Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Host.dll and slow pc


  • This topic is locked This topic is locked
19 replies to this topic

#1 DemonAzrael

DemonAzrael

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 03:51 AM

Recently I was watching a video online and mid video it stopped working, my pc started to load programs sluggishly and any games that I play. I did a few restarts thinkin my memory needed to be reset but it still acted sluggish even on the first file open after restart. After looking around on a few forums I took a look at processes, and at that time had 119 instances of dll host.exe, in safe Mode it gets high but at a slower rate. Atm sitting around 50 in safe mode.

Windows vista 32 bit. Sp 2


Edited by DemonAzrael, 13 September 2014 - 03:49 AM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 05:12 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 05:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Demon (administrator) on DEMON-PC on 12-09-2014 05:51:23
Running from C:\Users\Demon.Demon-PC\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe
(Hewlett Packard) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
() C:\Program Files\Google\Update\Install\{43CC5743-F3BB-47D9-9F92-678666F624F7}\37.0.2062.120_37.0.2062.103_chrome_updater.exe
(Google Inc.) C:\WINDOWS\Temp\CR_BE661.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-06] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-646873442-130893283-3861034060-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
ShortcutTarget: HP Connections.lnk -> C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
SearchScopes: HKLM - {0A3F6FA8-5C30-DEAA-EFA6-7B3017E656F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM - {BF69493C-DA1F-43A8-8651-EEA45F4A0A0D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A6285EBD-7EF5-43D3-B9E2-5413212A98E0}&mid=3ed27200d81d47d6b6a6d153d4514087-20050300ac261db7e1952efb9e5eb0d6bf0ba52a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-09-22 19:43:11&v=18.1.9.799&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F5CDFB1D-7953-46BA-809D-B65ED0D8BC70} URL = 
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
BHO: RapidFinda -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Demon\AppData\Local\RapidFinda\temp.dat No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Demon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-19]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: No Name - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-05]
FF HKLM\...\Firefox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Demon\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha960.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff [2013-12-21]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff
FF Extension: No Name - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff [2014-01-09]
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha228.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff
FF Extension: No Name - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff [2014-01-29]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha1997.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff
FF Extension: No Name - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff [2014-02-23]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1964.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff [2014-02-27]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha6556.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ff
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ff [2014-03-16]
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home534.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff [2014-03-22]
FF Extension: No Name - C:\Program Files\BetterSurf\BetterSurfPlus\ff [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> 4B69451992A68E8AF9A9ECC2D20EC4216ED42FE3DCB304A79B48601704D5215F
CHR DefaultSearchURL: Default -> 4422C30E4D0CE33210916563F58F21683B2024FF02E5D97A7C2C0B253CFC160C
CHR CustomProfile: C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (AVG Security Toolbar) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM\...\Chrome\Extension: [bfijnobmpcjikgoglknbjdimlokhndek] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ch\MediaViewV1alpha6556.crx []
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Demon\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx []
CHR HKLM\...\Chrome\Extension: [ekohblnljjaojjphijacnagejiehpjpc] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ch\MediaWatchV1home534.crx []
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx []
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Demon\AppData\Roaming\iPumper\extension_chrome.crx []
CHR HKLM\...\Chrome\Extension: [kmghgnlealnjklkeephhgafbomlceaed] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ch\WebexpEnhancedV1alpha960.crx []
CHR HKLM\...\Chrome\Extension: [ljnffnpelmplgmafkilcnafkndcblnbd] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ch\MediaViewV1alpha1964.crx []
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Demon\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx []
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [oagdbkcmdiahaacmjnninmlchabeafdh] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ch\MediaViewerV1alpha1997.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Demon\AppData\Local\mysearchdial.crx [2014-04-27]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-27] (BitRaider, LLC)
R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] () [File not signed]
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-03-14] (Symantec Corporation)
R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-06] (AVG Secure Search)
S2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470048 2006-01-13] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2010-10-11] () [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-06] (AVG Technologies)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-07-28] (BitRaider)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-15] (Avanquest Software) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391168 2009-03-19] (Hauppauge Computer Works, Inc)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-10-19] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2010-10-11] () [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-09-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2014-09-12] ()
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-03-14] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [185744 2006-10-24] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 05:45 - 2014-09-12 05:52 - 00027931 _____ () C:\Users\Demon.Demon-PC\Desktop\FRST.txt
2014-09-12 05:44 - 2014-09-12 05:44 - 01097728 _____ (Farbar) C:\Users\Demon.Demon-PC\Desktop\FRST.exe
2014-09-12 05:23 - 2014-04-23 13:02 - 00000426 _____ () C:\AVScanner.ini
2014-09-12 03:09 - 2014-09-12 03:12 - 00000000 ___SD () C:\ComboFix
2014-09-12 03:07 - 2014-09-12 03:09 - 00000000 ____D () C:\Qoobox
2014-09-12 02:47 - 2014-09-12 05:51 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\Virus Progs
2014-09-12 02:43 - 2014-09-12 05:51 - 00000000 ____D () C:\FRST
2014-09-12 01:55 - 2014-09-12 01:55 - 00000680 _____ () C:\Users\Demon.Demon-PC\AppData\Local\d3d9caps.dat
2014-09-09 07:30 - 2014-09-09 07:32 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-09-09 06:56 - 2014-09-09 06:57 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\DXP3ER
2014-09-09 01:09 - 2014-09-09 06:37 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\DAEMON Tools Lite
2014-09-09 01:08 - 2014-09-09 06:37 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-09 01:06 - 2014-09-09 01:06 - 13429504 _____ (Disc Soft Ltd) C:\Users\Demon.Demon-PC\Downloads\DTLite4491-0356.exe
2014-09-06 00:38 - 2014-09-06 00:38 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SlimWare Utilities Inc
2014-09-05 03:58 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-05 03:58 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-05 03:58 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-05 03:58 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-05 03:50 - 2014-08-22 20:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-05 03:50 - 2014-08-22 18:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 22:41 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-04 22:41 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-04 22:41 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-04 22:41 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-04 22:41 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-04 22:41 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-04 22:41 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-04 22:41 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-04 22:41 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-04 22:41 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-04 22:41 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-04 22:41 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-04 22:41 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-04 22:41 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-04 22:41 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-04 22:41 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-04 22:41 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-04 22:41 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-04 22:41 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-04 22:40 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-04 22:14 - 2014-09-04 22:14 - 00000484 _____ () C:\Users\Demon.Demon-PC\Desktop\WoTLauncher.lnk
2014-09-04 21:35 - 2014-09-06 00:38 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-31 18:51 - 2014-08-31 18:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 18:50 - 2014-09-04 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 18:10 - 2014-08-31 18:10 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Malwarebytes
2014-08-27 16:14 - 2014-07-31 19:55 - 00000926 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm.xc.sample
2014-08-27 13:49 - 2014-08-27 13:49 - 07964285 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm-5.3.3.zip
2014-08-15 15:11 - 2014-08-15 15:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Wargaming.net
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 07:31 - 2014-04-26 13:09 - 00000000 ____D () C:\Users\Demon.Demon-PC
2014-09-12 07:31 - 2010-09-18 21:02 - 00000000 ____D () C:\Users\Demon
2014-09-12 07:31 - 2007-03-14 05:45 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-09-12 07:31 - 2006-11-02 05:22 - 58195968 _____ () C:\Windows\system32\config\software_previous
2014-09-12 07:20 - 2014-04-26 13:12 - 00000000 ____D () C:\Users\Demon.Demon-PC\Documents\Dungeons and Dragons Online
2014-09-12 07:20 - 2012-06-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-12 07:20 - 2011-09-27 18:07 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-09-12 07:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-12 07:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-12 07:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-09-12 07:19 - 2006-11-02 05:22 - 25427968 _____ () C:\Windows\system32\config\system_previous
2014-09-12 05:52 - 2014-09-12 05:45 - 00027931 _____ () C:\Users\Demon.Demon-PC\Desktop\FRST.txt
2014-09-12 05:51 - 2014-09-12 02:47 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\Virus Progs
2014-09-12 05:51 - 2014-09-12 02:43 - 00000000 ____D () C:\FRST
2014-09-12 05:45 - 2014-02-12 14:10 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2826122a6c87.job
2014-09-12 05:44 - 2014-09-12 05:44 - 01097728 _____ (Farbar) C:\Users\Demon.Demon-PC\Desktop\FRST.exe
2014-09-12 05:39 - 2014-04-13 21:57 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-12 05:39 - 2013-07-09 01:04 - 00000000 ____D () C:\Program Files\Steam
2014-09-12 05:38 - 2010-09-18 22:50 - 02031625 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 05:36 - 2011-04-05 21:58 - 01068186 _____ () C:\Windows\system32\jupdate-1.6.0_24-b07.log
2014-09-12 05:33 - 2013-03-27 00:43 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-12 05:32 - 2007-03-14 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-12 05:25 - 2012-10-12 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 05:18 - 2011-04-18 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-09-12 05:18 - 2011-04-18 22:58 - 00000000 ____D () C:\Program Files\EA Games
2014-09-12 04:48 - 2010-11-01 17:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 04:41 - 2012-08-16 12:25 - 00000394 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-09-12 04:36 - 2014-04-26 13:09 - 00013024 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-09-12 04:35 - 2014-02-12 14:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf282611b81ae7.job
2014-09-12 04:35 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 04:34 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 04:34 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 03:42 - 2006-11-02 05:22 - 42729472 _____ () C:\Windows\system32\config\components_previous
2014-09-12 03:42 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-09-12 03:42 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-12 03:32 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-12 03:14 - 2007-03-14 06:10 - 00370622 _____ () C:\Windows\PFRO.log
2014-09-12 03:12 - 2014-09-12 03:09 - 00000000 ___SD () C:\ComboFix
2014-09-12 03:09 - 2014-09-12 03:07 - 00000000 ____D () C:\Qoobox
2014-09-12 01:55 - 2014-09-12 01:55 - 00000680 _____ () C:\Users\Demon.Demon-PC\AppData\Local\d3d9caps.dat
2014-09-11 12:44 - 2010-11-08 02:10 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 16:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 05:08 - 2013-07-27 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 02:23 - 2012-10-12 14:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 02:23 - 2011-05-18 15:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 20:43 - 2006-11-02 05:33 - 00772826 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 08:26 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 07:32 - 2014-09-09 07:30 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-09-09 06:57 - 2014-09-09 06:56 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\DXP3ER
2014-09-09 06:37 - 2014-09-09 01:09 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\DAEMON Tools Lite
2014-09-09 06:37 - 2014-09-09 01:08 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-09 04:38 - 2014-06-17 01:52 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\WinZip
2014-09-09 01:06 - 2014-09-09 01:06 - 13429504 _____ (Disc Soft Ltd) C:\Users\Demon.Demon-PC\Downloads\DTLite4491-0356.exe
2014-09-06 00:43 - 2013-09-22 19:43 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-06 00:42 - 2012-09-03 18:16 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-09-06 00:38 - 2014-09-06 00:38 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-09-06 00:38 - 2014-09-04 21:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-09-05 13:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-05 13:46 - 2014-05-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 13:46 - 2013-09-22 19:43 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-04-26 13:09 - 00000258 __RSH () C:\Users\Demon.Demon-PC\ntuser.pol
2014-09-05 13:16 - 2006-11-02 07:47 - 00329816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 04:00 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-05 03:00 - 2012-06-05 15:26 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-05 00:32 - 2014-07-26 12:42 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\mbar
2014-09-05 00:32 - 2014-07-25 18:13 - 00000000 ____D () C:\ProgramData\Clickfree
2014-09-05 00:32 - 2014-07-16 10:13 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-09-05 00:32 - 2014-06-03 00:07 - 00000000 ____D () C:\Program Files\Origin Games
2014-09-05 00:32 - 2014-06-02 23:34 - 00000000 ____D () C:\Program Files\Origin
2014-09-05 00:32 - 2014-05-31 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2014-09-05 00:32 - 2014-05-31 00:54 - 00000000 ____D () C:\Westwood
2014-09-05 00:32 - 2014-05-30 23:03 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\command-and-conquer-gold
2014-09-05 00:32 - 2014-05-30 14:35 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Microsoft Games
2014-09-05 00:32 - 2014-05-29 00:52 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-05 00:32 - 2014-05-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-09-05 00:32 - 2014-05-16 22:06 - 00000000 ____D () C:\Program Files\OpenTTD
2014-09-05 00:32 - 2014-05-16 22:01 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\transport-tycoon-deluxe-for-windows
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\Program Files\iTunes
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 00:32 - 2014-04-28 00:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-05 00:32 - 2014-04-26 13:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Hewlett-Packard
2014-09-05 00:32 - 2014-04-26 13:09 - 00000000 ___RD () C:\Users\Demon.Demon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 00:32 - 2014-04-26 12:50 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 00:32 - 2014-04-26 12:50 - 00000000 ____D () C:\Users\TEMP
2014-09-05 00:32 - 2014-03-22 15:35 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-09-05 00:32 - 2014-02-27 21:34 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-09-05 00:32 - 2014-02-23 17:52 - 00000000 ____D () C:\Program Files\MediaViewerV1
2014-09-05 00:32 - 2014-02-06 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-09-05 00:32 - 2014-02-06 16:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-05 00:32 - 2014-01-29 21:35 - 00000000 ____D () C:\Program Files\MediaPlayerV1
2014-09-05 00:32 - 2014-01-09 21:34 - 00000000 ____D () C:\Program Files\VideoPlayerV3
2014-09-05 00:32 - 2013-12-21 14:29 - 00000000 ____D () C:\Program Files\WebexpEnhancedV1
2014-09-05 00:32 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\Yontoo
2014-09-05 00:32 - 2013-05-19 00:23 - 00000000 ____D () C:\Program Files\Yontoo
2014-09-05 00:32 - 2013-03-27 00:43 - 00000000 ____D () C:\Users\Demon\AppData\Local\SwvUpdater
2014-09-05 00:31 - 2014-06-02 23:34 - 00000000 ____D () C:\ProgramData\EA Core
2014-09-05 00:27 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\mysearchdial
2014-09-04 22:14 - 2014-09-04 22:14 - 00000484 _____ () C:\Users\Demon.Demon-PC\Desktop\WoTLauncher.lnk
2014-09-04 18:11 - 2014-08-31 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 21:39 - 2011-03-22 23:47 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-31 21:30 - 2012-09-07 22:27 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\Media Finder
2014-08-31 21:11 - 2014-04-26 13:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Avg2014
2014-08-31 18:51 - 2014-08-31 18:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 18:51 - 2014-02-06 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 18:10 - 2014-08-31 18:10 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Malwarebytes
2014-08-27 13:49 - 2014-08-27 13:49 - 07964285 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm-5.3.3.zip
2014-08-25 06:53 - 2010-09-19 11:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 20:03 - 2014-09-05 03:50 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:26 - 2014-09-05 03:50 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 15:11 - 2014-08-15 15:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Wargaming.net
2014-08-14 22:11 - 2012-07-29 01:47 - 00000000 ____D () C:\Windows\system32\directx
 
Files to move or delete:
====================
C:\ProgramData\bfl8zrr.bxx
C:\ProgramData\bfl8zrr.fvv
 
 
Some content of TEMP:
====================
C:\Users\Demon\AppData\Local\Temp\1628uninstall.exe
C:\Users\Demon\AppData\Local\Temp\38841uninstall.exe
C:\Users\Demon\AppData\Local\Temp\46987uninstall.exe
C:\Users\Demon\AppData\Local\Temp\down.15744.search_installer.exe
C:\Users\Demon\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\Demon\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Demon\AppData\Local\Temp\eauninstall.exe
C:\Users\Demon\AppData\Local\Temp\helper.exe
C:\Users\Demon\AppData\Local\Temp\htmlayout.dll
C:\Users\Demon\AppData\Local\Temp\ICReinstall_installer.exe
C:\Users\Demon\AppData\Local\Temp\IminentSetup.exe
C:\Users\Demon\AppData\Local\Temp\oi_{7456B1FC-36E9-4AF5-9DA1-3AB98D8C4972}.exe
C:\Users\Demon\AppData\Local\Temp\oi_{DC798624-A431-4143-8531-28B844C0FDFB}.exe
C:\Users\Demon\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Demon\AppData\Local\Temp\set-app.exe
C:\Users\Demon\AppData\Local\Temp\setapp.exe
C:\Users\Demon\AppData\Local\Temp\Setup-a.exe
C:\Users\Demon\AppData\Local\Temp\Setup2.exe
C:\Users\Demon\AppData\Local\Temp\Setup_Downloader_3.6.0_stable.exe
C:\Users\Demon\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Demon\AppData\Local\Temp\Sqlite3.dll
C:\Users\Demon\AppData\Local\Temp\sqlite3.exe
C:\Users\Demon\AppData\Local\Temp\tmp498B.exe
C:\Users\Demon\AppData\Local\Temp\tmp783B.tmp.exe
C:\Users\Demon\AppData\Local\Temp\tmpE1C8.tmp.exe
C:\Users\Demon\AppData\Local\Temp\TsuC090DB0C.dll
C:\Users\Demon\AppData\Local\Temp\Updater.exe
C:\Users\Demon.Demon-PC\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Demon.Demon-PC\AppData\Local\Temp\installerdll.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-12 04:41
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by Demon at 2014-09-12 05:53:04
Running from C:\Users\Demon.Demon-PC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AppCore (Version: 1 - Symantec Corporation) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AV (Version: 1 - Symantec Corporation) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Battle Isle Platinum (HKLM\...\GOGPACKBATTLEISLEPLATINUM_is1) (Version: 2.1.0.19 - GOG.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.3.2322.0 - Microsoft Corporation) Hidden
BitLord 1.1 (HKLM\...\BitLord) (Version: 1.1 - www.bitlord.com)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.6.9 - BitRaider, LLC)
BoneTown (HKLM\...\{5E7C721D-B008-4269-A1C4-2CE7E9757983}) (Version: 1.1.1 - DWC Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccCommon (Version: 106.1.1.4 - Symantec) Hidden
Chris Sawyer's Locomotion (HKLM\...\GOGPACKLOCOMOTION_is1) (Version: 2.0.0.8 - GOG.com)
Command & Conquer 3 (HKLM\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer Gold Edition Stand Alone v1.06c revision 3 (HKLM\...\{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1) (Version:  - Westwood Studios)
Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DriverUpdate (HKLM\...\{069A06F9-10B2-444A-8455-DC6131666772}) (Version: 2.2.22862 - SlimWare Utilities, Inc.)
Dungeon Keeper (HKLM\...\GOGPACKDUNGEONKEEPERDOS_is1) (Version: 2.0.0.2 - GOG.com)
Dungeon Keeper 2 (HKLM\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ (Preview) v01 (HKLM\...\579dbe90-e989-11dd-ba2f-0800200c9a66_is1) (Version: 01.10.00.8056 - Atari, Inc.)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.12.00.803 (HKLM\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 01.12.00.8032 - Atari, Inc.)
DUNGEONS (HKLM\...\{912193FD-A397-41F7-ABEA-D1AF442ABF89}) (Version: 1.3.0.2 - Realmforge Studios GmbH)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GOG.com Battle Isle 3 (HKLM\...\{05f77011-6b60-49cb-abce-452c951f2498}.sdb) (Version:  - )
GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Connections (remove only) (HKLM\...\HPOOVClient-6811507 Uninstaller) (Version:  - )
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.6.361.6 - Intel Corporation) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM\...\GOGPACKMASTEROFORION12_is1) (Version: 2.0.0.16 - GOG.com)
Master of Orion 3 (HKLM\...\GOGPACKMASTEROFORION3_is1) (Version: 2.0.0.8 - GOG.com)
Media Player (HKLM\...\MediaPlayerV1alpha228) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM\...\MediaViewV1alpha1964) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM\...\MediaViewV1alpha6556) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM\...\MediaViewerV1alpha1997) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM\...\MediaWatchV1home534) (Version: 1.1 - Media Watch) <==== ATTENTION
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 5.0 (HKLM\...\{77CA976C-403C-47E2-940B-733ECAB6F62B}) (Version: 5.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)
Norton AntiVirus (Version: 14.1.0.27 - Symantec Corporation) Hidden
Norton Confidential Browser Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}) (Version: 10.1.0.26 - Symantec Corporation)
Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 10.1.0.26 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.1.2.11 - Symantec Corporation) Hidden
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenTTD 1.2.1 (HKLM\...\OpenTTD) (Version: 1.2.1 - OpenTTD)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Populous - The Beginning (HKLM\...\Populous - The Beginning_is1) (Version:  - GOG.com)
Populous (HKLM\...\GOGPACKPOPULOUS_is1) (Version: 2.0.0.1 - GOG.com)
Populous 2 (HKLM\...\GOGPACKPOPULOUS2_is1) (Version: 2.0.0.1 - GOG.com)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.6 - ) <==== ATTENTION
SPBBC 32bit (Version: 3.1.1.4 - Symantec Corporation) Hidden
Star Conflict Launcher 1.0.1.21 (HKLM\...\StarConflictLauncher_is1) (Version:  - )
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Real Time Storage Protection Component (Version: 10.1.1.5 - Symantec Corporation) Hidden
SymNet (Version: 7.1.0.27 - Symantec Corporation) Hidden
Syndicate (HKLM\...\GOGPACKSYNDICATE_is1) (Version: 2.0.0.11 - GOG.com)
Syndicate Wars (HKLM\...\GOGPACKSYNDICATEWARS_is1) (Version: 2.0.0.20 - GOG.com)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.11.4 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Theme Hospital (HKLM\...\GOGPACKTHEMEHOSPITAL_is1) (Version: 2.0.0.5 - GOG.com)
UFO Extraterrestrials Gold (HKLM\...\{F7311566-7EA9-4213-A7F8-E0C237EFAD16}) (Version: 1.0.0 - Chaos Concept)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder Launcher 1.0.1.361 (HKLM\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Webexp Enhanced (HKLM\...\Webexp Enhanced) (Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
X-COM: Apocalypse (HKLM\...\Steam App 7660) (Version:  - MicroProse Software, Inc)
XCOM: Enemy Unknown Demo (HKLM\...\Steam App 216690) (Version:  - Firaxis Games)
X-COM: Enforcer (HKLM\...\Steam App 7770) (Version:  - MicroProse Software, Inc)
X-COM: Interceptor (HKLM\...\Steam App 7730) (Version:  - MicroProse Software, Inc)
X-COM: Terror from the Deep (HKLM\...\Steam App 7650) (Version:  - MicroProse Software, Inc)
X-COM: UFO Defense (HKLM\...\Steam App 7760) (Version:  - MicroProse Software, Inc)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yontoo 2.053 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.053 - Yontoo LLC) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-07-2014 05:51:10 Scheduled Checkpoint
26-07-2014 22:24:58 Malwarebytes Anti-Rootkit Restore Point
02-08-2014 20:55:16 Scheduled Checkpoint
13-08-2014 21:41:59 Scheduled Checkpoint
14-08-2014 08:30:32 Windows Update
16-08-2014 05:04:53 Restore Operation
18-08-2014 21:31:49 Scheduled Checkpoint
28-08-2014 09:02:04 Windows Update
30-08-2014 16:53:39 Scheduled Checkpoint
05-09-2014 08:45:04 Windows Update
09-09-2014 06:09:41 Device Driver Package Install: DT Soft Ltd System devices
10-09-2014 09:00:19 Windows Update
12-09-2014 03:52:15 Configured Command & Conquer Generals
12-09-2014 10:16:11 Configured Command and ConquerTM Generals Zero Hour
12-09-2014 10:17:10 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0488E201-1BEC-42E4-8056-2A04C0D2EA29} - System32\Tasks\AmiUpdXp => C:\Users\Demon\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {1B709EB4-D427-4C81-916F-E3FFA442CE6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {34108C71-DED1-406B-B384-F065167D579E} - System32\Tasks\DriverUpdate Startup => C:\Program Files\DriverUpdate\DriverUpdate.exe [2012-08-10] (SlimWare Utilities, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C58FE27-597E-4477-8EC1-5757172F30ED} - \Escolade No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {93468D26-8363-4C13-A314-0930759D4500} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9D58BA10-1F6C-49EC-8F13-7BB735EDEC4A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2826122a6c87 => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {B2A5BEC5-A993-4846-AF65-2F42BE5C142C} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {BD89538A-1A66-4A82-83EA-53E9AB8EF936} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {C8D4A719-770F-4C0A-A2B1-B6E0244EDC14} - System32\Tasks\GoogleUpdateTaskMachineCore1cf282611b81ae7 => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {CA1A3DB6-CD43-43EA-AB03-4C9934CA594B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DF0403B0-FDBB-4BB4-BDC9-0E98289FBD7D} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-09-19] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Demon\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf282611b81ae7.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2826122a6c87.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-03 12:32 - 2006-09-03 12:32 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2014-09-06 00:43 - 2014-09-06 00:42 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-09-06 00:43 - 2014-09-06 00:42 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-09-06 00:43 - 2014-09-06 00:42 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2013-12-08 19:51 - 2014-03-20 22:41 - 01603608 ____N () C:\Program Files\AVG Secure Search\TBAPI.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2007-03-14 05:59 - 2007-03-14 05:59 - 00061496 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll
2007-03-14 05:59 - 2007-03-14 05:59 - 00151589 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\BWfiles.dll
2007-03-14 05:59 - 2007-03-14 05:59 - 00098339 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\frext.dll
2007-03-14 05:59 - 2007-03-14 05:59 - 00135168 _____ () C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll
2014-09-12 04:54 - 2014-09-09 11:48 - 02391632 _____ () C:\Program Files\Google\Update\Install\{43CC5743-F3BB-47D9-9F92-678666F624F7}\37.0.2062.120_37.0.2062.103_chrome_updater.exe
2014-09-05 03:00 - 2014-08-29 21:49 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 03:00 - 2014-08-29 21:49 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 03:00 - 2014-08-29 21:49 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Demon\Downloads\pwg_remylacroix_480.mp4:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\S-1-5-21-646873442-130893283-3861034060-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Yontoo Desktop Updater => 2
MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Demon\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2014 05:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.75.0.1, time stamp 0x511f8eb2, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x000392f3,
process id 0x310, application start time 0xmbam.exe0.
 
Error: (09/12/2014 05:39:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.75.0.1, time stamp 0x511f8eb2, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x000392f3,
process id 0x92c, application start time 0xmbam.exe0.
 
Error: (09/12/2014 05:37:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module USER32.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000142, fault offset 0x00009f5d,
process id 0xd24, application start time 0xrundll32.exe0.
 
Error: (09/12/2014 05:37:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16563, time stamp 0x53d14764, faulting module USER32.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000142, fault offset 0x00009f5d,
process id 0x48c, application start time 0xiexplore.exe0.
 
Error: (09/12/2014 05:24:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 05:16:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 05:15:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c03d20a8-0a6a-46f8-affb-c5313d63ee70}
 
Error: (09/12/2014 05:15:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 04:35:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528
 
Error: (09/12/2014 04:35:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1760) Catalog Database: Error -1811 occurred while opening logfile C:\Windows\system32\CatRoot2\edb0018C.log.
 
 
System errors:
=============
Error: (09/12/2014 05:38:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.183.2261.0){4CF47F3A-9B5C-4340-B2B3-020385191A73}200
 
Error: (09/12/2014 05:07:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: FibUacService1
 
Error: (09/12/2014 04:42:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
 
Error: (09/12/2014 04:42:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection
 
Error: (09/12/2014 04:39:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
 
Error: (09/12/2014 04:38:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (09/12/2014 04:38:49 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (09/12/2014 04:38:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/12/2014 04:35:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/12/2014 03:35:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (09/12/2014 05:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.0.6002.1888151da3e27c0000005000392f331001cfce75ca66f89c
 
Error: (09/12/2014 05:39:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.0.6002.1888151da3e27c0000005000392f392c01cfce75b3e546a2
 
Error: (09/12/2014 05:37:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.0.6000.163864549b0e1USER32.dll6.0.6002.1888151da3e27c000014200009f5dd2401cfce75943a3956
 
Error: (09/12/2014 05:37:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1656353d14764USER32.dll6.0.6002.1888151da3e27c000014200009f5d48c01cfce7583aaf234
 
Error: (09/12/2014 05:24:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 05:16:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 05:15:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c03d20a8-0a6a-46f8-affb-c5313d63ee70}
 
Error: (09/12/2014 05:15:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {755531ea-3841-4775-9a1e-ba55ef2c0aef}
 
Error: (09/12/2014 04:35:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528
 
Error: (09/12/2014 04:35:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database1760Catalog Database: C:\Windows\system32\CatRoot2\edb0018C.log-1811
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-12 05:51:44.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:44.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:44.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:44.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:43.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:43.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:43.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:51:42.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:48:42.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-12 05:48:42.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 65%
Total physical RAM: 2045.76 MB
Available physical RAM: 705.35 MB
Total Pagefile: 4336.52 MB
Available Pagefile: 2737.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.45 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:290.89 GB) (Free:36.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.2 GB) (Free:0.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (NEW_VOLUME) (Fixed) (Total:298.09 GB) (Free:207.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=290.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: D4E26EBB)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 05:58 AM

I see that you've already run Combofix. Can you please post up its log file?

#5 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 06:00 AM

i did a system restart which fixed some of the issues but hostdll is still there, but when i did it removed frst and combo.

 

But combo fix did not work as i only had limited use in safe mode as it still killed my pc power, and safe mode wouldnt let me stop avg to let it run, thats why i retsarted and now i have most my processing speed but some remaining issues.


Edited by DemonAzrael, 12 September 2014 - 06:04 AM.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 06:14 AM

What are the remaining issues?


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 06:18 AM

Something stopped ie, rundll, and my malware bytes am. Hostdll is still there just not en masse and some other processes I'm not sure of eating my physical memory. I'm only decent with software and hardware. No where near manageable just bough for self maintenance. This is the first threat I've had since I bought this pc 7 years ago. I started the combo fix since I couldn't with the previous issue. Do you still want the log from that then for me to do the above steps. Sorry been a busy day.

#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 06:24 AM

Do you still want the log from that then for me to do the above steps

Yes, please post the Combofix log if you still have it and then do the above steps.

#9 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 07:33 AM

ComboFix 14-09-12.01 - Demon 09/12/2014   6:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2046.663 [GMT -5:00]
Running from: c:\users\Demon.Demon-PC\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\prefs.js
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha228\ff\chrome.manifest
c:\program files\MediaPlayerV1\MediaPlayerV1alpha228\ff\chrome\content\ffMediaPlayerV1alpha228.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha228\ff\chrome\content\ffMediaPlayerV1alpha228ffaction.js
c:\program files\MediaPlayerV1\MediaPlayerV1alpha228\uninstall.exe
c:\program files\MediaViewerV1
c:\program files\MediaViewerV1\MediaViewerV1alpha1997\ff\chrome.manifest
c:\program files\MediaViewerV1\MediaViewerV1alpha1997\ff\chrome\content\ffMediaViewerV1alpha1997.js
c:\program files\MediaViewerV1\MediaViewerV1alpha1997\ff\chrome\content\ffMediaViewerV1alpha1997ffaction.js
c:\program files\MediaViewerV1\MediaViewerV1alpha1997\uninstall.exe
c:\program files\MediaViewV1
c:\program files\MediaViewV1\MediaViewV1alpha1964\ff\chrome.manifest
c:\program files\MediaViewV1\MediaViewV1alpha1964\ff\chrome\content\ffMediaViewV1alpha1964.js
c:\program files\MediaViewV1\MediaViewV1alpha1964\ff\chrome\content\ffMediaViewV1alpha1964ffaction.js
c:\program files\MediaViewV1\MediaViewV1alpha1964\uninstall.exe
c:\program files\MediaViewV1\MediaViewV1alpha6556\ff\chrome.manifest
c:\program files\MediaViewV1\MediaViewV1alpha6556\ff\chrome\content\ffMediaViewV1alpha6556.js
c:\program files\MediaViewV1\MediaViewV1alpha6556\ff\chrome\content\ffMediaViewV1alpha6556ffaction.js
c:\program files\MediaViewV1\MediaViewV1alpha6556\uninstall.exe
c:\program files\MediaWatchV1
c:\program files\MediaWatchV1\MediaWatchV1home534\ff\chrome.manifest
c:\program files\MediaWatchV1\MediaWatchV1home534\ff\chrome\content\ffMediaWatchV1home534.js
c:\program files\MediaWatchV1\MediaWatchV1home534\ff\chrome\content\ffMediaWatchV1home534ffaction.js
c:\program files\MediaWatchV1\MediaWatchV1home534\uninstall.exe
c:\program files\VideoPlayerV3
c:\program files\VideoPlayerV3\VideoPlayerV3beta63\ff\chrome.manifest
c:\program files\VideoPlayerV3\VideoPlayerV3beta63\ff\chrome\content\ffVideoPlayerV3beta63.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta63\ff\chrome\content\ffVideoPlayerV3beta63ffaction.js
c:\program files\VideoPlayerV3\VideoPlayerV3beta63\uninstall.exe
c:\program files\WebexpEnhancedV1
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff\chrome.manifest
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff\chrome\content\ffWebexpEnhancedV1alpha960.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff\chrome\content\ffWebexpEnhancedV1alpha960ffaction.js
c:\users\Demon.Demon-PC\AppData\Roaming\Microsoft\Windows\Recent\Only Hentai Games.url
c:\users\Demon\AppData\Roaming\Kiolli
c:\users\Demon\AppData\Roaming\Kiolli\pyyzc.zer
c:\windows\pi.exe
D:\resycled
d:\resycled\Desktop.ini
d:\resycled\Protect.ed
F:\resycled
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-12 to 2014-09-12  )))))))))))))))))))))))))))))))
.
.
2014-09-12 12:21 . 2014-09-12 12:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-12 12:21 . 2014-09-12 12:21 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-09-12 12:21 . 2014-09-12 12:21 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2014-09-12 12:21 . 2014-09-12 12:21 -------- d-----w- c:\users\Demon\AppData\Local\temp
2014-09-12 12:19 . 2014-09-12 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 11:07 . 2014-09-12 11:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{946E5DB3-C649-4B73-ACC8-115431BF5D68}\offreg.dll
2014-09-12 10:45 . 2014-08-21 16:24 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{946E5DB3-C649-4B73-ACC8-115431BF5D68}\mpengine.dll
2014-09-12 07:43 . 2014-09-12 10:54 -------- d-----w- C:\FRST
2014-09-09 06:09 . 2014-09-09 11:37 -------- d-----w- c:\users\Demon.Demon-PC\AppData\Roaming\DAEMON Tools Lite
2014-09-09 06:08 . 2014-09-09 11:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-09-06 05:38 . 2014-09-06 05:38 -------- d-----w- c:\program files\AVG Security Toolbar
2014-09-05 18:18 . 2014-09-05 18:18 -------- d-----w- c:\users\Default\AppData\Local\SlimWare Utilities Inc
2014-09-05 08:58 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-05 08:58 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-05 08:58 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-09-05 08:58 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-05 08:50 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-05 08:50 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-09-05 03:40 . 2014-07-08 00:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-05 02:35 . 2014-09-06 05:38 -------- d-----w- c:\programdata\Avg_Update_0814tb
2014-08-31 23:51 . 2014-08-31 23:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-31 23:50 . 2014-09-04 23:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-31 23:10 . 2014-08-31 23:10 -------- d-----w- c:\users\Demon.Demon-PC\AppData\Roaming\Malwarebytes
2014-08-15 20:11 . 2014-08-15 20:11 -------- d-----w- c:\users\Demon.Demon-PC\AppData\Roaming\Wargaming.net
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 10:39 . 2014-04-14 02:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-12 09:36 . 2014-04-26 18:09 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-09-10 07:23 . 2012-10-12 19:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-10 07:23 . 2011-05-18 20:38 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-06 05:42 . 2012-09-03 23:16 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-09-05 02:36 . 2009-08-18 16:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 11:53 . 2010-09-19 16:03 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-06 15:49 . 2014-08-06 15:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-26 20:01 . 2014-07-26 20:01 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-07-26 17:43 . 2014-07-26 17:43 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 02:03 . 2014-07-22 02:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-16 08:37 . 2014-07-16 08:37 138056 ----a-w- c:\users\Demon.Demon-PC\AppData\Roaming\PnkBstrK.sys
2014-07-16 08:37 . 2014-07-16 08:37 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-07-16 08:37 . 2012-05-26 08:37 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-06-30 17:43 . 2014-06-30 17:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 21:22 . 2014-06-17 21:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 21:21 . 2014-06-17 21:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 21:18 . 2014-06-17 21:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 21:17 . 2014-06-17 21:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 21:06 . 2014-06-17 21:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 21:06 . 2014-06-17 21:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-09-06 05:42 3627032 ----a-w- c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-09-06 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-09-06 2640408]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe -startup [2007-3-14 34520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 21:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WINDEFEND
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 07:48 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 07:23]
.
2014-09-12 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2012-08-10 14:08]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf282611b81ae7.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 20:16]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2826122a6c87.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-05 20:16]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=md0202ch&cd=2XzuyEtN2Y1L1QzutDtD0CtD0Azz0D0C0DyDzzyE0BzyyB0CtN0D0Tzu0CyBzzzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1406170895&ir=
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Yontoo Desktop - c:\users\Demon\AppData\Roaming\Yontoo\YontooDesktop.exe
AddRemove-15b35190-c6f9-11d9-9669-0800200c9a66_is1 - c:\program files\Turbine\DDO Unlimited\unins000.exe
AddRemove-579dbe90-e989-11dd-ba2f-0800200c9a66_is1 - c:\program files\Turbine\DDO Unlimited (Preview)\unins000.exe
AddRemove-MediaPlayerV1alpha228 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha228\uninstall.exe
AddRemove-MediaViewerV1alpha1997 - c:\program files\MediaViewerV1\MediaViewerV1alpha1997\uninstall.exe
AddRemove-MediaViewV1alpha1964 - c:\program files\MediaViewV1\MediaViewV1alpha1964\uninstall.exe
AddRemove-MediaViewV1alpha6556 - c:\program files\MediaViewV1\MediaViewV1alpha6556\uninstall.exe
AddRemove-MediaWatchV1home534 - c:\program files\MediaWatchV1\MediaWatchV1home534\uninstall.exe
AddRemove-Video Player - c:\program files\VideoPlayerV3\VideoPlayerV3beta63\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\uninstall.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files\EA Games\Battlefield Heroes\uninstaller.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\Demon\AppData\Local\SwvUpdater\Updater.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-646873442-130893283-3861034060-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1b,34,11,55,52,6e,6e,83,6f,99,01,fb,29,4a,ba,46,21,d9,ac,0f,df,18,a6,
   7b,12,f8,0a,fa,a0,c3,6b,29,cf,b5,90,3c,88,d8,73,72,e5,15,21,aa,74,f8,0b,ff,\
"??"=hex:8d,b3,e3,99,11,8f,58,64,77,4a,9d,6a,23,47,e1,31
.
[HKEY_USERS\S-1-5-21-646873442-130893283-3861034060-1001\Software\SecuROM\License information*]
"datasecu"=hex:23,5c,26,a6,58,70,77,f5,e7,b8,43,9e,f0,25,4e,41,f7,b6,96,19,aa,
   e6,43,f9,df,94,92,d4,bc,6a,42,f8,de,de,86,d0,35,13,ca,8d,59,0a,5b,e3,7d,9e,\
"rkeysecu"=hex:f0,73,c2,fb,d0,01,d1,e8,fc,e8,1b,49,5d,7d,76,2c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-09-12  07:30:22
ComboFix-quarantined-files.txt  2014-09-12 12:30
.
Pre-Run: 38,728,101,888 bytes free
Post-Run: 53,997,355,008 bytes free
.
- - End Of File - - 29F21857DC7AAD583EF96E554F849206
8913823FF508CCF109DB74B636C301DA


#10 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 07:55 AM

# AdwCleaner v3.309 - Report created 12/09/2014 at 07:37:58
# Updated 02/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Demon - DEMON-PC
# Running from : C:\Users\Demon.Demon-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\FreeCause
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : driverupdate startup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ntfdsaftsfdfdxx@mozilla.org]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16563
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v37.0.2062.103
 
*************************
 
AdwCleaner[R0].txt - [11768 octets] - [12/09/2014 07:36:50]
AdwCleaner[S0].txt - [11707 octets] - [12/09/2014 07:37:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11768 octets] ##########


#11 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 08:01 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Demon (administrator) on DEMON-PC on 12-09-2014 07:59:24
Running from C:\Users\Demon.Demon-PC\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett Packard) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKU\S-1-5-21-646873442-130893283-3861034060-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
ShortcutTarget: HP Connections.lnk -> C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0A3F6FA8-5C30-DEAA-EFA6-7B3017E656F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {BF69493C-DA1F-43A8-8651-EEA45F4A0A0D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {F5CDFB1D-7953-46BA-809D-B65ED0D8BC70} URL = 
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: No Name - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-05]
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha960.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha228.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha1997.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1964.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha6556.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home534.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff
FF Extension: No Name - C:\Program Files\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff [Not Found]
FF Extension: No Name - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> 4B69451992A68E8AF9A9ECC2D20EC4216ED42FE3DCB304A79B48601704D5215F
CHR DefaultSearchURL: Default -> 4422C30E4D0CE33210916563F58F21683B2024FF02E5D97A7C2C0B253CFC160C
CHR CustomProfile: C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\Demon.Demon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM\...\Chrome\Extension: [bfijnobmpcjikgoglknbjdimlokhndek] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ch\MediaViewV1alpha6556.crx []
CHR HKLM\...\Chrome\Extension: [ekohblnljjaojjphijacnagejiehpjpc] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ch\MediaWatchV1home534.crx []
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx []
CHR HKLM\...\Chrome\Extension: [kmghgnlealnjklkeephhgafbomlceaed] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ch\WebexpEnhancedV1alpha960.crx []
CHR HKLM\...\Chrome\Extension: [ljnffnpelmplgmafkilcnafkndcblnbd] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ch\MediaViewV1alpha1964.crx []
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx []
CHR HKLM\...\Chrome\Extension: [oagdbkcmdiahaacmjnninmlchabeafdh] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ch\MediaViewerV1alpha1997.crx []
CHR HKLM\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-10-31] (Symantec Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-27] (BitRaider, LLC)
R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S3 ISPwdSvc; c:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-26] (Symantec Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] () [File not signed]
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-03-14] (Symantec Corporation)
R2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation)
S2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470048 2006-01-13] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2010-10-11] () [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-06] (AVG Technologies)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-07-28] (BitRaider)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-15] (Avanquest Software) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387432 2006-11-05] (Symantec Corporation)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391168 2009-03-19] (Hauppauge Computer Works, Inc)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-10-19] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2010-10-11] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-09-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-03] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-03] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2014-09-12] ()
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-03-14] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\DEMON~1.DEM\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [185744 2006-10-24] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 07:59 - 2014-09-12 07:59 - 00023096 _____ () C:\Users\Demon.Demon-PC\Desktop\FRST.txt
2014-09-12 07:36 - 2014-09-12 07:38 - 00000000 ____D () C:\AdwCleaner
2014-09-12 07:34 - 2014-09-12 07:35 - 01370467 _____ () C:\Users\Demon.Demon-PC\Desktop\AdwCleaner.exe
2014-09-12 07:30 - 2014-09-12 07:30 - 00015814 _____ () C:\ComboFix.txt
2014-09-12 06:08 - 2014-09-12 07:30 - 00000000 ____D () C:\ComboFix
2014-09-12 06:08 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-12 06:08 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-12 06:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-12 06:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-12 06:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-12 06:08 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-12 06:08 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-12 06:08 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-12 06:06 - 2014-09-12 07:28 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 06:02 - 2014-09-12 06:03 - 05577449 ____R (Swearware) C:\Users\Demon.Demon-PC\Desktop\ComboFix.exe
2014-09-12 05:44 - 2014-09-12 05:44 - 01097728 _____ (Farbar) C:\Users\Demon.Demon-PC\Desktop\FRST.exe
2014-09-12 05:23 - 2014-04-23 13:02 - 00000426 _____ () C:\AVScanner.ini
2014-09-12 03:07 - 2014-09-12 07:30 - 00000000 ____D () C:\Qoobox
2014-09-12 02:47 - 2014-09-12 07:35 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\Virus Progs
2014-09-12 02:43 - 2014-09-12 07:59 - 00000000 ____D () C:\FRST
2014-09-12 01:55 - 2014-09-12 01:55 - 00000680 _____ () C:\Users\Demon.Demon-PC\AppData\Local\d3d9caps.dat
2014-09-09 07:30 - 2014-09-09 07:32 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-09-09 06:56 - 2014-09-09 06:57 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\DXP3ER
2014-09-09 01:09 - 2014-09-09 06:37 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\DAEMON Tools Lite
2014-09-09 01:08 - 2014-09-09 06:37 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-09 01:06 - 2014-09-09 01:06 - 13429504 _____ (Disc Soft Ltd) C:\Users\Demon.Demon-PC\Downloads\DTLite4491-0356.exe
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SlimWare Utilities Inc
2014-09-05 03:58 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-05 03:58 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-05 03:58 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-05 03:58 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-05 03:50 - 2014-08-22 20:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-05 03:50 - 2014-08-22 18:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 22:41 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-04 22:41 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-04 22:41 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-04 22:41 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-04 22:41 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-04 22:41 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-04 22:41 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-04 22:41 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-04 22:41 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-04 22:41 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-04 22:41 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-04 22:41 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-04 22:41 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-04 22:41 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-04 22:41 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-04 22:41 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-04 22:41 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-04 22:41 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-04 22:41 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-04 22:41 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-04 22:41 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-04 22:40 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-04 22:14 - 2014-09-04 22:14 - 00000484 _____ () C:\Users\Demon.Demon-PC\Desktop\WoTLauncher.lnk
2014-09-04 21:35 - 2014-09-06 00:38 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-31 18:51 - 2014-08-31 18:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 18:50 - 2014-09-04 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 18:10 - 2014-08-31 18:10 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Malwarebytes
2014-08-27 16:14 - 2014-07-31 19:55 - 00000926 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm.xc.sample
2014-08-27 13:49 - 2014-08-27 13:49 - 07964285 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm-5.3.3.zip
2014-08-15 15:11 - 2014-08-15 15:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Wargaming.net
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 08:00 - 2014-09-12 07:59 - 00023096 _____ () C:\Users\Demon.Demon-PC\Desktop\FRST.txt
2014-09-12 07:59 - 2014-09-12 02:43 - 00000000 ____D () C:\FRST
2014-09-12 07:50 - 2014-02-12 14:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf282611b81ae7.job
2014-09-12 07:50 - 2011-04-05 21:58 - 01083387 _____ () C:\Windows\system32\jupdate-1.6.0_24-b07.log
2014-09-12 07:50 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 07:50 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 07:50 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 07:49 - 2007-03-14 06:10 - 00374678 _____ () C:\Windows\PFRO.log
2014-09-12 07:41 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 07:40 - 2010-09-18 22:50 - 02047916 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 07:38 - 2014-09-12 07:36 - 00000000 ____D () C:\AdwCleaner
2014-09-12 07:35 - 2014-09-12 07:34 - 01370467 _____ () C:\Users\Demon.Demon-PC\Desktop\AdwCleaner.exe
2014-09-12 07:35 - 2014-09-12 02:47 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\Virus Progs
2014-09-12 07:31 - 2014-04-26 13:09 - 00000000 ____D () C:\Users\Demon.Demon-PC
2014-09-12 07:31 - 2010-09-18 21:02 - 00000000 ____D () C:\Users\Demon
2014-09-12 07:31 - 2007-03-14 05:45 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-09-12 07:31 - 2006-11-02 05:22 - 58195968 _____ () C:\Windows\system32\config\software_previous
2014-09-12 07:30 - 2014-09-12 07:30 - 00015814 _____ () C:\ComboFix.txt
2014-09-12 07:30 - 2014-09-12 06:08 - 00000000 ____D () C:\ComboFix
2014-09-12 07:30 - 2014-09-12 03:07 - 00000000 ____D () C:\Qoobox
2014-09-12 07:30 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-09-12 07:30 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-12 07:28 - 2014-09-12 06:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 07:24 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-09-12 07:22 - 2012-10-12 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 07:20 - 2014-04-26 13:12 - 00000000 ____D () C:\Users\Demon.Demon-PC\Documents\Dungeons and Dragons Online
2014-09-12 07:20 - 2012-06-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-12 07:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-12 07:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-12 07:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-09-12 07:19 - 2006-11-02 05:22 - 25427968 _____ () C:\Windows\system32\config\system_previous
2014-09-12 06:45 - 2014-02-12 14:10 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2826122a6c87.job
2014-09-12 06:03 - 2014-09-12 06:02 - 05577449 ____R (Swearware) C:\Users\Demon.Demon-PC\Desktop\ComboFix.exe
2014-09-12 05:44 - 2014-09-12 05:44 - 01097728 _____ (Farbar) C:\Users\Demon.Demon-PC\Desktop\FRST.exe
2014-09-12 05:39 - 2014-04-13 21:57 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-12 05:39 - 2013-07-09 01:04 - 00000000 ____D () C:\Program Files\Steam
2014-09-12 05:32 - 2007-03-14 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-12 05:18 - 2011-04-18 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-09-12 05:18 - 2011-04-18 22:58 - 00000000 ____D () C:\Program Files\EA Games
2014-09-12 04:48 - 2010-11-01 17:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 04:36 - 2014-04-26 13:09 - 00013024 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-09-12 03:42 - 2006-11-02 05:22 - 42729472 _____ () C:\Windows\system32\config\components_previous
2014-09-12 03:42 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-09-12 03:42 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-12 03:32 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-12 01:55 - 2014-09-12 01:55 - 00000680 _____ () C:\Users\Demon.Demon-PC\AppData\Local\d3d9caps.dat
2014-09-11 12:44 - 2010-11-08 02:10 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 16:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 05:08 - 2013-07-27 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 02:23 - 2012-10-12 14:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 02:23 - 2011-05-18 15:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 20:43 - 2006-11-02 05:33 - 00772826 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 07:32 - 2014-09-09 07:30 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-09-09 06:57 - 2014-09-09 06:56 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\DXP3ER
2014-09-09 06:37 - 2014-09-09 01:09 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\DAEMON Tools Lite
2014-09-09 06:37 - 2014-09-09 01:08 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-09 04:38 - 2014-06-17 01:52 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\WinZip
2014-09-09 01:06 - 2014-09-09 01:06 - 13429504 _____ (Disc Soft Ltd) C:\Users\Demon.Demon-PC\Downloads\DTLite4491-0356.exe
2014-09-06 00:42 - 2012-09-03 18:16 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-09-06 00:38 - 2014-09-04 21:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-09-05 13:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-05 13:46 - 2014-05-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-05 13:46 - 2013-09-22 19:43 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-09-05 13:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SlimWare Utilities Inc
2014-09-05 13:18 - 2014-04-26 13:09 - 00000258 __RSH () C:\Users\Demon.Demon-PC\ntuser.pol
2014-09-05 13:16 - 2006-11-02 07:47 - 00329816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 04:00 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-05 03:00 - 2012-06-05 15:26 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-05 00:32 - 2014-07-26 12:42 - 00000000 ____D () C:\Users\Demon.Demon-PC\Desktop\mbar
2014-09-05 00:32 - 2014-07-25 18:13 - 00000000 ____D () C:\ProgramData\Clickfree
2014-09-05 00:32 - 2014-07-16 10:13 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-09-05 00:32 - 2014-06-03 00:07 - 00000000 ____D () C:\Program Files\Origin Games
2014-09-05 00:32 - 2014-06-02 23:34 - 00000000 ____D () C:\Program Files\Origin
2014-09-05 00:32 - 2014-05-31 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2014-09-05 00:32 - 2014-05-31 00:54 - 00000000 ____D () C:\Westwood
2014-09-05 00:32 - 2014-05-30 23:03 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\command-and-conquer-gold
2014-09-05 00:32 - 2014-05-30 14:35 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Microsoft Games
2014-09-05 00:32 - 2014-05-29 00:52 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-05 00:32 - 2014-05-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-09-05 00:32 - 2014-05-16 22:06 - 00000000 ____D () C:\Program Files\OpenTTD
2014-09-05 00:32 - 2014-05-16 22:01 - 00000000 ____D () C:\Users\Demon.Demon-PC\Downloads\transport-tycoon-deluxe-for-windows
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\Program Files\iTunes
2014-09-05 00:32 - 2014-04-28 01:03 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 00:32 - 2014-04-28 00:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-05 00:32 - 2014-04-26 13:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Hewlett-Packard
2014-09-05 00:32 - 2014-04-26 13:09 - 00000000 ___RD () C:\Users\Demon.Demon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 00:32 - 2014-04-26 12:50 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 00:32 - 2014-04-26 12:50 - 00000000 ____D () C:\Users\TEMP
2014-09-05 00:32 - 2014-02-06 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-09-05 00:32 - 2014-02-06 16:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-05 00:32 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\Yontoo
2014-09-05 00:32 - 2013-03-27 00:43 - 00000000 ____D () C:\Users\Demon\AppData\Local\SwvUpdater
2014-09-05 00:31 - 2014-06-02 23:34 - 00000000 ____D () C:\ProgramData\EA Core
2014-09-05 00:27 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\mysearchdial
2014-09-04 22:14 - 2014-09-04 22:14 - 00000484 _____ () C:\Users\Demon.Demon-PC\Desktop\WoTLauncher.lnk
2014-09-04 18:11 - 2014-08-31 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 21:39 - 2011-03-22 23:47 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-31 21:30 - 2012-09-07 22:27 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\Media Finder
2014-08-31 21:11 - 2014-04-26 13:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Local\Avg2014
2014-08-31 18:51 - 2014-08-31 18:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 18:51 - 2014-02-06 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 18:10 - 2014-08-31 18:10 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Malwarebytes
2014-08-27 13:49 - 2014-08-27 13:49 - 07964285 _____ () C:\Users\Demon.Demon-PC\Downloads\xvm-5.3.3.zip
2014-08-25 06:53 - 2010-09-19 11:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 20:03 - 2014-09-05 03:50 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:26 - 2014-09-05 03:50 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 15:11 - 2014-08-15 15:11 - 00000000 ____D () C:\Users\Demon.Demon-PC\AppData\Roaming\Wargaming.net
2014-08-14 22:11 - 2012-07-29 01:47 - 00000000 ____D () C:\Windows\system32\directx
 
Files to move or delete:
====================
C:\ProgramData\bfl8zrr.bxx
C:\ProgramData\bfl8zrr.fvv
 
 
Some content of TEMP:
====================
C:\Users\Demon.Demon-PC\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-12 07:58
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 08:57 AM

What problems remain after this?


Step 1

Please download this attached Attached File  fixlist.txt   3.91KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#13 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 01:32 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by Demon at 2014-09-12 09:24:40 Run:1
Running from C:\Users\Demon.Demon-PC\Desktop\FRST
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {BF69493C-DA1F-43A8-8651-EEA45F4A0A0D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {F5CDFB1D-7953-46BA-809D-B65ED0D8BC70} URL = 
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha960.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha228.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha1997.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1964.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha6556.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home534.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff
FF Extension: No Name - C:\Program Files\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff [Not Found]
FF Extension: No Name - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff [Not Found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff [Not Found]
CHR HKLM\...\Chrome\Extension: [bfijnobmpcjikgoglknbjdimlokhndek] - C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ch\MediaViewV1alpha6556.crx []
CHR HKLM\...\Chrome\Extension: [ekohblnljjaojjphijacnagejiehpjpc] - C:\Program Files\MediaWatchV1\MediaWatchV1home534\ch\MediaWatchV1home534.crx []
CHR HKLM\...\Chrome\Extension: [kmghgnlealnjklkeephhgafbomlceaed] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ch\WebexpEnhancedV1alpha960.crx []
CHR HKLM\...\Chrome\Extension: [ljnffnpelmplgmafkilcnafkndcblnbd] - C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ch\MediaViewV1alpha1964.crx []
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx []
CHR HKLM\...\Chrome\Extension: [oagdbkcmdiahaacmjnninmlchabeafdh] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ch\MediaViewerV1alpha1997.crx []
CHR HKLM\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx []
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
2014-09-05 00:32 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\Yontoo
2014-09-05 00:32 - 2013-03-27 00:43 - 00000000 ____D () C:\Users\Demon\AppData\Local\SwvUpdater
C:\ProgramData\bfl8zrr.bxx
C:\ProgramData\bfl8zrr.fvv
2014-09-05 00:27 - 2013-05-19 00:23 - 00000000 ____D () C:\Users\Demon\AppData\Roaming\mysearchdial
Task: {0488E201-1BEC-42E4-8056-2A04C0D2EA29} - System32\Tasks\AmiUpdXp => C:\Users\Demon\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C58FE27-597E-4477-8EC1-5757172F30ED} - \Escolade No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Demon\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
EmptyTemp:
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF69493C-DA1F-43A8-8651-EEA45F4A0A0D}" => Key deleted successfully.
"HKCR\CLSID\{BF69493C-DA1F-43A8-8651-EEA45F4A0A0D}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5CDFB1D-7953-46BA-809D-B65ED0D8BC70}" => Key deleted successfully.
"HKCR\CLSID\{F5CDFB1D-7953-46BA-809D-B65ED0D8BC70}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5CDFB1D-7953-46BA-809D-B65ED0D8BC70}" => Key deleted successfully.
"HKCR\CLSID\{F5CDFB1D-7953-46BA-809D-B65ED0D8BC70}" => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha960.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta63.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha228.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha1997.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha1964.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha6556.net => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaWatchV1home534.net => value deleted successfully.
C:\Program Files\BetterSurf\BetterSurfPlus\ff => not found.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ff => not found.
C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ff => not found.
C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha228\ff => not found.
C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ff => not found.
C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ff => not found.
C:\Program Files\MediaWatchV1\MediaWatchV1home534\ff => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bfijnobmpcjikgoglknbjdimlokhndek" => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha6556\ch\MediaViewV1alpha6556.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ekohblnljjaojjphijacnagejiehpjpc" => Key deleted successfully.
"C:\Program Files\MediaWatchV1\MediaWatchV1home534\ch\MediaWatchV1home534.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kmghgnlealnjklkeephhgafbomlceaed" => Key deleted successfully.
"C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha960\ch\WebexpEnhancedV1alpha960.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ljnffnpelmplgmafkilcnafkndcblnbd" => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1964\ch\MediaViewV1alpha1964.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl" => Key deleted successfully.
"C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oagdbkcmdiahaacmjnninmlchabeafdh" => Key deleted successfully.
"C:\Program Files\MediaViewerV1\MediaViewerV1alpha1997\ch\MediaViewerV1alpha1997.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pfekkhdmhmddhjhfmkmfhojbjlihbopc" => Key deleted successfully.
"C:\Program Files\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx" => File/Directory not found.
vToolbarUpdater18.1.9 => Service deleted successfully.
C:\Users\Demon\AppData\Roaming\Yontoo => Moved successfully.
C:\Users\Demon\AppData\Local\SwvUpdater => Moved successfully.
C:\ProgramData\bfl8zrr.bxx => Moved successfully.
C:\ProgramData\bfl8zrr.fvv => Moved successfully.
C:\Users\Demon\AppData\Roaming\mysearchdial => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0488E201-1BEC-42E4-8056-2A04C0D2EA29}" => Key not found.
C:\Windows\System32\Tasks\AmiUpdXp not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C58FE27-597E-4477-8EC1-5757172F30ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C58FE27-597E-4477-8EC1-5757172F30ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade" => Key deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job not found.
EmptyTemp: => Removed 7.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
ESETSmartInstaller@High as downloader log:
all ok
 
Everything seems to be running smooth and have not seen a dllhost process.


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 12 September 2014 - 05:34 PM

The ESET log looks like you haven't run the scan with administrator privileges. Can you please re-run the scan? At the end of the scan choose the option to export the found threats to a textfile and post this.

#15 DemonAzrael

DemonAzrael
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 12 September 2014 - 10:49 PM

Just got home from work. Will restart scan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users