Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stored history keeps getting reset to 0 days, and lots of Dllhost.exe.


  • This topic is locked This topic is locked
71 replies to this topic

#1 Sam Gunn

Sam Gunn

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 07 October 2014 - 09:46 PM

My computer gets slow, and when I bring up the task manager, it shows 30, to 40 Dllhost.exe. I ran AVG, and it found no viruses. But it has lately found something without doing a scan. This happens when I leave the room, and come back later, and see that there are 30, or more Dllhostexe are displayed on the task manager.

 

 I right clicked on the Dllhost.exe, and then click end process tree. That does fix it, but it resets the browser history to 0 days. Then it happens again. It does this over, and over. Each time I have to right click on the process, and then click end process tree. The computer is a Dell desktop. It is an Inspiron 530, and it is a windows Vista.  There are times when Dllhot.exe does not show up. This is about a couple of hours, or so.

 

 

I tried attaching the DDS file, but it said it was too big.

 

=============================================

C:\Program Files\Singularity\SingularityViewer.exe
C:\Program Files\Singularity\SLPlugin.exe
C:\Program Files\Singularity\SLVoice.exe
C:\Program Files\Singularity\SLPlugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2CC71E7E-A8FA-4DCB-B574-F76DCE10C18D} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\71jcdj15.default\
FF - prefs.js: browser.startup.homepage - hxxp://tc3.travian.com/
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-8-25 289328]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2014-5-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-10-03 00:45:00 0 ----a-w- c:\windows\system32\hcbbnl.dll
2014-09-27 13:26:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-19 02:23:23 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-19 02:23:23 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-19 02:23:23 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-09-19 02:23:19 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-19 02:16:01 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-19 02:16:01 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-09-19 01:59:29 82432 ----a-w- c:\windows\system32\consent.exe
2014-09-19 01:59:29 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-09-19 01:59:29 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-09-19 01:59:29 2263552 ----a-w- c:\windows\system32\msi.dll
2014-09-19 01:59:29 1993728 ----a-w- c:\windows\system32\authui.dll
2014-09-19 01:58:43 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-09-19 01:58:42 37376 ----a-w- c:\windows\system32\cdd.dll
.
==================== Find3M  ====================
.
2014-09-24 11:35:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 11:35:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-01 00:43:24 0 ----a-w- c:\windows\system32\ekyhohq.dll
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 01:03:22 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 22:30:09.75 ===============
 



BC AdBot (Login to Remove)

 


#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 10 October 2014 - 06:02 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 10 October 2014 - 05:04 PM

I couldn't download it with IE. So I copy, and pasted it to Google chrome. I couldn't save it to the desktop. But I was able to run it. Here is Frst.

=================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01
Ran by robert (administrator) on ROBERT-PC on 10-10-2014 17:54:27
Running from C:\Users\robert\Downloads
Loaded Profile: robert (Available profiles: robert)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
( ) C:\Windows\System32\dlbkcoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Siana Gearz) C:\Program Files\Singularity\SingularityViewer.exe
() C:\Program Files\Singularity\SLPlugin.exe
() C:\Program Files\Singularity\SLPlugin.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [202544 2008-03-11] (SupportSoft, Inc.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\MountPoints2: {7d8e3071-3977-11dd-b559-806e6f6e6963} - E:\arun.exe
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-06-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\71jcdj15.default
FF Homepage: hxxp://tc3.travian.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://tc3.travian.com/
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (Gmail) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [537840 2007-06-25] ( )
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 17:54 - 2014-10-10 17:55 - 00014251 _____ () C:\Users\robert\Downloads\FRST.txt
2014-10-10 17:53 - 2014-10-10 17:54 - 00000000 ____D () C:\FRST
2014-10-10 17:52 - 2014-10-10 17:52 - 01101312 _____ (Farbar) C:\Users\robert\Downloads\FRST.exe
2014-10-08 10:13 - 2014-10-08 10:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ___RD () C:\Program Files\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-07 22:32 - 2014-10-07 22:32 - 00012043 _____ () C:\Users\robert\Desktop\DDS1.txt
2014-10-07 22:32 - 2014-10-07 22:32 - 00003710 _____ () C:\Users\robert\Desktop\Attach1.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00012043 _____ () C:\Users\robert\Desktop\dds.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00003710 _____ () C:\Users\robert\Desktop\attach.txt
2014-10-07 22:28 - 2014-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\robert\Downloads\dds (2).com
2014-10-07 22:27 - 2014-10-07 22:27 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds (1).com
2014-10-07 22:26 - 2014-10-07 22:26 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds.com
2014-10-02 20:45 - 2014-10-02 20:45 - 00000000 _____ () C:\Windows\system32\hcbbnl.dll
2014-09-27 09:26 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 19:02 - 2014-09-24 19:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:23 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 22:23 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 22:23 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 22:23 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 22:21 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 22:21 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 22:21 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 22:21 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 22:21 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-18 22:21 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-18 22:16 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 22:16 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 21:59 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 21:59 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 21:59 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 21:58 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 21:58 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 17:48 - 2014-04-13 18:33 - 00000000 ____D () C:\Users\robert\AppData\Roaming\Skype
2014-10-10 17:36 - 2008-06-13 14:38 - 01649208 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 17:35 - 2014-04-15 21:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 17:33 - 2014-04-13 16:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 17:33 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 17:33 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 17:32 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 11:42 - 2006-11-02 09:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 11:38 - 2014-04-13 17:28 - 00000000 ____D () C:\Users\robert\AppData\Local\SingularityViewer
2014-10-10 11:07 - 2014-04-13 16:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 08:18 - 2014-04-13 18:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-08 17:31 - 2014-04-13 18:33 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-08 06:43 - 2014-04-13 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-10-04 00:09 - 2014-05-03 16:59 - 00000680 _____ () C:\Users\robert\AppData\Local\d3d9caps.dat
2014-09-27 17:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-25 17:32 - 2014-07-04 09:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 18:18 - 2014-04-13 16:36 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 07:35 - 2014-04-15 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 07:35 - 2014-04-15 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 18:20 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-19 09:01 - 2006-11-02 06:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 08:53 - 2006-11-02 08:47 - 00282080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:52 - 2014-05-01 22:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-18 22:15 - 2014-04-13 20:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 22:09 - 2014-05-01 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-18 11:49 - 2014-08-27 21:32 - 00000000 ____D () C:\Users\robert\AppData\Local\https_search.yahoo.com_0
2014-09-18 11:49 - 2014-05-10 09:55 - 00005120 _____ () C:\Users\robert\AppData\Local\Databases.db
2014-09-11 21:49 - 2008-01-20 22:47 - 00069886 _____ () C:\Windows\PFRO.log
2014-09-11 21:38 - 2008-06-13 18:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-11 21:37 - 2014-04-13 17:41 - 00000000 ____D () C:\Users\robert\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\robert\AppData\Local\Temp\0310541397605298mcinst.exe
C:\Users\robert\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\robert\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\robert\AppData\Local\Temp\_WUTL95.DLL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-10 17:38

==================== End Of Log ============================

 

Here is Addition.

===========

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01
Ran by robert at 2014-10-10 17:55:37
Running from C:\Users\robert\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Master of Orion II (HKLM\...\Orion2DeinstKey) (Version:  - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Populous: The Beginning (Demo) (HKLM\...\Populous: The Beginning (Demo)) (Version:  - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SimCity 3000 (HKLM\...\SimCity 3000) (Version:  - )
Singularity (remove only) (HKLM\...\Singularity) (Version:  - )
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

24-04-2014 02:24:08 Windows Update
24-04-2014 10:41:57 Windows Update
24-04-2014 15:14:36 Windows Update
24-04-2014 21:49:12 Windows Update
25-04-2014 04:56:30 Windows Update
25-04-2014 14:01:27 Windows Update
25-04-2014 23:54:09 Windows Update
26-04-2014 13:14:06 Windows Update
06-05-2014 11:15:19 Windows Update
08-05-2014 02:13:15 Windows Update
13-05-2014 11:08:52 Windows Update
14-05-2014 10:44:18 Windows Update
19-05-2014 12:48:39 Windows Update
19-05-2014 21:32:52 Windows Modules Installer
20-05-2014 13:06:03 Windows Update
21-05-2014 11:34:26 Windows Update
22-05-2014 11:38:07 Windows Update
23-05-2014 13:44:50 Windows Update
11-06-2014 16:08:42 Windows Update
28-06-2014 03:44:28 Scheduled Checkpoint
09-07-2014 21:42:53 Windows Update
19-07-2014 13:29:08 Removed AVG 2014
19-07-2014 13:33:03 Removed AVG 2014
19-07-2014 13:47:52 Windows Update
19-07-2014 15:26:11 Installed AVG 2014
19-07-2014 15:28:02 Installed AVG 2014
03-08-2014 03:46:12 Scheduled Checkpoint
09-08-2014 21:45:21 Restore Operation
11-08-2014 20:35:16 Restore Operation
11-08-2014 21:10:03 Restore Operation
12-09-2014 01:12:48 Removed Adobe Reader 8.1.0
12-09-2014 01:19:38 Removed Adobe Reader 8.1.0
12-09-2014 14:30:02 Scheduled Checkpoint
19-09-2014 01:59:49 Windows Update
27-09-2014 13:25:58 Windows Update
05-10-2014 14:57:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26CCB90C-20E1-480D-B4BC-E10144E60D23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {793B4E10-CAC1-44CF-8F58-D20BCC717A38} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7BDA3442-C9CB-4524-ABD1-13602A6D4904} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {9B33DFCC-B0C7-4949-8296-D952360A5128} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {A610CD6E-50CA-4332-913F-61AF63F873EA} - System32\Tasks\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1} => C:\Windows\system32\fmpal.dll/s "C:\Windows\system32\fmpal.dll"
Task: {B97E70F5-224D-46A1-BA57-0E2CFC75B62B} - System32\Tasks\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3} => C:\Windows\system32\ooejcbq.dll/s "C:\Windows\system32\ooejcbq.dll"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-13 21:50 - 2007-02-28 08:49 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbkpp5c.dll
2005-09-13 21:27 - 2005-09-13 21:27 - 00061440 _____ () C:\Windows\system32\dlbkcnv4.dll
2014-09-24 19:02 - 2014-09-24 19:02 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00180224 _____ () C:\Program Files\Singularity\libtcmalloc_minimal.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 02539008 _____ () C:\Program Files\Singularity\libcollada14dom22.dll
2014-01-28 19:16 - 2014-01-28 19:16 - 02169856 _____ () C:\Program Files\Singularity\llcommon.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00181760 _____ () C:\Program Files\Singularity\glod.dll
2014-01-28 19:16 - 2014-01-28 19:16 - 00078336 _____ () C:\Program Files\Singularity\WINMM.dll
2014-01-28 19:16 - 2014-01-28 19:16 - 00183296 _____ () C:\Program Files\Singularity\SLPlugin.exe
2014-01-28 19:16 - 2014-01-28 19:16 - 00220672 _____ () C:\Program Files\Singularity\llplugin\media_plugin_webkit.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 11009536 _____ () C:\Program Files\Singularity\llplugin\QtWebKit4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 08281600 _____ () C:\Program Files\Singularity\llplugin\QtGui4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 02294784 _____ () C:\Program Files\Singularity\llplugin\QtCore4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00923648 _____ () C:\Program Files\Singularity\llplugin\QtNetwork4.dll
2012-02-28 10:57 - 2012-02-28 10:57 - 00140800 _____ () C:\Program Files\Singularity\llplugin\codecs\qcncodecs4.dll
2012-02-28 10:57 - 2012-02-28 10:57 - 00167424 _____ () C:\Program Files\Singularity\llplugin\codecs\qjpcodecs4.dll
2012-02-28 10:57 - 2012-02-28 10:57 - 00077312 _____ () C:\Program Files\Singularity\llplugin\codecs\qkrcodecs4.dll
2012-02-28 10:57 - 2012-02-28 10:57 - 00155136 _____ () C:\Program Files\Singularity\llplugin\codecs\qtwcodecs4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00026112 _____ () C:\Program Files\Singularity\llplugin\imageformats\qgif4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00028160 _____ () C:\Program Files\Singularity\llplugin\imageformats\qico4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00199680 _____ () C:\Program Files\Singularity\llplugin\imageformats\qjpeg4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00222208 _____ () C:\Program Files\Singularity\llplugin\imageformats\qmng4.dll
2014-01-28 19:03 - 2014-01-28 19:03 - 00288256 _____ () C:\Program Files\Singularity\llplugin\imageformats\qtiff4.dll
2014-09-24 18:17 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:17 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:17 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3817440497-2850051469-1489802974-500 - Administrator - Disabled)
Guest (S-1-5-21-3817440497-2850051469-1489802974-501 - Limited - Disabled)
robert (S-1-5-21-3817440497-2850051469-1489802974-1000 - Administrator - Enabled) => C:\Users\robert

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 05:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 06:38:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp 0x49e01c05, faulting module DLBKGF.DLL_unloaded, version 0.0.0.0, time stamp 0x3dfc9f12, exception code 0xc0000005, fault offset 0x5f4925f4,
process id 0x730, application start time 0xwmiprvse.exe0.

Error: (10/10/2014 06:37:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 11:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001001e2,
process id 0x12688, application start time 0xdllhost.exe0.

Error: (10/09/2014 05:40:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x002601e2,
process id 0x6acc, application start time 0xdllhost.exe0.

Error: (10/09/2014 06:38:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 07:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1494
Start Time: 01cfe34df5ead606
Termination Time: 134

Error: (10/08/2014 05:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000901e2,
process id 0x12c4, application start time 0xdllhost.exe0.

System errors:
=============
Error: (10/10/2014 05:34:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/10/2014 06:38:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 05:41:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 06:39:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/08/2014 11:01:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (10/08/2014 06:07:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Google Update Service (gupdate)1

Error: (10/08/2014 05:18:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/08/2014 11:58:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (10/08/2014 06:41:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/07/2014 10:58:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Microsoft Office Sessions:
=========================
Error: (10/10/2014 05:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 06:38:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmiprvse.exe6.0.6002.1800549e01c05DLBKGF.DLL_unloaded0.0.0.03dfc9f12c00000055f4925f473001cfe476181b1467

Error: (10/10/2014 06:37:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 11:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.0.6000.163864549b14eunknown0.0.0.000000000c0000005001001e21268801cfe438374c64dd

Error: (10/09/2014 05:40:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.0.6000.163864549b14eunknown0.0.0.000000000c0000005002601e26acc01cfe3b32d5f14ed

Error: (10/09/2014 06:38:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 07:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16575149401cfe34df5ead606134

Error: (10/08/2014 05:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.0.6000.163864549b14eunknown0.0.0.000000000c0000005000901e212c401cfe33d61b29a56

CodeIntegrity Errors:
===================================
  Date: 2014-10-10 17:55:04.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-10 17:55:04.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-10 17:55:04.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-10 17:55:04.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-08 23:29:32.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-03 09:38:07.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3AB4.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-03 09:38:07.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3AB4.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-03 09:38:06.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3AB4.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-03 09:38:06.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3AB4.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-03 09:37:49.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E4700 @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 3060.45 MB
Available physical RAM: 991.59 MB
Total Pagefile: 6351.18 MB
Available Pagefile: 4129.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.12 GB) (Free:451 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=586.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I still use the computer to read the news, and play games. Just not doing any shopping, or banking on it right now.



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 11 October 2014 - 03:54 AM

Hi :)


Should be better after this.



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 11 October 2014 - 02:59 PM

I had to run it about 4 times. It had stopped at stage 4 2 times, and stage 50 one time. Here is the results.

=================================================

ComboFix 14-10-04.01 - robert 10/11/2014  14:27:06.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3060.1951 [GMT -4:00]
Running from: c:\users\robert\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ekyhohq.dll
c:\windows\system32\hcbbnl.dll
.
.
CLSID=[clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
Error: Key: clsid\[clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5} does not exist!
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-11 to 2014-10-11  )))))))))))))))))))))))))))))))
.
.
2014-10-11 19:20 . 2014-10-11 19:20 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-10-11 19:20 . 2014-10-11 19:20 -------- d-----w- c:\users\robert\AppData\Local\temp
2014-10-11 19:20 . 2014-10-11 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-10 21:53 . 2014-10-10 21:58 -------- d-----w- C:\FRST
2014-10-08 14:13 . 2014-10-08 14:13 -------- d-----w- c:\programdata\WindowsSearch
2014-10-08 10:42 . 2014-10-08 10:42 -------- d-----w- c:\program files\Common Files\Skype
2014-10-08 10:42 . 2014-10-08 10:42 -------- d-----r- c:\program files\Skype
2014-09-27 13:26 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-19 02:23 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-19 02:23 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-19 02:23 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-09-19 02:23 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-19 02:16 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-19 02:16 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-09-19 01:59 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-09-19 01:59 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-09-19 01:59 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-09-19 01:59 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-09-19 01:59 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-09-19 01:58 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-09-19 01:58 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 11:35 . 2014-04-16 01:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 11:35 . 2014-04-16 01:11 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-29 10:26 . 2011-03-28 22:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-06 14:49 . 2014-08-06 14:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 01:03 . 2014-07-22 01:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-14 08:12 . 2014-07-19 13:48 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4984200F-CD23-406C-BA96-B9484B6CF9C1}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-13 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-13 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-13 22:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3817440497-2850051469-1489802974-1000]
"EnableNotificationsRef"=dword:00000002
"EnableNotifications"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-24 22:08 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-16 11:35]
.
2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-13 20:35]
.
2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-13 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\71jcdj15.default\
FF - prefs.js: browser.startup.homepage - hxxp://tc3.travian.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-124250)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-10-11  15:27:58
ComboFix-quarantined-files.txt  2014-10-11 19:27
.
Pre-Run: 491,148,865,536 bytes free
Post-Run: 500,255,649,792 bytes free
.
- - End Of File - - DD20EE15354DF06CB215447FC452FC2F
5C616939100B85E558DA92B899A0FC36
 



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 12 October 2014 - 07:36 AM


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 12 October 2014 - 04:28 PM

I did the scan.Here is Frst.

============

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by robert (administrator) on ROBERT-PC on 12-10-2014 17:19:55
Running from C:\Users\robert\Desktop
Loaded Profile: robert (Available profiles: robert)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
( ) C:\Windows\System32\dlbkcoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [202544 2008-03-11] (SupportSoft, Inc.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-06-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\71jcdj15.default
FF Homepage: hxxp://tc3.travian.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://tc3.travian.com/
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (Gmail) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [537840 2007-06-25] ( )
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\robert\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 17:19 - 2014-10-12 17:20 - 00013038 _____ () C:\Users\robert\Desktop\FRST.txt
2014-10-12 17:19 - 2014-10-12 17:19 - 00000000 ____D () C:\Users\robert\Desktop\FRST-OlderVersion
2014-10-11 15:55 - 2014-10-11 15:55 - 00009349 _____ () C:\Users\robert\Desktop\ComboFix1.txt
2014-10-11 15:27 - 2014-10-11 15:27 - 00009349 _____ () C:\ComboFix.txt
2014-10-11 11:18 - 2014-10-11 14:23 - 00001230 _____ () C:\Users\robert\Desktop\ComboFix - Shortcut.lnk
2014-10-11 09:33 - 2014-10-11 15:28 - 00000000 ____D () C:\Qoobox
2014-10-11 09:33 - 2014-10-11 15:26 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 09:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 09:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 09:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 09:32 - 2014-10-11 09:32 - 05582481 ____R (Swearware) C:\Users\robert\Downloads\ComboFix.exe
2014-10-10 17:59 - 2014-10-10 17:59 - 00023926 _____ () C:\Users\robert\Downloads\FRST1.txt
2014-10-10 17:58 - 2014-10-10 17:58 - 00027910 _____ () C:\Users\robert\Downloads\Addition1.txt
2014-10-10 17:55 - 2014-10-10 17:58 - 00027910 _____ () C:\Users\robert\Downloads\Addition.txt
2014-10-10 17:54 - 2014-10-10 17:58 - 00023926 _____ () C:\Users\robert\Downloads\FRST.txt
2014-10-10 17:53 - 2014-10-12 17:19 - 00000000 ____D () C:\FRST
2014-10-10 17:52 - 2014-10-12 17:19 - 01101824 _____ (Farbar) C:\Users\robert\Desktop\FRST.exe
2014-10-08 10:13 - 2014-10-08 10:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ___RD () C:\Program Files\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-07 22:32 - 2014-10-07 22:32 - 00012043 _____ () C:\Users\robert\Desktop\DDS1.txt
2014-10-07 22:32 - 2014-10-07 22:32 - 00003710 _____ () C:\Users\robert\Desktop\Attach1.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00012043 _____ () C:\Users\robert\Desktop\dds.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00003710 _____ () C:\Users\robert\Desktop\attach.txt
2014-10-07 22:28 - 2014-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\robert\Downloads\dds (2).com
2014-10-07 22:27 - 2014-10-07 22:27 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds (1).com
2014-10-07 22:26 - 2014-10-07 22:26 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds.com
2014-09-27 09:26 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 19:02 - 2014-09-24 19:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:23 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 22:23 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 22:23 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 22:23 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 22:21 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 22:21 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 22:21 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 22:21 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 22:21 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-18 22:21 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-18 22:16 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 22:16 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 21:59 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 21:59 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 21:59 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 21:58 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 21:58 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 17:20 - 2008-06-13 14:38 - 01700862 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 17:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 17:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 17:16 - 2014-04-13 16:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 17:16 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 11:40 - 2006-11-02 09:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-12 11:39 - 2014-04-13 18:33 - 00000000 ____D () C:\Users\robert\AppData\Roaming\Skype
2014-10-12 11:36 - 2014-04-13 17:28 - 00000000 ____D () C:\Users\robert\AppData\Local\SingularityViewer
2014-10-12 11:35 - 2014-04-15 21:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 11:07 - 2014-04-13 16:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 09:02 - 2014-04-13 18:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-11 15:49 - 2008-01-20 22:47 - 00071902 _____ () C:\Windows\PFRO.log
2014-10-11 15:28 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-10-11 15:28 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-10-11 15:25 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 11:23 - 2014-04-13 18:33 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-08 06:43 - 2014-04-13 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-10-04 00:09 - 2014-05-03 16:59 - 00000680 _____ () C:\Users\robert\AppData\Local\d3d9caps.dat
2014-09-27 17:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-25 17:32 - 2014-07-04 09:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 18:18 - 2014-04-13 16:36 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 07:35 - 2014-04-15 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 07:35 - 2014-04-15 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 18:20 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-19 09:01 - 2006-11-02 06:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 08:53 - 2006-11-02 08:47 - 00282080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:52 - 2014-05-01 22:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-18 22:15 - 2014-04-13 20:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 22:09 - 2014-05-01 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-18 11:49 - 2014-08-27 21:32 - 00000000 ____D () C:\Users\robert\AppData\Local\https_search.yahoo.com_0
2014-09-18 11:49 - 2014-05-10 09:55 - 00005120 _____ () C:\Users\robert\AppData\Local\Databases.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-12 17:24

==================== End Of Log ============================

Here is Addition.

===================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by robert at 2014-10-12 17:21:09
Running from C:\Users\robert\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Master of Orion II (HKLM\...\Orion2DeinstKey) (Version:  - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Populous: The Beginning (Demo) (HKLM\...\Populous: The Beginning (Demo)) (Version:  - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SimCity 3000 (HKLM\...\SimCity 3000) (Version:  - )
Singularity (remove only) (HKLM\...\Singularity) (Version:  - )
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

25-04-2014 04:56:30 Windows Update
25-04-2014 14:01:27 Windows Update
25-04-2014 23:54:09 Windows Update
26-04-2014 13:14:06 Windows Update
06-05-2014 11:15:19 Windows Update
08-05-2014 02:13:15 Windows Update
13-05-2014 11:08:52 Windows Update
14-05-2014 10:44:18 Windows Update
19-05-2014 12:48:39 Windows Update
19-05-2014 21:32:52 Windows Modules Installer
20-05-2014 13:06:03 Windows Update
21-05-2014 11:34:26 Windows Update
22-05-2014 11:38:07 Windows Update
23-05-2014 13:44:50 Windows Update
11-06-2014 16:08:42 Windows Update
28-06-2014 03:44:28 Scheduled Checkpoint
09-07-2014 21:42:53 Windows Update
19-07-2014 13:29:08 Removed AVG 2014
19-07-2014 13:33:03 Removed AVG 2014
19-07-2014 13:47:52 Windows Update
19-07-2014 15:26:11 Installed AVG 2014
19-07-2014 15:28:02 Installed AVG 2014
03-08-2014 03:46:12 Scheduled Checkpoint
09-08-2014 21:45:21 Restore Operation
11-08-2014 20:35:16 Restore Operation
11-08-2014 21:10:03 Restore Operation
12-09-2014 01:12:48 Removed Adobe Reader 8.1.0
12-09-2014 01:19:38 Removed Adobe Reader 8.1.0
12-09-2014 14:30:02 Scheduled Checkpoint
19-09-2014 01:59:49 Windows Update
27-09-2014 13:25:58 Windows Update
05-10-2014 14:57:39 Scheduled Checkpoint
11-10-2014 13:47:59 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-10-11 15:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26CCB90C-20E1-480D-B4BC-E10144E60D23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {793B4E10-CAC1-44CF-8F58-D20BCC717A38} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7BDA3442-C9CB-4524-ABD1-13602A6D4904} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {9B33DFCC-B0C7-4949-8296-D952360A5128} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {A610CD6E-50CA-4332-913F-61AF63F873EA} - System32\Tasks\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1} => C:\Windows\system32\fmpal.dll/s "C:\Windows\system32\fmpal.dll"
Task: {B97E70F5-224D-46A1-BA57-0E2CFC75B62B} - System32\Tasks\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3} => C:\Windows\system32\ooejcbq.dll/s "C:\Windows\system32\ooejcbq.dll"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-13 21:50 - 2007-02-28 08:49 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbkpp5c.dll
2005-09-13 21:27 - 2005-09-13 21:27 - 00061440 _____ () C:\Windows\system32\dlbkcnv4.dll
2007-02-28 08:49 - 2007-02-28 08:49 - 00091136 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dlbkui5c.dll
2007-02-28 08:53 - 2007-02-28 08:53 - 00858112 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBKSTRN.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3817440497-2850051469-1489802974-500 - Administrator - Disabled)
Guest (S-1-5-21-3817440497-2850051469-1489802974-501 - Limited - Disabled)
robert (S-1-5-21-3817440497-2850051469-1489802974-1000 - Administrator - Enabled) => C:\Users\robert

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 05:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 05:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp 0x49e01c05, faulting module DLBKGF.DLL_unloaded, version 0.0.0.0, time stamp 0x3dfc9f12, exception code 0xc0000005, fault offset 0x5f4925f4,
process id 0xac8, application start time 0xwmiprvse.exe0.

Error: (10/12/2014 05:17:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 08:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001101e2,
process id 0x7100, application start time 0xdllhost.exe0.

Error: (10/11/2014 05:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 05:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp 0x49e01c05, faulting module DLBKGF.DLL_unloaded, version 0.0.0.0, time stamp 0x3dfc9f12, exception code 0xc0000005, fault offset 0x5f4925f4,
process id 0xa2c, application start time 0xwmiprvse.exe0.

Error: (10/11/2014 05:05:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 03:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 03:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp 0x49e01c05, faulting module DLBKGF.DLL_unloaded, version 0.0.0.0, time stamp 0x3dfc9f12, exception code 0xc0000005, fault offset 0x5f4925f4,
process id 0x698, application start time 0xwmiprvse.exe0.

System errors:
=============
Error: (10/12/2014 05:18:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/12/2014 08:57:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/11/2014 05:06:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/11/2014 03:51:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/11/2014 03:49:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:47:19 PM on 10/11/2014 was unexpected.

Error: (10/11/2014 03:25:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/11/2014 02:51:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/11/2014 02:25:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/11/2014 02:24:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1

Error: (10/11/2014 02:19:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (10/12/2014 05:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 05:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmiprvse.exe6.0.6002.1800549e01c05DLBKGF.DLL_unloaded0.0.0.03dfc9f12c00000055f4925f4ac801cfe661e85522e7

Error: (10/12/2014 05:17:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 08:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.0.6000.163864549b14eunknown0.0.0.000000000c0000005001101e2710001cfe5b0231fb40e

Error: (10/11/2014 05:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 05:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmiprvse.exe6.0.6002.1800549e01c05DLBKGF.DLL_unloaded0.0.0.03dfc9f12c00000055f4925f4a2c01cfe59712bbe0ce

Error: (10/11/2014 05:05:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 03:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 03:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmiprvse.exe6.0.6002.1800549e01c05DLBKGF.DLL_unloaded0.0.0.03dfc9f12c00000055f4925f469801cfe58c91fbfbb6

CodeIntegrity Errors:
===================================
  Date: 2014-10-12 17:20:30.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 17:20:30.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 17:20:30.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 17:20:30.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:28:48.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:28:47.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:28:47.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:28:47.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:27:29.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-11 14:27:29.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E4700 @ 2.60GHz
Percentage of memory in use: 38%
Total physical RAM: 3060.45 MB
Available physical RAM: 1873.75 MB
Total Pagefile: 6349.22 MB
Available Pagefile: 5155.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.12 GB) (Free:466.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=586.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 13 October 2014 - 01:11 AM

Looks like no joy after running ComboFix. Let's try this one.

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CloseProcesses:
    HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
    CHR DefaultSearchKeyword: Default -> mysearch.avg.com
    CHR DefaultSearchProvider: Default -> AVG Secure Search
    CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=
    CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
    CustomCLSID: HKU\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    Task: {A610CD6E-50CA-4332-913F-61AF63F873EA} - System32\Tasks\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1} => C:\Windows\system32\fmpal.dll/s "C:\Windows\system32\fmpal.dll"
    Task: {B97E70F5-224D-46A1-BA57-0E2CFC75B62B} - System32\Tasks\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3} => C:\Windows\system32\ooejcbq.dll/s "C:\Windows\system32\ooejcbq.dll"
    C:\Windows\system32\fmpal.dll
    C:\Windows\system32\ooejcbq.dll
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press Scan button and wait.
  • The tool will produce a logfile on your desktop named FRST.txt.

Please include its content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 13 October 2014 - 04:41 PM

Here are the logs. What virus did I have?

===================================

Fix log.

===

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-10-2014 01
Ran by robert at 2014-10-13 17:10:44 Run:1
Running from C:\Users\robert\Desktop
Loaded Profile: robert (Available profiles: robert)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CustomCLSID: HKU\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {A610CD6E-50CA-4332-913F-61AF63F873EA} - System32\Tasks\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1} => C:\Windows\system32\fmpal.dll/s "C:\Windows\system32\fmpal.dll"
Task: {B97E70F5-224D-46A1-BA57-0E2CFC75B62B} - System32\Tasks\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3} => C:\Windows\system32\ooejcbq.dll/s "C:\Windows\system32\ooejcbq.dll"
C:\Windows\system32\fmpal.dll
C:\Windows\system32\ooejcbq.dll
EmptyTemp:
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> AVG Secure Search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={B8EAC443-4E83-4690-91D3-C42B99654874}&mid=f82b923cf56b47d2aca8d1544f70d1ee-ca418342f57a43911b93581de879bc6130c6662f&lang=en&ds=AVG&pr=fr&d=2014-04-15 19:36:42&v=18.0.5.292&pid=safeguard&sg= => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
"HKU\S-1-5-21-3817440497-2850051469-1489802974-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A610CD6E-50CA-4332-913F-61AF63F873EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A610CD6E-50CA-4332-913F-61AF63F873EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6BAFF387-9E5C-A398-0A06-6078B7BC8AA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B97E70F5-224D-46A1-BA57-0E2CFC75B62B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B97E70F5-224D-46A1-BA57-0E2CFC75B62B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B34F8568-F5F6-6EAA-ACA5-8F8AE5CB52A3}" => Key deleted successfully.
"C:\Windows\system32\fmpal.dll" => File/Directory not found.
"C:\Windows\system32\ooejcbq.dll" => File/Directory not found.
EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

==========

Scan result.

====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by robert (administrator) on ROBERT-PC on 13-10-2014 17:34:25
Running from C:\Users\robert\Desktop
Loaded Profile: robert (Available profiles: robert)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
( ) C:\Windows\System32\dlbkcoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgmfapx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [202544 2008-03-11] (SupportSoft, Inc.)
HKU\S-1-5-21-3817440497-2850051469-1489802974-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-06-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\71jcdj15.default
FF Homepage: hxxp://tc3.travian.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-13]

Chrome:
=======
CHR Profile: C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (Gmail) - C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [537840 2007-06-25] ( )
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-06-13] (Google)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\robert\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 17:25 - 2014-10-12 17:25 - 00024039 _____ () C:\Users\robert\Desktop\FRST2.txt
2014-10-12 17:24 - 2014-10-12 17:24 - 00025284 _____ () C:\Users\robert\Desktop\Addition2.txt
2014-10-12 17:21 - 2014-10-12 17:24 - 00025284 _____ () C:\Users\robert\Desktop\Addition.txt
2014-10-12 17:19 - 2014-10-13 17:34 - 00011837 _____ () C:\Users\robert\Desktop\FRST.txt
2014-10-12 17:19 - 2014-10-12 17:19 - 00000000 ____D () C:\Users\robert\Desktop\FRST-OlderVersion
2014-10-11 15:55 - 2014-10-11 15:55 - 00009349 _____ () C:\Users\robert\Desktop\ComboFix1.txt
2014-10-11 15:27 - 2014-10-11 15:27 - 00009349 _____ () C:\ComboFix.txt
2014-10-11 11:18 - 2014-10-11 14:23 - 00001230 _____ () C:\Users\robert\Desktop\ComboFix - Shortcut.lnk
2014-10-11 09:33 - 2014-10-11 15:28 - 00000000 ____D () C:\Qoobox
2014-10-11 09:33 - 2014-10-11 15:26 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 09:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 09:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 09:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 09:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 09:32 - 2014-10-11 09:32 - 05582481 ____R (Swearware) C:\Users\robert\Downloads\ComboFix.exe
2014-10-10 17:59 - 2014-10-10 17:59 - 00023926 _____ () C:\Users\robert\Downloads\FRST1.txt
2014-10-10 17:58 - 2014-10-10 17:58 - 00027910 _____ () C:\Users\robert\Downloads\Addition1.txt
2014-10-10 17:55 - 2014-10-10 17:58 - 00027910 _____ () C:\Users\robert\Downloads\Addition.txt
2014-10-10 17:54 - 2014-10-10 17:58 - 00023926 _____ () C:\Users\robert\Downloads\FRST.txt
2014-10-10 17:53 - 2014-10-13 17:34 - 00000000 ____D () C:\FRST
2014-10-10 17:52 - 2014-10-12 17:19 - 01101824 _____ (Farbar) C:\Users\robert\Desktop\FRST.exe
2014-10-08 10:13 - 2014-10-08 10:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ___RD () C:\Program Files\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-08 06:42 - 2014-10-08 06:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-07 22:32 - 2014-10-07 22:32 - 00012043 _____ () C:\Users\robert\Desktop\DDS1.txt
2014-10-07 22:32 - 2014-10-07 22:32 - 00003710 _____ () C:\Users\robert\Desktop\Attach1.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00012043 _____ () C:\Users\robert\Desktop\dds.txt
2014-10-07 22:30 - 2014-10-07 22:30 - 00003710 _____ () C:\Users\robert\Desktop\attach.txt
2014-10-07 22:28 - 2014-10-07 22:28 - 00688992 ____R (Swearware) C:\Users\robert\Downloads\dds (2).com
2014-10-07 22:27 - 2014-10-07 22:27 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds (1).com
2014-10-07 22:26 - 2014-10-07 22:26 - 00688992 _____ (Swearware) C:\Users\robert\Downloads\dds.com
2014-09-27 09:26 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 19:02 - 2014-09-24 19:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:23 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 22:23 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 22:23 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 22:23 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 22:21 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 22:21 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 22:21 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 22:21 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 22:21 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 22:21 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 22:21 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 22:21 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 22:21 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-18 22:21 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-18 22:16 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 22:16 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 21:59 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 21:59 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 21:59 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 21:59 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 21:58 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 21:58 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 17:35 - 2014-04-15 21:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 17:34 - 2014-04-13 18:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-13 17:33 - 2008-06-13 14:38 - 01727069 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 17:32 - 2014-04-13 18:33 - 00000000 ____D () C:\Users\robert\AppData\Roaming\Skype
2014-10-13 17:29 - 2014-04-13 16:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 17:29 - 2008-01-20 22:47 - 00621420 _____ () C:\Windows\PFRO.log
2014-10-13 17:29 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 17:29 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 17:29 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 17:28 - 2006-11-02 09:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-13 17:07 - 2014-04-13 16:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 10:42 - 2014-04-13 17:28 - 00000000 ____D () C:\Users\robert\AppData\Local\SingularityViewer
2014-10-12 17:28 - 2014-04-13 18:33 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-11 15:28 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-10-11 15:28 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-10-11 15:25 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-08 06:43 - 2014-04-13 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-10-04 00:09 - 2014-05-03 16:59 - 00000680 _____ () C:\Users\robert\AppData\Local\d3d9caps.dat
2014-09-27 17:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-25 17:32 - 2014-07-04 09:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 18:18 - 2014-04-13 16:36 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 07:35 - 2014-04-15 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 07:35 - 2014-04-15 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 18:20 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-19 09:01 - 2006-11-02 06:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 08:53 - 2006-11-02 08:47 - 00282080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:52 - 2014-05-01 22:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-18 22:15 - 2014-04-13 20:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 22:09 - 2014-05-01 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-18 11:49 - 2014-08-27 21:32 - 00000000 ____D () C:\Users\robert\AppData\Local\https_search.yahoo.com_0
2014-09-18 11:49 - 2014-05-10 09:55 - 00005120 _____ () C:\Users\robert\AppData\Local\Databases.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-13 17:36

==================== End Of Log ============================



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 13 October 2014 - 04:44 PM

You had Poweliks infection. But this is not the end, we need some more scans to confirm that everything is gone :)



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 14 October 2014 - 06:28 PM

Here are the results for the Malware Bytes scan. I will do the other scan in a few days.

 

=================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/14/2014
Scan Time: 7:40:45 AM
Logfile: Byte1.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.14.08
Rootkit Database: v2014.10.11.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: robert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329412
Time Elapsed: 9 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 15 October 2014 - 02:04 AM

Fine for me, I will be awaiting. We're almost done, but I want to make sure that I won't miss anything :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 18 October 2014 - 01:49 PM

I just did the scan. Not sure if I did it right. Here are the results.

 

========================================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d7e7e53a78fb6645ae7b9cb93dc47be1
# engine=20667
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-18 06:45:33
# local_time=2014-10-18 02:45:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 6958619 250265461 0 0
# scanned=144965
# found=0
# cleaned=0
# scan_time=1947
 



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:47 PM

Posted 18 October 2014 - 06:50 PM

Looks perfect :)



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:06:47 PM

Posted 20 October 2014 - 05:51 AM

I hope I did it right.

 

=======================================================

# DelFix v10.8 - Logfile created 20/10/2014 at 06:45:23
# Updated 29/07/2014 by Xplode
# Username : robert - ROBERT-PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\Users\robert\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\robert\Desktop\Addition.txt
Deleted : C:\Users\robert\Desktop\Addition2.txt
Deleted : C:\Users\robert\Desktop\ComboFix - Shortcut.lnk
Deleted : C:\Users\robert\Desktop\ComboFix1.txt
Deleted : C:\Users\robert\Desktop\dds.txt
Deleted : C:\Users\robert\Desktop\DDS1.txt
Deleted : C:\Users\robert\Desktop\Fixlog.txt
Deleted : C:\Users\robert\Desktop\FRST.exe
Deleted : C:\Users\robert\Desktop\FRST.txt
Deleted : C:\Users\robert\Desktop\FRST2.txt
Deleted : C:\Users\robert\Desktop\FRST3.txt
Deleted : C:\Users\robert\Downloads\Addition.txt
Deleted : C:\Users\robert\Downloads\Addition1.txt
Deleted : C:\Users\robert\Downloads\ComboFix.exe
Deleted : C:\Users\robert\Downloads\dds (1).com
Deleted : C:\Users\robert\Downloads\dds (2).com
Deleted : C:\Users\robert\Downloads\dds.com
Deleted : C:\Users\robert\Downloads\FRST.txt
Deleted : C:\Users\robert\Downloads\FRST1.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #49 [Windows Update | 05/13/2014 11:08:52]
Deleted : RP #50 [Windows Update | 05/14/2014 10:44:18]
Deleted : RP #51 [Windows Update | 05/19/2014 12:48:39]
Deleted : RP #52 [Windows Modules Installer | 05/19/2014 21:32:52]
Deleted : RP #53 [Windows Update | 05/20/2014 13:06:03]
Deleted : RP #54 [Windows Update | 05/21/2014 11:34:26]
Deleted : RP #55 [Windows Update | 05/22/2014 11:38:07]
Deleted : RP #56 [Windows Update | 05/23/2014 13:44:50]
Deleted : RP #57 [Windows Update | 06/11/2014 16:08:42]
Deleted : RP #58 [Scheduled Checkpoint | 06/28/2014 03:44:28]
Deleted : RP #59 [Windows Update | 07/09/2014 21:42:53]
Deleted : RP #60 [Removed AVG 2014 | 07/19/2014 13:29:08]
Deleted : RP #61 [Removed AVG 2014 | 07/19/2014 13:33:03]
Deleted : RP #62 [Windows Update | 07/19/2014 13:47:52]
Deleted : RP #63 [Installed AVG 2014 | 07/19/2014 15:26:11]
Deleted : RP #64 [Installed AVG 2014 | 07/19/2014 15:28:02]
Deleted : RP #65 [Scheduled Checkpoint | 08/03/2014 03:46:12]
Deleted : RP #66 [Restore Operation | 08/09/2014 21:45:21]
Deleted : RP #67 [Restore Operation | 08/11/2014 20:35:16]
Deleted : RP #68 [Restore Operation | 08/11/2014 21:10:03]
Deleted : RP #69 [Removed Adobe Reader 8.1.0 | 09/12/2014 01:12:48]
Deleted : RP #70 [Removed Adobe Reader 8.1.0 | 09/12/2014 01:19:38]
Deleted : RP #71 [Scheduled Checkpoint | 09/12/2014 14:30:02]
Deleted : RP #72 [Windows Update | 09/19/2014 01:59:49]
Deleted : RP #73 [Windows Update | 09/27/2014 13:25:58]
Deleted : RP #74 [Scheduled Checkpoint | 10/05/2014 14:57:39]
Deleted : RP #75 [ComboFix created restore point | 10/11/2014 13:47:59]
Deleted : RP #76 [Installed AVG 2015 | 10/17/2014 10:55:16]
Deleted : RP #77 [Installed AVG 2015 | 10/17/2014 10:56:42]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users