Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Patched.C virus? Cannot remove


  • This topic is locked This topic is locked
27 replies to this topic

#1 GastlyKazoo

GastlyKazoo

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 10 November 2014 - 09:22 PM

I have been redirected to this forum after running DDS. The link to the original post I made is below.

http://www.bleepingcomputer.com/forums/t/555573/rootkit-infection/

 

For a while now, AVG has identified a virus that it is unable to remove. The exact message is "Virus identified Win64/Patched.C" with "c:\Windows\System32\rpcss.dll" listed below it. I have run Malwarebytes Anti-Malware and SUPERAntiSpyware, but they have also been unable to remove the threat. It now seems like I can't even open Malwarebytes. My computer has been crashing at random intervals, and when I start it up, it tries to run a disc check that it is unable to complete. I am running Windows 7. The DDS log is posted below. Thanks in advance for any help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.9.2
Run by Barbossa at 21:02:36 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6038.1817 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [AVG-Secure-Search-Update_1113a] C:\Users\Barbossa\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac /CMPID=1113a
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\15D2055524 : DHCPNameServer = 192.168.100.254
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\34F66666565684F6573756 : DHCPNameServer = 216.229.25.25 216.229.5.25 216.229.0.25
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\3547574656E647 : DHCPNameServer = 10.10.0.2 10.10.0.1
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\55E4C4D275962756C6563737D225567696374727164796F6E6 : DHCPNameServer = 129.93.5.234
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\7594E4F526038303 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\7594E4F593465363 : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe
x64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barbossa\AppData\Roaming\Mozilla\Firefox\Profiles\i3qbyn5h.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 11:06:36&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-30 28008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-9-3 32544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-22 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-12-22 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-24 247576]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-20 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 50976]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-9-3 299352]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-9-3 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-9-5 293448]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-3 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-3 18956064]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-9-3 290520]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-22 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-3 411936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-12-22 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-12-22 176096]
R3 cyhid;Cypress Input Device;C:\Windows\System32\drivers\cyhid.sys [2011-12-22 117248]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\System32\drivers\cykbfltr.sys [2011-12-22 13824]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\System32\drivers\cymfltr.sys [2011-12-22 79872]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-9-3 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-9-3 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-9-3 117912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-6 25816]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-3 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-3 40392]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-9-3 34544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-6 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-6 860472]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-22 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-12-22 172632]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-6 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-6 63704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-27 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-9-3 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-27 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-27 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-07 03:36:50 -------- d-----w- C:\ProgramData\Avg_Update_1114tb
2014-10-28 23:36:09 -------- d-----w- C:\Program Files\iPod
2014-10-28 23:36:08 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 23:36:08 -------- d-----w- C:\Program Files\iTunes
2014-10-28 23:36:08 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-22 00:37:59 -------- d-----w- C:\Users\Barbossa\AppData\Roaming\AVG2015
2014-10-22 00:32:16 -------- d-----w- C:\ProgramData\AVG2015
2014-10-22 00:28:20 -------- d-----w- C:\Users\Barbossa\AppData\Local\Avg2015
2014-10-16 18:53:49 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 17:25:20 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 17:24:48 6583296 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 17:24:46 5702656 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 17:24:29 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 17:24:29 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 17:24:29 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 17:24:29 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 17:24:28 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 17:24:28 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 17:24:16 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 17:24:09 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 17:24:09 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
==================== Find3M  ====================
.
2014-11-10 17:49:00 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-10-22 01:59:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-22 01:59:54 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-11 23:10:34 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-09 18:08:04 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-03 20:22:55 1536 ----a-w- C:\Windows\SysWow64\RtkMsgs.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 01:45:10 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 21:08:39.87 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 11 November 2014 - 12:56 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 2

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
rpcss.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 November 2014 - 03:38 PM

The FRST.txt and Addition.txt logs are pasted below, as is the Search.txt log, but I think there was an error with the Search.txt. A message popped up saying that Farbar was corrupt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Barbossa (administrator) on BARBOSSA-PC on 11-11-2014 15:07:48
Running from C:\Users\Barbossa\Desktop
Loaded Profile: Barbossa (Available profiles: Barbossa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe
(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-10-19] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-06] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2549522551-1579802136-2033792612-1002\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Barbossa\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac /CMPID=1113a
HKU\S-1-5-21-2549522551-1579802136-2033792612-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe -update activex
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2549522551-1579802136-2033792612-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-10 11:06:36&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6B74FDC7-015B-4125-ADAC-524E87BC7F41} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1FADA26A-16EC-4C7F-9B97-65E4A7B80F16&apn_sauid=FEDAB325-0431-4B7F-BB56-1F9CB445A7DB&
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-10 11:06:36&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2549522551-1579802136-2033792612-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Barbossa\AppData\Roaming\Mozilla\Firefox\Profiles\i3qbyn5h.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 11:06:36&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2549522551-1579802136-2033792612-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-29]

Chrome:
=======
CHR Profile: C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-09]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Default Extension) - C:\Users\Barbossa\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdhgbdgdhdgdbgfdcgfdcdedadfgc [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-28] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-07] (Realtek Semiconductor)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [117248 2011-10-21] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-18] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-10-21] (Cypress Semiconductor, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-09-24] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-11] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 15:07 - 2014-11-11 15:08 - 00024918 _____ () C:\Users\Barbossa\Desktop\FRST.txt
2014-11-11 15:07 - 2014-11-11 15:07 - 02116096 _____ (Farbar) C:\Users\Barbossa\Desktop\FRST64.exe
2014-11-11 15:07 - 2014-11-11 15:07 - 00000000 ____D () C:\FRST
2014-11-10 21:09 - 2014-11-10 21:11 - 00030859 _____ () C:\Users\Barbossa\Desktop\dds.txt
2014-11-10 21:09 - 2014-11-10 21:11 - 00016696 _____ () C:\Users\Barbossa\Desktop\attach.txt
2014-11-10 21:00 - 2014-11-10 21:00 - 00688992 ____R (Swearware) C:\Users\Barbossa\Desktop\dds.com
2014-11-06 23:22 - 2014-11-06 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 22:36 - 2014-11-06 22:36 - 00000000 ____D () C:\ProgramData\Avg_Update_1114tb
2014-10-28 18:38 - 2014-10-28 18:38 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-28 18:38 - 2014-10-28 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\Program Files\iTunes
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-28 18:36 - 2014-10-28 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 18:31 - 2014-10-28 18:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-22 17:35 - 2014-10-22 17:36 - 00842144 _____ () C:\Windows\Minidump\102214-43056-01.dmp
2014-10-21 19:37 - 2014-10-21 19:37 - 00000000 ____D () C:\Users\Barbossa\AppData\Roaming\AVG2015
2014-10-21 19:35 - 2014-10-21 19:35 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-21 19:32 - 2014-10-21 19:36 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 19:28 - 2014-10-21 19:37 - 00000000 ____D () C:\Users\Barbossa\AppData\Local\Avg2015
2014-10-17 23:31 - 2014-10-17 23:32 - 01373488 _____ () C:\Windows\Minidump\101814-54600-01.dmp
2014-10-16 13:53 - 2014-10-16 13:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 13:30 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 13:30 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 13:30 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 13:30 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 13:30 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 13:30 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 13:30 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 13:30 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 13:30 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 13:30 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 13:30 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 13:30 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 13:30 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 13:30 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 13:30 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 13:30 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 13:30 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 13:30 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 13:30 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 13:30 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 13:30 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 13:30 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 13:30 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 13:30 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 13:30 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 13:30 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 12:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 12:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 12:25 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 12:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 12:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 12:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 12:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 12:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 12:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 12:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 12:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 12:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 12:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 12:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 12:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 12:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 12:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 12:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 12:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 12:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 12:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 12:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 12:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 12:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 12:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 12:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 12:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 12:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 12:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 12:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 12:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 12:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 12:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 12:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 12:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 12:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 12:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 12:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 12:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 12:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 12:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 12:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 12:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 12:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 12:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 12:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 12:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 12:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 12:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 12:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 12:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 12:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 12:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 12:24 - 2014-08-29 21:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 12:24 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 12:24 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 12:23 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 12:23 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 12:23 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 12:23 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 12:23 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 12:23 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 12:23 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 12:23 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 23:14 - 2014-10-12 23:14 - 00023009 _____ () C:\Windows\system32\hs_err_pid6256.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 15:05 - 2011-12-22 04:08 - 01952281 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 15:02 - 2014-09-03 16:14 - 00006456 _____ () C:\Windows\SysWOW64\Gms.log
2014-11-11 15:02 - 2014-09-03 14:42 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-11-11 15:02 - 2014-09-03 14:42 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-11-11 15:00 - 2011-12-22 04:39 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-11 14:59 - 2014-09-03 14:42 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-11 14:59 - 2011-12-22 04:43 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-11 14:59 - 2011-12-22 04:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-11 14:58 - 2013-12-03 17:10 - 00059472 _____ () C:\Windows\setupact.log
2014-11-11 14:57 - 2013-12-04 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 14:57 - 2011-12-22 04:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 14:57 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 13:44 - 2013-12-04 20:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 13:28 - 2013-12-15 14:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 12:47 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 12:47 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 12:39 - 2012-01-11 00:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 14:27 - 2013-11-08 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-06 22:42 - 2013-12-10 12:06 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-11-06 22:37 - 2014-08-29 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-11-06 18:42 - 2009-07-14 00:13 - 00788304 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 19:24 - 2011-12-22 04:45 - 00000000 ____D () C:\ProgramData\Temp
2014-10-29 14:42 - 2014-09-03 14:42 - 00000478 _____ () C:\Windows\Tasks\DriverUpdate Scan.job
2014-10-28 18:35 - 2013-04-24 00:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-28 18:29 - 2012-03-18 20:51 - 00000000 ____D () C:\ProgramData\Apple
2014-10-28 18:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-22 17:35 - 2013-12-22 14:17 - 677594355 _____ () C:\Windows\MEMORY.DMP
2014-10-22 17:35 - 2012-01-18 10:26 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 23:39 - 2013-12-04 20:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 23:39 - 2013-12-04 20:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 21:00 - 2014-08-20 21:18 - 00000000 ____D () C:\Users\Barbossa\AppData\Local\Adobe
2014-10-21 21:00 - 2013-12-15 14:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 20:59 - 2013-04-28 17:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 20:59 - 2013-04-28 17:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-21 20:52 - 2013-12-03 17:10 - 00449656 _____ () C:\Windows\PFRO.log
2014-10-21 19:38 - 2012-01-11 00:37 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 19:37 - 2014-03-31 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 19:37 - 2012-06-06 11:50 - 00000000 ___HD () C:\$AVG
2014-10-17 12:47 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 17:16 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 16:57 - 2009-07-13 23:45 - 00461704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 16:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 16:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 14:02 - 2012-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 13:53 - 2014-07-27 03:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 13:40 - 2012-01-11 16:08 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 12:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 12:14 - 2011-12-22 05:02 - 00000000 ____D () C:\ProgramData\Sonic

ZeroAccess:
C:\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}

ZeroAccess:
C:\Users\Barbossa\AppData\Local\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}
C:\Users\Barbossa\AppData\Local\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\@

Some content of TEMP:
====================
C:\Users\Barbossa\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Barbossa\AppData\Local\Temp\nvStInst.exe
C:\Users\Barbossa\AppData\Local\Temp\SAS6_Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0528384 ____A (Microsoft Corporation) 7C0EA24C8998C145D2860D77AF302E44

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-28 17:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Barbossa at 2014-11-11 15:09:18
Running from C:\Users\Barbossa\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverUpdate (HKLM-x32\...\{F7FBA125-E6E5-4D4F-A165-D094C10B0523}) (Version: 2.2.40819 - SlimWare Utilities, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.90 - Oracle)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6361.48 - PC-Doctor, Inc.)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Ethernet Controller (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.21 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeConnect (HKLM-x32\...\SafeConnect) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SONIC THE HEDGEHOG 4 Episode I (HKLM-x32\...\Steam App 202530) (Version:  - SEGA)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
The Sims™ 2 Apartment Life (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
The Sims™ 2 Best of Business Collection (HKLM-x32\...\{6CB35178-9E25-48fb-9F86-E40ADC7043B6}) (Version:  - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
The Sims™ 2 FreeTime (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}) (Version: 1.0.5 - Smith Micro Software, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoo Tycoon 2 - Extinct Animals (HKLM-x32\...\InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Extinct Animals (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zoo Tycoon 2 Endangered Species (HKLM-x32\...\Zoo Tycoon 2) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2549522551-1579802136-2033792612-1002_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

07-10-2014 23:30:38 Windows Update
16-10-2014 18:39:34 Windows Update
22-10-2014 00:30:50 Installed AVG 2015
22-10-2014 00:32:46 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-09 21:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3097B266-2368-41E8-A3AC-C1904FA5F335} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: {41033782-6DA4-4940-BA44-87698C9B76C1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-06] (PC-Doctor, Inc.)
Task: {54D85A38-8EE4-4898-BB8A-CECD21C8CD3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {583AA8E6-33DE-4786-9587-E57FCA3BD261} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {734111EF-A600-42B0-91E3-1EA1EEFCD85A} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-08-28] (SlimWare Utilities, Inc.)
Task: {A670EA63-E279-434F-8780-AB5203654402} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-08-28] (SlimWare Utilities, Inc.)
Task: {FCCEDE4E-561C-45F9-A39A-C5E114D7BB0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 13:56 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-22 04:31 - 2010-12-17 11:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-12-22 05:35 - 2011-07-20 08:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-29 19:18 - 2011-04-29 19:18 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2013-12-10 12:06 - 2014-11-06 22:42 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2011-12-22 04:39 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-08-11 11:58 - 2014-08-11 11:58 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-12-18 13:42 - 2014-07-02 15:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-29 19:13 - 2011-04-29 19:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 19:13 - 2011-04-29 19:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-12-11 17:36 - 2014-03-14 16:50 - 01593368 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-08-11 11:58 - 2014-08-11 11:58 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-04-03 15:48 - 2014-04-03 15:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2549522551-1579802136-2033792612-500 - Administrator - Disabled)
Barbossa (S-1-5-21-2549522551-1579802136-2033792612-1002 - Administrator - Enabled) => C:\Users\Barbossa
Guest (S-1-5-21-2549522551-1579802136-2033792612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2549522551-1579802136-2033792612-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 02:59:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 02:58:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x458
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (11/11/2014 02:58:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1090
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (11/11/2014 00:37:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 00:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x694
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (11/11/2014 00:35:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x10a4
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (11/11/2014 00:05:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 15.3.33.0, time stamp: 0x53d2379b
Faulting module name: NvBackend.exe, version: 15.3.33.0, time stamp: 0x53d2379b
Exception code: 0xc0000005
Fault offset: 0x0007240c
Faulting process id: 0x510
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (11/10/2014 09:01:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/10/2014 06:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a1c

Start Time: 01cffd1184e59310

Termination Time: 835

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 40c74044-6932-11e4-97b9-88532e83eefa

Error: (11/10/2014 01:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1fb0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

System errors:
=============
Error: (11/11/2014 02:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/11/2014 02:58:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (11/11/2014 02:58:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (11/11/2014 02:58:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (11/11/2014 00:37:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/11/2014 00:35:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (11/11/2014 00:35:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (11/11/2014 00:35:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (11/11/2014 00:33:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:08:53 AM on ‎11/‎11/‎2014 was unexpected.

Error: (11/11/2014 03:03:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Microsoft Office Sessions:
=========================
Error: (11/11/2014 02:59:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 02:58:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a45801cffde9d90dea9cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe21b72e54-69dd-11e4-aa0b-88532e83eefa

Error: (11/11/2014 02:58:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd109001cffde9c72526aaC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll10144e08-69dd-11e4-aa0b-88532e83eefa

Error: (11/11/2014 00:37:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 00:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a69401cffdd5d7877849C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe1eed13b4-69c9-11e4-a9ac-88532e83eefa

Error: (11/11/2014 00:35:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10a401cffdd5c597613cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll11c62f67-69c9-11e4-a9ac-88532e83eefa

Error: (11/11/2014 00:05:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe15.3.33.053d2379bNvBackend.exe15.3.33.053d2379bc00000050007240c51001cffd0e37e90c5fC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe6530afc0-6960-11e4-97b9-88532e83eefa

Error: (11/10/2014 09:01:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Barbossa\Downloads\esetsmartinstaller_enu.exe

Error: (11/10/2014 06:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.173441a1c01cffd1184e59310835C:\Program Files\Internet Explorer\iexplore.exe40c74044-6932-11e4-97b9-88532e83eefa

Error: (11/10/2014 01:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1fb001cffd117c1fa84dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb9fa3153-6904-11e4-97b9-88532e83eefa

CodeIntegrity Errors:
===================================
  Date: 2012-08-09 22:27:43.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-09 22:27:43.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-09 22:27:43.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-09 22:27:43.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-08 23:50:35.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-08 23:50:35.055
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6038.17 MB
Available physical RAM: 3742.07 MB
Total Pagefile: 12074.52 MB
Available Pagefile: 9712.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:201.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Barbossa at 2014-11-11 15:12:54
Running from C:\Users\Barbossa\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 11 November 2014 - 03:49 PM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 November 2014 - 04:16 PM

Combofix doesn't seem to be working correctly. I checked the guide for using Combofix, and it seems to stop right after it backs up the Windows Registry. After that, nothing happens.



#6 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 November 2014 - 04:21 PM

Nevermind, it seems to be working now!



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 11 November 2014 - 04:22 PM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 November 2014 - 05:12 PM

So Combofix ran successfully, but just as the log popped up, my computer crashed before I could save the log. Do you want me to run Combofix again?



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 11 November 2014 - 05:13 PM

No. Please run a scan with FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 11 November 2014 - 05:18 PM

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Barbossa (administrator) on BARBOSSA-PC on 11-11-2014 17:16:11
Running from C:\Users\Barbossa\Desktop
Loaded Profile: Barbossa (Available profiles: Barbossa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe
(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-10-19] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-06] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2549522551-1579802136-2033792612-1002\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Barbossa\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac /CMPID=1113a
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe -update activex
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2549522551-1579802136-2033792612-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-10 11:06:36&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6B74FDC7-015B-4125-ADAC-524E87BC7F41} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1FADA26A-16EC-4C7F-9B97-65E4A7B80F16&apn_sauid=FEDAB325-0431-4B7F-BB56-1F9CB445A7DB&
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-10 11:06:36&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Barbossa\AppData\Roaming\Mozilla\Firefox\Profiles\i3qbyn5h.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={64B4DE19-512C-4F4A-9190-D2DE91B2039B}&mid=d07801fe722d47d1ba14591a68670709-6cfea6f1ca23c3e7ac42989078d4dcc5519880ac&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 11:06:36&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2549522551-1579802136-2033792612-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-29]

Chrome:
=======
CHR Profile: C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-09]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Barbossa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Default Extension) - C:\Users\Barbossa\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdhgbdgdhdgdbgfdcgfdcdedadfgc [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-28] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-07] (Realtek Semiconductor)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [117248 2011-10-21] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-18] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-10-21] (Cypress Semiconductor, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-09-24] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 17:05 - 2014-11-11 17:05 - 00286192 _____ () C:\Windows\Minidump\111114-64693-01.dmp
2014-11-11 17:03 - 2014-11-11 17:03 - 00029541 _____ () C:\ComboFix.txt
2014-11-11 16:21 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-11 16:21 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-11 16:21 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-11 16:21 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-11 16:21 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-11 16:21 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-11 16:21 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-11 16:21 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-11 16:20 - 2014-11-11 17:03 - 00000000 ____D () C:\Qoobox
2014-11-11 16:20 - 2014-11-11 17:03 - 00000000 ____D () C:\ComboFix
2014-11-11 15:55 - 2014-11-11 15:55 - 05598118 ____R (Swearware) C:\Users\Barbossa\Desktop\ComboFix.exe
2014-11-11 15:12 - 2014-11-11 15:12 - 00000216 _____ () C:\Users\Barbossa\Desktop\Search.txt
2014-11-11 15:09 - 2014-11-11 15:10 - 00038201 _____ () C:\Users\Barbossa\Desktop\Addition.txt
2014-11-11 15:07 - 2014-11-11 17:16 - 00024768 _____ () C:\Users\Barbossa\Desktop\FRST.txt
2014-11-11 15:07 - 2014-11-11 17:16 - 00000000 ____D () C:\FRST
2014-11-11 15:07 - 2014-11-11 15:07 - 02116096 _____ (Farbar) C:\Users\Barbossa\Desktop\FRST64.exe
2014-11-10 21:09 - 2014-11-10 21:11 - 00030859 _____ () C:\Users\Barbossa\Desktop\dds.txt
2014-11-10 21:09 - 2014-11-10 21:11 - 00016696 _____ () C:\Users\Barbossa\Desktop\attach.txt
2014-11-10 21:00 - 2014-11-10 21:00 - 00688992 ____R (Swearware) C:\Users\Barbossa\Desktop\dds.com
2014-11-06 23:22 - 2014-11-06 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 22:36 - 2014-11-06 22:36 - 00000000 ____D () C:\ProgramData\Avg_Update_1114tb
2014-10-28 18:38 - 2014-10-28 18:38 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-28 18:38 - 2014-10-28 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\Program Files\iTunes
2014-10-28 18:36 - 2014-10-28 18:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-28 18:36 - 2014-10-28 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 18:31 - 2014-10-28 18:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-22 17:35 - 2014-10-22 17:36 - 00842144 _____ () C:\Windows\Minidump\102214-43056-01.dmp
2014-10-21 19:37 - 2014-10-21 19:37 - 00000000 ____D () C:\Users\Barbossa\AppData\Roaming\AVG2015
2014-10-21 19:35 - 2014-10-21 19:35 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-21 19:32 - 2014-10-21 19:36 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 19:28 - 2014-10-21 19:37 - 00000000 ____D () C:\Users\Barbossa\AppData\Local\Avg2015
2014-10-17 23:31 - 2014-10-17 23:32 - 01373488 _____ () C:\Windows\Minidump\101814-54600-01.dmp
2014-10-16 13:53 - 2014-10-16 13:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 13:30 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 13:30 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 13:30 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 13:30 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 13:30 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 13:30 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 13:30 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 13:30 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 13:30 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 13:30 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 13:30 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 13:30 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 13:30 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 13:30 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 13:30 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 13:30 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 13:30 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 13:30 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 13:30 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 13:30 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 13:30 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 13:30 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 13:30 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 13:30 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 13:30 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 13:30 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 13:30 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 13:30 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 13:30 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 13:30 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 13:30 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 12:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 12:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 12:25 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 12:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 12:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 12:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 12:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 12:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 12:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 12:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 12:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 12:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 12:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 12:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 12:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 12:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 12:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 12:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 12:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 12:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 12:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 12:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 12:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 12:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 12:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 12:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 12:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 12:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 12:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 12:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 12:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 12:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 12:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 12:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 12:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 12:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 12:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 12:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 12:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 12:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 12:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 12:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 12:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 12:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 12:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 12:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 12:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 12:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 12:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 12:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 12:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 12:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 12:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 12:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 12:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 12:24 - 2014-08-29 21:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 12:24 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 12:24 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 12:24 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 12:23 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 12:23 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 12:23 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 12:23 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 12:23 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 12:23 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 12:23 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 12:23 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 12:23 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 23:14 - 2014-10-12 23:14 - 00023009 _____ () C:\Windows\system32\hs_err_pid6256.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 17:08 - 2014-09-03 14:42 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-11-11 17:08 - 2014-09-03 14:42 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-11-11 17:08 - 2011-12-22 04:39 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-11 17:06 - 2014-09-03 14:42 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-11 17:06 - 2013-12-03 17:10 - 00059976 _____ () C:\Windows\setupact.log
2014-11-11 17:06 - 2011-12-22 04:43 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-11 17:06 - 2011-12-22 04:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-11 17:05 - 2013-12-22 14:17 - 800183283 _____ () C:\Windows\MEMORY.DMP
2014-11-11 17:05 - 2013-12-04 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 17:05 - 2013-12-03 17:10 - 00450208 _____ () C:\Windows\PFRO.log
2014-11-11 17:05 - 2012-01-18 10:26 - 00000000 ____D () C:\Windows\Minidump
2014-11-11 17:05 - 2011-12-22 04:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 17:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 16:59 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-11 16:44 - 2013-12-04 20:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 16:35 - 2011-12-22 04:45 - 00000000 ____D () C:\ProgramData\Temp
2014-11-11 16:28 - 2013-12-15 14:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 16:15 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 16:15 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 16:10 - 2011-12-22 04:08 - 01964995 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 16:06 - 2014-09-03 16:14 - 00006458 _____ () C:\Windows\SysWOW64\Gms.log
2014-11-11 15:56 - 2012-08-08 22:08 - 00000000 ____D () C:\Windows\erdnt
2014-11-11 15:54 - 2012-02-14 17:35 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-11 12:39 - 2012-01-11 00:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 14:27 - 2013-11-08 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-06 22:42 - 2013-12-10 12:06 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-11-06 22:37 - 2014-08-29 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-11-06 18:42 - 2009-07-14 00:13 - 00788304 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 18:35 - 2013-04-24 00:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-28 18:29 - 2012-03-18 20:51 - 00000000 ____D () C:\ProgramData\Apple
2014-10-28 18:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-21 23:39 - 2013-12-04 20:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 23:39 - 2013-12-04 20:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 21:00 - 2014-08-20 21:18 - 00000000 ____D () C:\Users\Barbossa\AppData\Local\Adobe
2014-10-21 21:00 - 2013-12-15 14:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 20:59 - 2013-04-28 17:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 20:59 - 2013-04-28 17:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-21 19:38 - 2012-01-11 00:37 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 19:37 - 2014-03-31 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 19:37 - 2012-06-06 11:50 - 00000000 ____D () C:\$AVG
2014-10-17 12:47 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 17:16 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 16:57 - 2009-07-13 23:45 - 00461704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 16:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 16:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 14:02 - 2012-01-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 13:53 - 2014-07-27 03:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 13:40 - 2012-01-11 16:08 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 12:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 12:14 - 2011-12-22 05:02 - 00000000 ____D () C:\ProgramData\Sonic

ZeroAccess:
C:\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}

ZeroAccess:
C:\Users\Barbossa\AppData\Local\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}
C:\Users\Barbossa\AppData\Local\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\@

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0528384 ____A (Microsoft Corporation) 7C0EA24C8998C145D2860D77AF302E44

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-28 17:00

==================== End Of Log ============================



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 11 November 2014 - 05:30 PM

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.61KB   3 downloads


After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 November 2014 - 09:02 PM

I have ran both the fix and the scan, but I have been having difficulties posting the logs here. Each time I try to post, it tells me that Bleeping Computer is offline.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 13 November 2014 - 12:43 PM

:blink:
 
OK...
 
Please try this:



post-155276-0-19034800-1406371428.png

Edited by deeprybka, 13 November 2014 - 12:43 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 November 2014 - 01:53 PM

Here are the two logs

Attached Files



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:16 PM

Posted 13 November 2014 - 02:07 PM

Please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    cmd: netsh winsock reset 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstsearch.png

  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
rpcss.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users