Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG says rpcss.dll is Win64/Patched, but will not clean it.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Billsey

Billsey

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 June 2014 - 09:39 PM

It's a friend's laptop and I've tried pretty much everything in my arsenal...

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by MW at 19:30:31 on 2014-06-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3819.1343 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.centurylink.net/
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: TotalRecipeSearch: {A0154E07-2B48-475C-A82A-80EFD84EA33E} - 
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 209.237.77.254 209.237.77.253 192.168.7.1
TCP: Interfaces\{1ACA89FC-E4F1-4210-84FD-49EE2F2FF873} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{1C4AEE76-E316-4269-B425-75B5BD75B5BB} : DHCPNameServer = 209.237.77.254 209.237.77.253 192.168.7.1
TCP: Interfaces\{1C4AEE76-E316-4269-B425-75B5BD75B5BB}\452554E444E65647 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{1C4AEE76-E316-4269-B425-75B5BD75B5BB}\7756374756C6C623337353 : DHCPNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 50464]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-1-17 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-1-17 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-1-17 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-17 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-17 310864]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-17 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-17 244624]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-17 244624]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-4-27 1801240]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-7 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-17 115216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-17 76912]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-7 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CxAudMsg;CxAudMsg;C:\Windows\System32\CxAudMsg64.exe --> C:\Windows\System32\CxAudMsg64.exe [?]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-4 91352]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-4 119000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-1 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-17 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-1 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-06 02:09:42 -------- d-----w- C:\FRST
2014-06-05 10:43:34 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-05 10:34:41 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-05 10:34:41 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-05 06:35:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-05 06:35:39 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-05 06:34:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-04 05:35:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-13 21:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 21:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 21:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 21:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 21:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 21:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 21:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 21:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-06-05 15:49:51 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-05 15:49:51 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-28 04:44:19 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 19:32:00.85 ===============
Attached File  attach.zip   4.51KB   0 downloads


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 June 2014 - 02:32 AM

Hi there,

please run the following scans:


Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


Step 2
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 Billsey

Billsey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 06 June 2014 - 10:59 AM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by MW (administrator) on MW-PC on 06-06-2014 08:31:38
Running from C:\Users\MW\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2557976 2014-04-27] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={99000426-22E3-4769-98E6-85F909E93D0D}&mid=023ce4ddab2047d1a47acd3c4e200f10-a221243e42de75b610ae209405d18c572992271a&lang=en&ds=AVG&pr=fr&d=2013-09-24 15:11:40&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={99000426-22E3-4769-98E6-85F909E93D0D}&mid=023ce4ddab2047d1a47acd3c4e200f10-a221243e42de75b610ae209405d18c572992271a&lang=en&ds=AVG&pr=fr&d=2013-09-24 15:11:40&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {A0154E07-2B48-475C-A82A-80EFD84EA33E} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 209.237.77.254 209.237.77.253 192.168.7.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-02]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (AVG Secure Search) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx [2013-11-27]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-27] (AVG Secure Search)
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-06-05] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-06-05] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-06 08:31 - 2014-06-06 08:31 - 00018262 _____ () C:\Users\MW\Desktop\FRST.txt
2014-06-06 08:26 - 2014-06-06 08:26 - 00000000 ____D () C:\Users\MW\Desktop\FRST-OlderVersion
2014-06-06 00:03 - 2014-06-06 00:03 - 00275560 _____ () C:\Windows\Minidump\060614-69389-01.dmp
2014-06-05 19:39 - 2014-06-05 19:39 - 00004614 _____ () C:\Users\MW\Desktop\attach.zip
2014-06-05 19:32 - 2014-06-05 19:32 - 00016856 _____ () C:\Users\MW\Desktop\dds.txt
2014-06-05 19:32 - 2014-06-05 19:32 - 00016489 _____ () C:\Users\MW\Desktop\attach.txt
2014-06-05 19:29 - 2014-06-05 19:29 - 00688992 ____R (Swearware) C:\Users\MW\Desktop\dds.com
2014-06-05 19:12 - 2014-06-05 19:14 - 00037073 _____ () C:\Users\MW\Downloads\Addition.txt
2014-06-05 19:09 - 2014-06-06 08:31 - 00000000 ____D () C:\FRST
2014-06-05 19:09 - 2014-06-05 19:14 - 00031685 _____ () C:\Users\MW\Downloads\FRST.txt
2014-06-05 19:08 - 2014-06-06 08:26 - 02072576 _____ (Farbar) C:\Users\MW\Desktop\FRST64.exe
2014-06-05 19:06 - 2014-06-05 19:15 - 00003372 _____ () C:\Users\MW\Desktop\Rkill.txt
2014-06-05 19:05 - 2014-06-05 19:06 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\MW\Downloads\iExplore.exe
2014-06-05 19:01 - 2014-06-05 19:23 - 139237080 _____ () C:\Users\MW\Downloads\setup_11.0.1.1245.x01_2014_06_06_05_24.exe
2014-06-05 08:38 - 2014-06-06 00:03 - 614829996 _____ () C:\Windows\MEMORY.DMP
2014-06-05 08:38 - 2014-06-06 00:03 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 08:38 - 2014-06-05 08:39 - 00283272 _____ () C:\Windows\Minidump\060514-67907-01.dmp
2014-06-05 07:43 - 2014-06-05 07:44 - 05245952 _____ () C:\Users\MW\Downloads\RogueKillerX64.exe
2014-06-05 03:59 - 2014-06-05 07:07 - 00000000 ____D () C:\Users\MW\Desktop\mbar
2014-06-05 03:43 - 2014-06-05 03:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-05 03:35 - 2014-06-05 03:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 03:35 - 2014-06-05 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 03:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 03:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 03:32 - 2014-06-05 03:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MW\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 23:35 - 2014-06-05 08:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 23:35 - 2014-06-05 07:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 23:34 - 2014-06-05 07:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 22:41 - 2014-06-04 22:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\MW\Downloads\mbar-1.07.0.1009.exe
2014-06-04 07:50 - 2014-06-05 00:59 - 00086349 _____ () C:\Users\MW\Desktop\avgrep.txt
2014-06-03 22:35 - 2014-06-05 03:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-06-06 08:32 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW\AppData\Local\Temp
2014-06-06 08:31 - 2014-06-06 08:31 - 00018262 _____ () C:\Users\MW\Desktop\FRST.txt
2014-06-06 08:31 - 2014-06-05 19:09 - 00000000 ____D () C:\FRST
2014-06-06 08:28 - 2011-03-07 12:55 - 01883936 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 08:26 - 2014-06-06 08:26 - 00000000 ____D () C:\Users\MW\Desktop\FRST-OlderVersion
2014-06-06 08:26 - 2014-06-05 19:08 - 02072576 _____ (Farbar) C:\Users\MW\Desktop\FRST64.exe
2014-06-06 08:21 - 2013-11-27 12:41 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 08:21 - 2013-11-27 12:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 07:49 - 2013-09-21 18:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 07:46 - 2014-04-09 14:15 - 00000069 _____ () C:\Windows\system32\zswb.puv
2014-06-06 04:13 - 2014-02-24 09:08 - 00000639 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DAF2E695-9D6D-11E3-B080-1C7508C4E6E3.job
2014-06-06 03:14 - 2013-08-27 14:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-06 03:06 - 2011-05-28 15:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-06 00:11 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 00:11 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 00:06 - 2011-05-02 17:54 - 00000000 ____D () C:\ProgramData\clear.fi
2014-06-06 00:04 - 2011-03-07 13:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-06 00:03 - 2014-06-06 00:03 - 00275560 _____ () C:\Windows\Minidump\060614-69389-01.dmp
2014-06-06 00:03 - 2014-06-05 08:38 - 614829996 _____ () C:\Windows\MEMORY.DMP
2014-06-06 00:03 - 2014-06-05 08:38 - 00000000 ____D () C:\Windows\Minidump
2014-06-06 00:03 - 2014-02-18 16:06 - 00000468 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-06-06 00:03 - 2013-06-13 19:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-06 00:03 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 00:03 - 2009-07-13 21:51 - 00086338 _____ () C:\Windows\setupact.log
2014-06-05 19:39 - 2014-06-05 19:39 - 00004614 _____ () C:\Users\MW\Desktop\attach.zip
2014-06-05 19:32 - 2014-06-05 19:32 - 00016856 _____ () C:\Users\MW\Desktop\dds.txt
2014-06-05 19:32 - 2014-06-05 19:32 - 00016489 _____ () C:\Users\MW\Desktop\attach.txt
2014-06-05 19:29 - 2014-06-05 19:29 - 00688992 ____R (Swearware) C:\Users\MW\Desktop\dds.com
2014-06-05 19:23 - 2014-06-05 19:01 - 139237080 _____ () C:\Users\MW\Downloads\setup_11.0.1.1245.x01_2014_06_06_05_24.exe
2014-06-05 19:15 - 2014-06-05 19:06 - 00003372 _____ () C:\Users\MW\Desktop\Rkill.txt
2014-06-05 19:14 - 2014-06-05 19:12 - 00037073 _____ () C:\Users\MW\Downloads\Addition.txt
2014-06-05 19:14 - 2014-06-05 19:09 - 00031685 _____ () C:\Users\MW\Downloads\FRST.txt
2014-06-05 19:06 - 2014-06-05 19:05 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\MW\Downloads\iExplore.exe
2014-06-05 18:05 - 2011-05-02 18:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-05 18:00 - 2014-02-18 16:06 - 00000458 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-06-05 08:49 - 2013-09-21 18:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-05 08:49 - 2013-09-21 18:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-05 08:49 - 2011-05-12 18:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-05 08:39 - 2014-06-05 08:38 - 00283272 _____ () C:\Windows\Minidump\060514-67907-01.dmp
2014-06-05 08:38 - 2011-03-07 12:52 - 00205804 _____ () C:\Windows\PFRO.log
2014-06-05 08:27 - 2014-03-31 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-05 08:27 - 2013-09-24 15:11 - 00000929 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-05 08:00 - 2014-06-04 23:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-05 07:55 - 2014-06-04 23:35 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 07:53 - 2014-06-04 23:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 07:44 - 2014-06-05 07:43 - 05245952 _____ () C:\Users\MW\Downloads\RogueKillerX64.exe
2014-06-05 07:07 - 2014-06-05 03:59 - 00000000 ____D () C:\Users\MW\Desktop\mbar
2014-06-05 03:47 - 2013-11-27 12:44 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 03:43 - 2014-06-05 03:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-05 03:35 - 2014-06-05 03:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 03:35 - 2014-06-05 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 03:35 - 2014-06-03 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 03:33 - 2014-06-05 03:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MW\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 00:59 - 2014-06-04 07:50 - 00086349 _____ () C:\Users\MW\Desktop\avgrep.txt
2014-06-04 22:41 - 2014-06-04 22:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\MW\Downloads\mbar-1.07.0.1009.exe
2014-06-04 22:04 - 2012-09-27 21:48 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-06-04 22:04 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW\AppData\Local\PowerCinema
2014-06-04 22:04 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-04 22:00 - 2014-04-27 21:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-04 22:00 - 2014-04-19 21:14 - 00000000 ____D () C:\Users\MW\AppData\Local\Cyberlink
2014-06-04 22:00 - 2014-04-10 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-04 22:00 - 2014-03-24 20:49 - 00000000 ____D () C:\Users\MW\AppData\Local\VideoDownloadConverter_4z
2014-06-04 22:00 - 2013-11-27 12:42 - 00000000 ____D () C:\Program Files\Google
2014-06-04 22:00 - 2013-11-27 12:41 - 00000000 ____D () C:\Users\MW\AppData\Local\Google
2014-06-04 22:00 - 2013-11-25 13:35 - 00000000 ____D () C:\Users\MW\AppData\Local\RecipeHub_2j
2014-06-04 22:00 - 2013-11-01 16:08 - 00000000 ____D () C:\Users\MW\AppData\Roaming\Malwarebytes
2014-06-04 22:00 - 2013-09-24 15:14 - 00000000 ____D () C:\Users\MW\AppData\Roaming\AVG2014
2014-06-04 22:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-06-04 21:59 - 2014-04-10 16:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-04 21:59 - 2013-11-27 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-04 21:07 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW
2014-06-03 22:35 - 2013-11-01 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 22:33 - 2014-02-18 16:06 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 20:51 - 2014-02-18 16:06 - 00000416 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-05-12 07:26 - 2014-06-05 03:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 03:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 19:24 - 2009-07-13 22:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 08:16 - 2013-11-27 12:41 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:16 - 2013-11-27 12:41 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\MW\AppData\Local\Temp\avguidx.dll
C:\Users\MW\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MW\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MW\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MW\AppData\Local\Temp\MSN1F83.exe
C:\Users\MW\AppData\Local\Temp\oi_{30936034-E26A-4CAB-AEA2-983004EB874C}.exe
C:\Users\MW\AppData\Local\Temp\oi_{4098A1B2-60CE-42F6-B60F-6B2C019F0D0C}.exe
C:\Users\MW\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-02 19:30] - [2010-11-20 06:27] - 0516096 ____A (Microsoft Corporation) 5E1E18E51418988D4ADC6EE460DFB950
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 14:53
 
==================== End Of Log ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by MW at 2014-06-06 08:33:09
Running from C:\Users\MW\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1313 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1313 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Fuel (Version: 2010.1118.1603.28745 - AMD) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.0.443 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.1118.1603.28745 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help English (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help French (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help German (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1118.1602.28745 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
ccc-utility64 (Version: 2010.1118.1603.28745 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.51 - Conexant)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TotalRecipeSearch Toolbar (HKLM-x32\...\TotalRecipeSearch_14bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.31 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
20-04-2014 04:28:22 Windows Update
25-04-2014 15:38:24 Windows Update
28-04-2014 04:43:19 Windows Update
05-05-2014 17:46:59 Windows Update
05-05-2014 19:31:06 Installed AVG 2014
07-05-2014 03:30:29 Windows Update
09-05-2014 23:19:49 Windows Update
11-05-2014 23:24:42 Windows Update
13-05-2014 03:52:01 Windows Update
06-06-2014 10:00:33 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {149B77C1-5EDC-4859-967C-A15DD92DB435} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-29] (CyberLink)
Task: {58DBDFA7-BEE7-4F3D-9174-CCCE53BBFE40} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {64E08FEF-CDEC-4F89-929A-84338A7CF6E6} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: {6C6777A5-CAC2-4264-AB46-9344A83DFD03} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_DAF2E695-9D6D-11E3-B080-1C7508C4E6E3 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {75B5E783-1A9C-4119-B2B7-2F4924505EED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05] (Adobe Systems Incorporated)
Task: {8C56C877-6272-4E48-B1A6-9F1CC8C8F1B8} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-29] (Acer Incorporated)
Task: {B7636BA9-92A6-49DF-A28C-B387C58B59D4} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: {CABB5AF2-99B4-4BC4-B7B5-1D1C9A4B4677} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-29] (CyberLink Corp.)
Task: {CD76270F-3D9A-4344-9295-33998E5600C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {D84043C5-F230-437C-9E4A-F05E022CCED7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {DB957236-0C02-4569-9F79-9AA3B4956FFC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{AB310C2A-D6B0-4A7A-9DDD-A57BED3CAE09}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{AB310C2A-D6B0-4A7A-9DDD-A57BED3CAE09}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DAF2E695-9D6D-11E3-B080-1C7508C4E6E3.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2010-11-18 17:13 - 2010-11-18 17:13 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-18 17:14 - 2010-11-18 17:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-27 21:47 - 2014-04-27 21:44 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2012-09-27 21:48 - 2014-04-27 21:44 - 02557976 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2010-11-11 18:22 - 2010-11-11 18:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-11 18:22 - 2010-11-11 18:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-11 18:22 - 2010-11-11 18:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-29 15:56 - 2010-12-29 15:56 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-08 16:37 - 2014-03-20 11:10 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-04-27 21:47 - 2014-04-27 21:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2014-06-05 03:41 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-06-05 03:40 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-06-05 03:47 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-06-05 03:47 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-06-05 03:40 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CmTray => "C:\Program Files (x86)\Content Manager\launchCM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader => C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WeatherBlink Browser Plugin Loader => C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbrmon.exe
MSCONFIG\startupreg: WeatherBlink Search Scope Monitor => "C:\PROGRA~2\WEATHE~2\bar\1.bin\gcsrchmn.exe" /m=2 /w /h
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Pro B9100 series
Description: Photosmart Pro B9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 7300 series
Description: Officejet 7300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/06/2014 03:16:51 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (06/05/2014 03:51:36 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. hr=0x80070057
6.1.7601.17514
 
Error: (06/04/2014 09:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SparkTrustPCCleanerPlus.exe, version: 3.2.2.0, time stamp: 0x5333145c
Faulting module name: SparkTrustPCCleanerPlus.exe, version: 3.2.2.0, time stamp: 0x5333145c
Exception code: 0xc0000005
Fault offset: 0x00082692
Faulting process id: 0x1310
Faulting application start time: 0xSparkTrustPCCleanerPlus.exe0
Faulting application path: SparkTrustPCCleanerPlus.exe1
Faulting module path: SparkTrustPCCleanerPlus.exe2
Report Id: SparkTrustPCCleanerPlus.exe3
 
Error: (06/04/2014 09:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SparkTrustPCCleanerPlus.exe, version: 3.2.2.0, time stamp: 0x5333145c
Faulting module name: SparkTrustPCCleanerPlus.exe, version: 3.2.2.0, time stamp: 0x5333145c
Exception code: 0xc0000005
Fault offset: 0x00082692
Faulting process id: 0xab8
Faulting application start time: 0xSparkTrustPCCleanerPlus.exe0
Faulting application path: SparkTrustPCCleanerPlus.exe1
Faulting module path: SparkTrustPCCleanerPlus.exe2
Report Id: SparkTrustPCCleanerPlus.exe3
 
Error: (05/12/2014 09:02:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (05/11/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (05/09/2014 06:42:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800706b5, The interface is unknown.
.
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800706b5, The interface is unknown.
.
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]
 
 
System errors:
=============
Error: (06/06/2014 03:28:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2961851).
 
Error: (06/06/2014 03:17:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2800095).
 
Error: (06/06/2014 03:17:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
 
Error: (06/06/2014 03:16:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2929437).
 
Error: (06/06/2014 03:06:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2908783).
 
Error: (06/06/2014 03:02:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2922229).
 
Error: (06/06/2014 03:02:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2928562).
 
Error: (06/06/2014 00:04:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (06/06/2014 00:03:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CxAudMsg service failed to start due to the following error: 
%%2
 
Error: (06/06/2014 00:03:41 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x0000000000060011, 0x0000000000000002, 0x0000000000000000, 0xfffff8800198b6b4)C:\Windows\MEMORY.DMP060614-69389-01
 
 
Microsoft Office Sessions:
=========================
Error: (06/06/2014 03:16:51 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/05/2014 03:51:36 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: hr=0x800700576.1.7601.17514
 
Error: (06/04/2014 09:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SparkTrustPCCleanerPlus.exe3.2.2.05333145cSparkTrustPCCleanerPlus.exe3.2.2.05333145cc000000500082692131001cf80789dcc578fC:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exeC:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exeddb7a750-ec6b-11e3-ae32-ec55f903a59a
 
Error: (06/04/2014 09:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SparkTrustPCCleanerPlus.exe3.2.2.05333145cSparkTrustPCCleanerPlus.exe3.2.2.05333145cc000000500082692ab801cf80789442bf70C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exeC:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exed50024b2-ec6b-11e3-ae32-ec55f903a59a
 
Error: (05/12/2014 09:02:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/11/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070216. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/09/2014 06:42:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x800706b5, The interface is unknown.
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x800706b5, The interface is unknown.
 
Error: (05/09/2014 06:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 57%
Total physical RAM: 3818.9 MB
Available physical RAM: 1622.74 MB
Total Pagefile: 7635.98 MB
Available Pagefile: 5287.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:385.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 34AC6612)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Search.txt
Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by MW at 2014-06-06 08:45:35
Running from C:\Users\MW\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-02 19:30] - [2010-11-20 06:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
C:\Windows\System32\rpcss.dll
[2011-06-02 19:30] - [2010-11-20 06:27] - 0516096 ____A (Microsoft Corporation) 5E1E18E51418988D4ADC6EE460DFB950
 
====== End Of Search ======


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 June 2014 - 12:57 PM

Yes, rpcss.dll is patched indeed. Let's replace it with a clean copy:


Step 1

Please download this attached Attached File  fixlist.txt   172bytes   8 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 Billsey

Billsey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 11 June 2014 - 05:57 PM

Sorry for the slow response, Real Life seemed to be working against me this week. Here's the Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014
Ran by MW at 2014-06-11 15:12:19 Run:1
Running from C:\Users\MW\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
*****************
 
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
And the new FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014
Ran by MW (administrator) on MW-PC on 11-06-2014 15:19:06
Running from C:\Users\MW\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2557976 2014-04-27] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={99000426-22E3-4769-98E6-85F909E93D0D}&mid=023ce4ddab2047d1a47acd3c4e200f10-a221243e42de75b610ae209405d18c572992271a&lang=en&ds=AVG&pr=fr&d=2013-09-24 15:11:40&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={99000426-22E3-4769-98E6-85F909E93D0D}&mid=023ce4ddab2047d1a47acd3c4e200f10-a221243e42de75b610ae209405d18c572992271a&lang=en&ds=AVG&pr=fr&d=2013-09-24 15:11:40&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {A0154E07-2B48-475C-A82A-80EFD84EA33E} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 68.116.46.115 24.205.192.61 24.205.224.36
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-02]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (AVG Secure Search) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\MW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx [2013-11-27]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-27] (AVG Secure Search)
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-06-05] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-06-05] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-11 15:19 - 2014-06-11 15:19 - 00019011 _____ () C:\Users\MW\Desktop\FRST.txt
2014-06-06 08:45 - 2014-06-06 08:52 - 00000862 _____ () C:\Users\MW\Desktop\Search.txt
2014-06-06 08:33 - 2014-06-06 08:34 - 00037694 _____ () C:\Users\MW\Desktop\Addition.txt
2014-06-06 08:31 - 2014-06-06 08:34 - 00032988 _____ () C:\Users\MW\Desktop\FRST-1.txt
2014-06-06 08:26 - 2014-06-11 15:10 - 00000000 ____D () C:\Users\MW\Desktop\FRST-OlderVersion
2014-06-06 00:03 - 2014-06-06 00:03 - 00275560 _____ () C:\Windows\Minidump\060614-69389-01.dmp
2014-06-05 19:39 - 2014-06-05 19:39 - 00004614 _____ () C:\Users\MW\Desktop\attach.zip
2014-06-05 19:32 - 2014-06-05 19:32 - 00016856 _____ () C:\Users\MW\Desktop\dds.txt
2014-06-05 19:32 - 2014-06-05 19:32 - 00016489 _____ () C:\Users\MW\Desktop\attach.txt
2014-06-05 19:29 - 2014-06-05 19:29 - 00688992 ____R (Swearware) C:\Users\MW\Desktop\dds.com
2014-06-05 19:12 - 2014-06-05 19:14 - 00037073 _____ () C:\Users\MW\Downloads\Addition.txt
2014-06-05 19:09 - 2014-06-11 15:19 - 00000000 ____D () C:\FRST
2014-06-05 19:09 - 2014-06-05 19:14 - 00031685 _____ () C:\Users\MW\Downloads\FRST.txt
2014-06-05 19:08 - 2014-06-11 15:10 - 02081792 _____ (Farbar) C:\Users\MW\Desktop\FRST64.exe
2014-06-05 19:06 - 2014-06-05 19:15 - 00003372 _____ () C:\Users\MW\Desktop\Rkill.txt
2014-06-05 19:05 - 2014-06-05 19:06 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\MW\Downloads\iExplore.exe
2014-06-05 19:01 - 2014-06-05 19:23 - 139237080 _____ () C:\Users\MW\Downloads\setup_11.0.1.1245.x01_2014_06_06_05_24.exe
2014-06-05 08:38 - 2014-06-06 00:03 - 614829996 _____ () C:\Windows\MEMORY.DMP
2014-06-05 08:38 - 2014-06-06 00:03 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 08:38 - 2014-06-05 08:39 - 00283272 _____ () C:\Windows\Minidump\060514-67907-01.dmp
2014-06-05 07:43 - 2014-06-05 07:44 - 05245952 _____ () C:\Users\MW\Downloads\RogueKillerX64.exe
2014-06-05 03:59 - 2014-06-05 07:07 - 00000000 ____D () C:\Users\MW\Desktop\mbar
2014-06-05 03:43 - 2014-06-05 03:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-05 03:35 - 2014-06-05 03:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 03:35 - 2014-06-05 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 03:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 03:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 03:32 - 2014-06-05 03:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MW\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 23:35 - 2014-06-05 08:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-04 23:35 - 2014-06-05 07:55 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 23:34 - 2014-06-05 07:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 22:41 - 2014-06-04 22:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\MW\Downloads\mbar-1.07.0.1009.exe
2014-06-04 07:50 - 2014-06-05 00:59 - 00086349 _____ () C:\Users\MW\Desktop\avgrep.txt
2014-06-03 22:35 - 2014-06-05 03:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-06-11 15:26 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW\AppData\Local\Temp
2014-06-11 15:23 - 2014-06-11 15:19 - 00019011 _____ () C:\Users\MW\Desktop\FRST.txt
2014-06-11 15:23 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 15:23 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 15:21 - 2013-11-27 12:41 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 15:19 - 2014-06-05 19:09 - 00000000 ____D () C:\FRST
2014-06-11 15:18 - 2011-03-07 12:55 - 01955154 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 15:16 - 2011-05-02 17:54 - 00000000 ____D () C:\ProgramData\clear.fi
2014-06-11 15:15 - 2013-11-27 12:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 15:15 - 2011-03-07 13:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-11 15:14 - 2014-02-18 16:06 - 00000468 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-06-11 15:14 - 2013-06-13 19:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-11 15:14 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 15:14 - 2009-07-13 21:51 - 00086484 _____ () C:\Windows\setupact.log
2014-06-11 15:12 - 2011-05-02 18:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 15:10 - 2014-06-06 08:26 - 00000000 ____D () C:\Users\MW\Desktop\FRST-OlderVersion
2014-06-11 15:10 - 2014-06-05 19:08 - 02081792 _____ (Farbar) C:\Users\MW\Desktop\FRST64.exe
2014-06-06 08:52 - 2014-06-06 08:45 - 00000862 _____ () C:\Users\MW\Desktop\Search.txt
2014-06-06 08:51 - 2014-04-09 14:15 - 00000069 _____ () C:\Windows\system32\zswb.puv
2014-06-06 08:49 - 2013-09-21 18:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 08:34 - 2014-06-06 08:33 - 00037694 _____ () C:\Users\MW\Desktop\Addition.txt
2014-06-06 08:34 - 2014-06-06 08:31 - 00032988 _____ () C:\Users\MW\Desktop\FRST-1.txt
2014-06-06 04:13 - 2014-02-24 09:08 - 00000639 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DAF2E695-9D6D-11E3-B080-1C7508C4E6E3.job
2014-06-06 03:14 - 2013-08-27 14:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-06 03:06 - 2011-05-28 15:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-06 00:03 - 2014-06-06 00:03 - 00275560 _____ () C:\Windows\Minidump\060614-69389-01.dmp
2014-06-06 00:03 - 2014-06-05 08:38 - 614829996 _____ () C:\Windows\MEMORY.DMP
2014-06-06 00:03 - 2014-06-05 08:38 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 19:39 - 2014-06-05 19:39 - 00004614 _____ () C:\Users\MW\Desktop\attach.zip
2014-06-05 19:32 - 2014-06-05 19:32 - 00016856 _____ () C:\Users\MW\Desktop\dds.txt
2014-06-05 19:32 - 2014-06-05 19:32 - 00016489 _____ () C:\Users\MW\Desktop\attach.txt
2014-06-05 19:29 - 2014-06-05 19:29 - 00688992 ____R (Swearware) C:\Users\MW\Desktop\dds.com
2014-06-05 19:23 - 2014-06-05 19:01 - 139237080 _____ () C:\Users\MW\Downloads\setup_11.0.1.1245.x01_2014_06_06_05_24.exe
2014-06-05 19:15 - 2014-06-05 19:06 - 00003372 _____ () C:\Users\MW\Desktop\Rkill.txt
2014-06-05 19:14 - 2014-06-05 19:12 - 00037073 _____ () C:\Users\MW\Downloads\Addition.txt
2014-06-05 19:14 - 2014-06-05 19:09 - 00031685 _____ () C:\Users\MW\Downloads\FRST.txt
2014-06-05 19:06 - 2014-06-05 19:05 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\MW\Downloads\iExplore.exe
2014-06-05 18:00 - 2014-02-18 16:06 - 00000458 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-06-05 08:49 - 2013-09-21 18:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-05 08:49 - 2013-09-21 18:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-05 08:49 - 2011-05-12 18:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-05 08:39 - 2014-06-05 08:38 - 00283272 _____ () C:\Windows\Minidump\060514-67907-01.dmp
2014-06-05 08:38 - 2011-03-07 12:52 - 00205804 _____ () C:\Windows\PFRO.log
2014-06-05 08:27 - 2014-03-31 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-05 08:27 - 2013-09-24 15:11 - 00000929 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-05 08:00 - 2014-06-04 23:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-05 07:55 - 2014-06-04 23:35 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 07:53 - 2014-06-04 23:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 07:44 - 2014-06-05 07:43 - 05245952 _____ () C:\Users\MW\Downloads\RogueKillerX64.exe
2014-06-05 07:07 - 2014-06-05 03:59 - 00000000 ____D () C:\Users\MW\Desktop\mbar
2014-06-05 03:47 - 2013-11-27 12:44 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 03:43 - 2014-06-05 03:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-05 03:35 - 2014-06-05 03:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 03:35 - 2014-06-05 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 03:35 - 2014-06-03 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 03:33 - 2014-06-05 03:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MW\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 00:59 - 2014-06-04 07:50 - 00086349 _____ () C:\Users\MW\Desktop\avgrep.txt
2014-06-04 22:41 - 2014-06-04 22:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\MW\Downloads\mbar-1.07.0.1009.exe
2014-06-04 22:04 - 2012-09-27 21:48 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-06-04 22:04 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW\AppData\Local\PowerCinema
2014-06-04 22:04 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-04 22:00 - 2014-04-27 21:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-04 22:00 - 2014-04-19 21:14 - 00000000 ____D () C:\Users\MW\AppData\Local\Cyberlink
2014-06-04 22:00 - 2014-04-10 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-04 22:00 - 2014-03-24 20:49 - 00000000 ____D () C:\Users\MW\AppData\Local\VideoDownloadConverter_4z
2014-06-04 22:00 - 2013-11-27 12:42 - 00000000 ____D () C:\Program Files\Google
2014-06-04 22:00 - 2013-11-27 12:41 - 00000000 ____D () C:\Users\MW\AppData\Local\Google
2014-06-04 22:00 - 2013-11-25 13:35 - 00000000 ____D () C:\Users\MW\AppData\Local\RecipeHub_2j
2014-06-04 22:00 - 2013-11-01 16:08 - 00000000 ____D () C:\Users\MW\AppData\Roaming\Malwarebytes
2014-06-04 22:00 - 2013-09-24 15:14 - 00000000 ____D () C:\Users\MW\AppData\Roaming\AVG2014
2014-06-04 22:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-06-04 21:59 - 2014-04-10 16:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-04 21:59 - 2013-11-27 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-04 21:07 - 2011-05-02 17:16 - 00000000 ____D () C:\Users\MW
2014-06-03 22:35 - 2013-11-01 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 22:33 - 2014-02-18 16:06 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 20:51 - 2014-02-18 16:06 - 00000416 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-05-12 07:26 - 2014-06-05 03:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 03:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\MW\AppData\Local\Temp\avguidx.dll
C:\Users\MW\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MW\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MW\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MW\AppData\Local\Temp\MSN1F83.exe
C:\Users\MW\AppData\Local\Temp\oi_{30936034-E26A-4CAB-AEA2-983004EB874C}.exe
C:\Users\MW\AppData\Local\Temp\oi_{4098A1B2-60CE-42F6-B60F-6B2C019F0D0C}.exe
C:\Users\MW\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-30 14:53
 
==================== End Of Log ============================
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 12 June 2014 - 12:59 AM

Hi,

it looks like the replacement worked. AVG should no longer find a patched rpcss.dll, right?


Step 1

Please download this attached Attached File  fixlist.txt   1.01KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 Billsey

Billsey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 12 June 2014 - 06:33 PM

Whew, 6 hours 54 minutes and 31 seconds for that last scan... :)

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014
Ran by MW at 2014-06-12 09:28:55 Run:2
Running from C:\Users\MW\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2014-06-04 22:00 - 2014-03-24 20:49 - 00000000 ____D () C:\Users\MW\AppData\Local\VideoDownloadConverter_4z
2014-06-04 22:00 - 2013-11-25 13:35 - 00000000 ____D () C:\Users\MW\AppData\Local\RecipeHub_2j
2014-06-06 08:51 - 2014-04-09 14:15 - 00000069 _____ () C:\Windows\system32\zswb.puv
*****************
 
C:\Users\MW\AppData\Local\VideoDownloadConverter_4z => Moved successfully.
C:\Users\MW\AppData\Local\RecipeHub_2j => Moved successfully.
C:\Windows\system32\zswb.puv => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9230cb90-79de-4945-88a4-762244a25bc8}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}' => Key deleted successfully.
'HKCR\CLSID\{9230cb90-79de-4945-88a4-762244a25bc8}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}' => Key deleted successfully.
'HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}'=> Key not found.
 
==== End of Fixlog ====
 
Log.txt
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=bd51f8fe04e14f4ea6b304371667c1a3
# engine=18687
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-12 11:31:17
# local_time=2014-06-12 04:31:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 88795861 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 25456278 154159327 0 0
# scanned=719641
# found=3
# cleaned=0
# scan_time=24871
sh=0C5F3CF286BD6FC199DC7FBA0608FB1DEBDBC123 ft=1 fh=c0ba453de62ba2b0 vn="Win64/Patched.I trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD"
sh=3527A78E938C318A14CEA434896D7F43BB6D984C ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c[1].htm"
sh=3527A78E938C318A14CEA434896D7F43BB6D984C ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c[1].htm"
 


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 13 June 2014 - 01:46 AM

Great! It's looking good now.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader 9.5.5 MUI




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 03 September 2014 - 06:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users