports.zip
2014-07-04 02:27 - 2014-07-04 02:16 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-04 02:26 - 2014-07-04 02:26 - 00004221 _____ () C:\Users\Tom\Desktop\hijackthis.log
2014-07-04 02:17 - 2014-07-03 21:10 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-04 02:16 - 2014-06-29 19:05 - 00001558 _____ () C:\Windows\setupact.log
2014-07-04 02:16 - 2014-06-13 14:17 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2014-07-04 02:16 - 2014-05-06 13:44 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 02:16 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 02:15 - 2014-07-03 22:51 - 00000000 ____D () C:\AdwCleaner
2014-07-04 02:15 - 2014-06-29 19:05 - 00002822 _____ () C:\Windows\PFRO.log
2014-07-04 02:08 - 2014-07-04 02:09 - 01346519 _____ () C:\Users\Tom\Desktop\AdwCleaner.exe
2014-07-04 02:08 - 2014-07-04 02:07 - 01346519 _____ () C:\Users\Tom\Downloads\AdwCleaner.exe
2014-07-04 02:02 - 2014-07-04 02:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tom\Desktop\HijackThis.exe
2014-07-04 02:02 - 2014-07-04 02:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tom\Downloads\HijackThis.exe
2014-07-04 01:57 - 2014-07-04 02:09 - 04721240 _____ () C:\Users\Tom\Desktop\RogueKiller.exe
2014-07-04 01:57 - 2014-07-04 01:54 - 04721240 _____ () C:\Users\Tom\Downloads\RogueKiller.exe
2014-07-04 01:53 - 2014-07-04 02:09 - 00854390 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-07-04 01:53 - 2014-07-04 01:52 - 00854390 _____ () C:\Users\Tom\Downloads\SecurityCheck.exe
2014-07-04 01:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-04 01:39 - 2014-06-29 18:07 - 00000000 ____D () C:\Users\Tom\Downloads\virus removal
2014-07-03 23:28 - 2012-08-23 19:30 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 23:24 - 2009-07-13 23:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 23:20 - 2014-06-29 18:16 - 00000000 ____D () C:\Qoobox
2014-07-03 23:18 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-03 22:53 - 2013-09-19 08:45 - 00001112 _____ () C:\Users\Tom\Desktop\Internet Explorer.lnk
2014-07-03 22:53 - 2012-08-23 17:34 - 00000000 ____D () C:\Users\Tom
2014-07-03 21:10 - 2014-07-03 21:09 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-03 20:15 - 2014-04-17 08:41 - 00017408 ___SH () C:\Users\Tom\Thumbs.db
2014-07-02 16:24 - 2014-06-13 15:30 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001Core.job
2014-06-29 23:10 - 2014-06-26 17:30 - 00000000 ____D () C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF
2014-06-29 19:05 - 2014-06-29 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 19:03 - 2014-06-12 20:19 - 00000000 ____D () C:\temp
2014-06-29 18:44 - 2012-11-21 09:47 - 00000000 ____D () C:\Registry Backup
2014-06-29 18:43 - 2012-08-23 23:58 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-29 18:43 - 2012-08-23 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-29 18:43 - 2012-08-23 23:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-29 18:42 - 2012-08-24 00:09 - 00001852 _____ () C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2014-06-29 18:42 - 2012-08-24 00:09 - 00000972 _____ () C:\Users\Public\Desktop\IrfanView.lnk
2014-06-29 18:40 - 2012-08-24 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-06-29 18:24 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-06-29 18:23 - 2014-06-29 18:16 - 00000000 ____D () C:\Windows\erdnt
2014-06-29 18:11 - 2009-07-13 23:33 - 00416120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 04:10 - 2014-06-27 04:10 - 00000000 ____D () C:\MININT
2014-06-27 04:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Resources
2014-06-27 04:09 - 2012-08-23 20:01 - 00111328 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 04:06 - 2014-06-27 04:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
2014-06-27 04:05 - 2014-06-27 04:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Apps\2.0
2014-06-13 17:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-06-13 15:31 - 2014-06-13 15:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Facebook
2014-06-13 14:18 - 2014-06-13 14:17 - 00000000 ___RD () C:\Program Files\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\ProgramData\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-13 14:17 - 2014-06-13 14:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 13:55 - 2014-05-06 13:44 - 00000000 ____D () C:\Program Files\Google
2014-06-13 13:55 - 2014-02-03 08:22 - 00000000 ____D () C:\ProgramData\PsudToPung
2014-06-13 13:51 - 2014-06-13 13:51 - 00000000 ____D () C:\Program Files\PsudToPung
2014-06-13 13:51 - 2014-02-03 08:22 - 00000000 ____D () C:\ProgramData\d7385ae0f9876258
2014-06-13 13:44 - 2014-05-06 13:44 - 00000000 ____D () C:\Users\Tom\AppData\Local\Google
2014-06-13 13:42 - 2014-06-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-13 13:42 - 2014-06-13 13:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-13 13:42 - 2014-06-13 13:41 - 00004300 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-13 13:42 - 2013-10-11 15:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-13 13:42 - 2013-10-11 15:39 - 00000000 ____D () C:\Program Files\Java
2014-06-13 07:22 - 2012-08-23 19:54 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-13 07:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-13 07:16 - 2013-12-05 17:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-13 03:17 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 20:29 - 2014-06-12 20:29 - 00000000 ____D () C:\Program Files\YTDownloader
2014-06-12 20:29 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-12 20:27 - 2014-06-12 20:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashRpt
2014-06-12 20:22 - 2014-01-02 08:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-12 14:05 - 2014-06-12 14:05 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-12 03:03 - 2013-10-22 06:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:01 - 2012-08-23 20:02 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 03:48 - 2014-06-12 03:04 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:43 - 2014-06-12 03:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\temp\BackupSetup.exe
C:\Users\Tom\AppData\Local\temp\Quarantine.exe
C:\Users\Tom\AppData\Local\temp\SymCCIS.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 06:27

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-07-2014
Ran by Tom at 2014-07-04 09:46:13
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DING! (HKLM\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{5C2B63F5-0941-4C00-8CF8-91B83FFFF756}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
MahJong Suite 2012 v9.0 (HKLM\...\MahJong Suite_is1) (Version:  - TreeCardGames)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 309.00 (Version: 309.00 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.118.757 - NVIDIA Corporation) Hidden
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527 - NVIDIA Corporation) Hidden
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.2.5.0 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5491 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)

==================== Restore Points  =========================

29-06-2014 23:47:56 Clean
04-07-2014 01:37:01 ComboFix created restore point
04-07-2014 05:03:19 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2014-07-03 22:49 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1734643E-C89C-4DD2-88F3-E551BD894B21} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2014-05-22] (YTDownloader)
Task: {21FDE4D2-51BA-4AFC-A61C-3E9C5A3364BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001Core => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-13] (Facebook Inc.)
Task: {2EC3D29C-E95E-4B11-B0AA-A9A083817750} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {30FB028A-3941-4AF7-8D8B-36FF02C47995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {3B5E9EDF-0DCA-4552-851A-9ADAB8FE967E} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {4FE2B4A4-BB90-43DE-903D-70D1B901CE22} - System32\Tasks\{31601BBA-B561-4449-86AF-3D49C8B44664} => C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
Task: {7BD6C9DD-C796-4B13-B15B-722A2CA46519} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {83F20D7E-0B22-46D0-A58C-5C47CAD733FF} - System32\Tasks\{CF64E8A7-8FBB-4F44-B4FD-4622426F9715} => C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
Task: {978180F8-2649-4E08-BD4B-CBF270338B1E} - System32\Tasks\{7EB6D1A7-D830-48D0-967D-EDAEA88C34D6} => C:\Program Files\YTDownloader\YTDownloader.exe [2014-05-22] (YTDownloader)
Task: {9F58899A-29E3-45FA-B386-03E5468A00A6} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2014-05-22] (Goobzo)
Task: {BA074781-C8AF-4AA0-B6B0-81D8FAA90628} - System32\Tasks\{D2864DB0-9E41-4DE6-B054-9FE52D8DABD2} => C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
Task: {CBCDE83A-0167-4890-AE9E-0578CC777C74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {CE042192-0229-43C6-9D48-A4E577E53550} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {CF94FCF9-2D7E-48BA-A0B4-052226F4C269} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001UA => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-13] (Facebook Inc.)
Task: {DA4C2483-B3AD-4B53-90C7-8A2C92AFC338} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001Core.job => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2832712168-2157025328-2507826519-1001UA.job => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-03 04:47 - 2013-10-28 02:21 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-04-30 06:52 - 2010-04-30 06:52 - 03795560 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2012-08-23 18:58 - 2013-11-22 20:53 - 00357224 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2014-06-25 12:58 - 2014-06-25 12:58 - 00151040 _____ () C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService.exe
2014-06-12 14:05 - 2014-06-12 14:05 - 00102400 _____ () C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\nfapi.dll
2014-06-12 14:05 - 2014-06-12 14:05 - 00323584 _____ () C:\Program Files\6E6B36EB-9156-411B-B951-C735F4747DCF\ProtocolFilters.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 10:30:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/02/2014 05:59:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2014 00:06:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/30/2014 08:52:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/30/2014 07:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a6c

Start Time: 01cf945d532f4abe

Termination Time: 42

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (06/29/2014 11:10:34 PM) (Source: SupraSavingsService) (EventID: 1) (User: )
Description: SupraSavingsServiceIn SvcInstall, CreateService failed (1073)
 failed with 1073

Error: (06/29/2014 07:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc0000005
Fault offset: 0x008bd792
Faulting process id: 0x920
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/29/2014 06:48:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/29/2014 06:17:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (06/29/2014 06:17:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (07/04/2014 02:16:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2

Error: (07/04/2014 02:16:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vxlsnyaiet32 service failed to start due to the following error:
%%2

Error: (07/04/2014 01:42:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2

Error: (07/04/2014 01:42:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vxlsnyaiet32 service failed to start due to the following error:
%%2

Error: (07/03/2014 11:59:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2

Error: (07/03/2014 11:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vxlsnyaiet32 service failed to start due to the following error:
%%2

Error: (07/03/2014 11:52:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.177.1463.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2014 11:37:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2

Error: (07/03/2014 11:37:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vxlsnyaiet32 service failed to start due to the following error:
%%2

Error: (07/03/2014 11:31:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
netfilter2


Microsoft Office Sessions:
=========================
Error: (07/03/2014 10:30:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe

Error: (07/02/2014 05:59:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe

Error: (07/01/2014 00:06:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe

Error: (06/30/2014 08:52:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6700\DriverStore\Pipeline\amd64\hpinkins5C12.exe

Error: (06/30/2014 07:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.171261a6c01cf945d532f4abe42C:\Program Files\Internet Explorer\iexplore.exe

Error: (06/29/2014 11:10:34 PM) (Source: SupraSavingsService) (EventID: 1) (User: )
Description: SupraSavingsServiceIn SvcInstall, CreateService failed (1073)
 failed with 1073

Error: (06/29/2014 07:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1712653882e30MSHTML.dll11.0.9600.1712653884c7dc0000005008bd79292001cf93fd15f4b404C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlla917e23f-fff1-11e3-8e7b-001ec940c235

Error: (06/29/2014 06:48:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/29/2014 06:17:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (06/29/2014 06:17:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 3069.97 MB
Available physical RAM: 2216.45 MB
Total Pagefile: 6138.23 MB
Available Pagefile: 5173.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:436.64 GB) NTFS
Drive e: () (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000166B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 963 MB) (Disk ID: 8EEF751A)
Partition 1: (Active) - (Size=962 MB) - (Type=06)

==================== End Of Log ============================



#4 luvallcomputers2

luvallcomputers2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 04 July 2014 - 09:56 AM

aswmbr text file

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-04 09:47:53
-----------------------------
09:47:53.618    OS Version: Windows 6.1.7601 Service Pack 1
09:47:53.618    Number of processors: 2 586 0xF0D
09:47:53.618    ComputerName: TOM-HOME  UserName: Tom
09:47:54.922    Initialize success
09:47:54.942    VM: initialized successfully
09:47:54.952    VM: Intel CPU virtualization not supported
09:48:42.304    AVAST engine download error: 0
09:52:53.779    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:52:53.779    Disk 0 Vendor: ST3500630NS 3.AEG Size: 476940MB BusType: 11
09:52:53.889    Disk 0 MBR read successfully
09:52:53.889    Disk 0 MBR scan
09:52:53.899    Disk 0 Windows 7 default MBR code
09:52:53.909    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:52:53.909    Disk 0 default boot code
09:52:53.919    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
09:52:53.929    Disk 0 scanning sectors +976771072
09:52:53.989    Disk 0 scanning C:\Windows\system32\drivers
09:52:58.851    Service scanning
09:53:03.870    Service MpKsl961ca9e2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78321D62-2452-4836-91D0-0730CAA7B459}\MpKsl961ca9e2.sys **LOCKED** 32
09:53:10.322    Modules scanning
09:53:18.406    Disk 0 trace - called modules:
09:53:18.416    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:53:18.426    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86193568]
09:53:18.436    3 CLASSPNP.SYS[8b85159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860bb030]
09:53:18.446    Scan finished successfully
09:54:21.965    Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
09:54:21.973    The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 07 July 2014 - 01:58 AM

catchme is an antistealth driver for combofix (which you ran some days ago).

Due to the fact you aren´t trained in working with combofix, this remaining hasn´t been removed afterwards.

 

Let´s take care of the adware first...

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 15 July 2014 - 07:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users