Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake Update Message Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Fake Update Message Virus

Unread postby 15burgja » February 16th, 2015, 7:22 pm

So I have been having issues with my computer for a while now. At random times I will start google chrome and get a message that tells me to update chrome even when it is already up to date. Recently I have gotten other messages as well, such as updating microsoft silverlight. When I open the task manager it says that the messages are called vxmclient. I can deffinetely tell that my computers overall performance has been affected. Everything runs slower. I am not sure what I did to get this virus. I have tried running scans with every Anti-virus/ Anti-malware I could find. I started with avast and that didn't find anything. I then downloaded Malwarebytes, again nothing. Then I downloaded AVG which detected some adware but still the problems continued. Recently I downloaded SUPERAnti-Spyware and G Data Antivirus to try some new things. Still nothing. Also I know that anti-virus programs can interfere with one another if you have multiple programs, but when I download a new one and uninstall the rest it still comes up with nothing. Any help is greatly appreciated because I am at the end of my rope. I am honestly starting to lose hope that this can even be fixed. :(
Thanks again to anyone who takes the time to help.

Here is DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Jack at 17:07:33 on 2015-02-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5743 [GMT -6:00]
.
AV: G Data AntiVirus *Enabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: G DATA ANTIVIRUS *Enabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\aspinfo\aspcheck.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Users\Jack\Desktop\Steam\Steam.exe
C:\Users\Jack\Desktop\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Jack\Desktop\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\G Data\AntiVirus\AVK\AVK.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.2.1 71.10.216.1 71.10.216.2
TCP: Interfaces\{A6F5B806-D2AD-4B87-9D44-9FFB2D297AE4} : DHCPNameServer = 192.168.2.1 71.10.216.1 71.10.216.2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [ISCT Tray] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asstor64;asstor64;C:\Windows\System32\drivers\asstor64.sys [2014-1-27 84816]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-2-14 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-2-14 267632]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2015-2-15 55808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-2-14 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-2-14 436624]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2015-1-23 52000]
R1 GDKBFlt;G Data GDKBFlt Driver;C:\Windows\System32\drivers\GDKBFlt64.sys [2015-2-15 20992]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2015-2-15 142336]
R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2015-2-15 64512]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2015-2-15 61440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-2-14 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-2-14 87912]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-2-14 116728]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-2-14 271752]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-8-16 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2015-1-23 424192]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2015-2-15 64000]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2014-2-3 22216]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2014-2-3 22728]
R3 INETMON;INETMON;C:\Windows\System32\drivers\INETMON.sys [2015-1-23 23936]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD.sys [2014-2-3 44744]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-6-27 795120]
R3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22w7x64.sys [2014-3-27 129200]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-27 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-1-20 38032]
R3 RTL8192cu;Belkin Wireless Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2014-6-27 1041000]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2014-11-28 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-28 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-1-28 30208]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-02-16 02:46:46 18160 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys
2015-02-16 02:46:44 106272 ----a-w- C:\Windows\System32\drivers\GRD.sys
2015-02-16 02:26:36 64000 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2015-02-16 02:25:43 20992 ----a-w- C:\Windows\System32\drivers\GDKBFlt64.sys
2015-02-16 02:25:30 64512 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2015-02-16 02:25:14 61440 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2015-02-16 02:25:12 142336 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2015-02-16 02:25:10 55808 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2015-02-16 02:22:40 -------- d-----w- C:\Program Files (x86)\G Data
2015-02-16 02:22:38 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2015-02-16 02:20:27 -------- d-----w- C:\ProgramData\G Data
2015-02-15 17:34:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-02-14 22:17:23 -------- d-sh--w- C:\$RECYCLE.BIN
2015-02-14 22:03:35 -------- d-----w- C:\Users\Jack\AppData\Roaming\AVAST Software
2015-02-14 22:02:31 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-14 22:02:29 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-14 22:02:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-14 22:02:22 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-02-14 22:02:19 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-14 22:02:16 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-14 22:02:07 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-02-14 22:01:41 43152 ----a-w- C:\Windows\avastSS.scr
2015-02-14 21:59:45 -------- d-----w- C:\Program Files\AVAST Software
2015-02-14 21:51:08 98816 ----a-w- C:\Windows\sed.exe
2015-02-14 21:51:08 256000 ----a-w- C:\Windows\PEV.exe
2015-02-14 21:51:08 208896 ----a-w- C:\Windows\MBR.exe
2015-02-14 21:51:04 -------- d-s---w- C:\ComboFix
2015-02-14 20:49:14 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-14 20:49:14 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-14 20:49:14 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-14 20:49:14 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-12 08:49:47 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-02-12 08:47:50 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-12 08:47:50 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-12 08:47:33 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-02-12 08:47:33 187904 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-02-12 08:47:33 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-02-12 08:47:33 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-02-12 08:47:32 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-02-12 08:47:32 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-02-12 08:47:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-12 08:47:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-12 08:46:32 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-12 08:46:32 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-12 08:46:14 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-12 08:46:13 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-12 08:46:13 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-12 08:46:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-12 08:46:12 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-12 08:46:11 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-12 08:46:11 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-12 08:44:54 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-11 03:24:01 621384 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-02-10 12:51:59 -------- d-----w- C:\ProgramData\Avg_Update_1214tb
2015-02-10 02:50:29 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2015-02-07 06:17:20 -------- d-----w- C:\Users\Jack\AppData\Roaming\ParetoLogic
2015-02-07 06:16:42 -------- d-----w- C:\ProgramData\ParetoLogic
2015-02-07 01:21:22 -------- d-----w- C:\Users\Jack\AppData\Local\Introversion
2015-02-06 08:00:06 5070512 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-03 22:39:26 -------- d-----w- C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com
2015-02-03 22:38:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-01-30 09:02:58 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-30 02:47:35 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-30 02:47:34 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 02:47:30 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-30 02:47:30 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-29 04:53:58 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-01-29 04:53:58 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-29 04:53:47 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-29 04:53:47 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-01-29 04:53:47 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-25 06:33:56 -------- d-----w- C:\Users\Jack\AppData\Local\Intel_Corporation
2015-01-25 05:54:17 -------- d-----w- C:\Users\Jack\AppData\Local\Adobe
2015-01-24 00:56:53 195728 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2015-01-24 00:56:52 30536 ----a-w- C:\Windows\System32\nvhdap64.dll
2015-01-24 00:56:51 1895240 ----a-w- C:\Windows\System32\nvdispco6434725.dll
2015-01-24 00:56:51 1556808 ----a-w- C:\Windows\System32\nvdispgenco6434725.dll
2015-01-24 00:56:45 2902784 ----a-w- C:\Windows\SysWow64\nvapi.dll
2015-01-24 00:22:22 23936 ----a-w- C:\Windows\System32\drivers\INETMON.sys
2015-01-24 00:18:35 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2015-01-24 00:16:56 -------- d-----w- C:\Intel
2015-01-24 00:16:38 -------- d-----w- C:\Program Files (x86)\Common Files\PostureAgent
2015-01-24 00:16:10 -------- d-----w- C:\Users\Jack\Intel
2015-01-24 00:12:23 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2015-01-23 23:59:39 -------- d--h--w- C:\SuperChargerProfile
2015-01-23 23:59:39 -------- d-----w- C:\Program Files (x86)\MSI
2015-01-23 23:56:48 -------- d-----w- C:\MSI
2015-01-23 23:48:48 424192 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys
2015-01-23 22:53:35 -------- d-----w- C:\Users\Jack\AppData\Local\AVG Web TuneUp
2015-01-23 22:53:27 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2015-01-23 22:53:05 52000 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2015-01-23 22:53:00 -------- d-----w- C:\ProgramData\AVG Secure Search
2015-01-23 22:52:58 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2015-01-23 22:52:53 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2015-01-23 22:52:52 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2015-01-23 22:47:29 -------- d-----w- C:\Windows\pss
2015-01-23 22:42:57 -------- d-----w- C:\Users\Jack\AppData\Roaming\AVG2015
2015-01-23 22:41:57 -------- d-----w- C:\Users\Jack\AppData\Roaming\TuneUp Software
2015-01-23 22:41:16 -------- d--h--w- C:\$AVG
2015-01-23 22:41:16 -------- d-----w- C:\ProgramData\AVG2015
2015-01-23 22:40:40 -------- d-----w- C:\Program Files (x86)\AVG
2015-01-23 22:39:00 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6169C84-6C76-4DEA-8C74-EB27E6222FCC}\mpengine.dll
2015-01-23 22:38:19 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-01-23 22:36:31 -------- d--h--w- C:\ProgramData\Common Files
2015-01-23 22:36:30 -------- d-----w- C:\Users\Jack\AppData\Local\MFAData
2015-01-23 22:36:30 -------- d-----w- C:\Users\Jack\AppData\Local\Avg2015
2015-01-23 22:36:30 -------- d-----w- C:\ProgramData\MFAData
2015-01-21 01:33:22 -------- d-----w- C:\ProgramData\2DBoy
2015-01-21 01:33:03 -------- d-----w- C:\Program Files (x86)\WorldOfGoo
2015-01-21 00:18:11 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-01-21 00:18:11 32400 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-01-20 21:27:17 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2015-02-06 08:00:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 08:00:18 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-05 19:07:04 6861128 ----a-w- C:\Windows\System32\nvcpl.dll
2015-02-05 19:07:03 3517584 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-02-05 19:07:00 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-02-05 19:07:00 62792 ----a-w- C:\Windows\System32\nvshext.dll
2015-02-05 19:07:00 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-02-05 19:06:59 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2015-02-05 12:50:11 4236870 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-26 22:40:07 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-23 23:22:07 795120 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2015-01-23 23:16:37 129200 ----a-w- C:\Windows\System32\drivers\e22w7x64.sys
2015-01-16 06:41:34 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-01-16 06:41:34 1278920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-01-16 06:41:18 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-01-16 06:41:18 1514528 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 04:15:56 1540240 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-08 15:55:52 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-09 03:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-11-29 22:31:50 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-11-29 19:44:55 282512 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-28 12:02:18 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2014-11-25 15:25:48 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-11-22 10:46:30 35472 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-11-19 03:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 17:09:22.53 ===============

Here is Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2014 3:26:09 AM
System Uptime: 2/15/2015 8:28:42 PM (21 hours ago)
.
Motherboard: MSI | | Z97M GAMING (MS-7919)
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz | SOCKET 0 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 240.843 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 465.078 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: IUSB3\ROOT_HUB30\4&547E2CA&0
Manufacturer:
Name:
PNP Device ID: IUSB3\ROOT_HUB30\4&547E2CA&0
Service:
.
==== System Restore Points ===================
.
RP130: 1/20/2015 4:45:30 PM - avast! antivirus system restore point
RP131: 1/21/2015 5:33:48 PM - avast! antivirus system restore point
RP132: 1/23/2015 4:32:17 PM - avast! antivirus system restore point
RP133: 1/23/2015 4:37:44 PM - avast! antivirus system restore point
RP134: 1/23/2015 4:38:44 PM - Windows Update
RP135: 1/23/2015 4:40:19 PM - Installed AVG 2015
RP136: 1/23/2015 4:40:51 PM - Installed AVG 2015
RP137: 1/25/2015 12:08:15 AM - Installed Microsoft Visual C++ 2005 Redistributable (x64)
RP138: 1/25/2015 12:10:26 AM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP139: 1/25/2015 12:10:51 AM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP140: 1/28/2015 10:47:35 PM - Windows Update
RP141: 1/30/2015 3:00:35 AM - Windows Update
RP142: 1/31/2015 3:00:38 AM - Windows Update
RP143: 2/9/2015 8:49:48 PM - Installed DirectX
RP145: 2/10/2015 8:55:03 PM - Installed DirectX
RP146: 2/12/2015 3:01:13 AM - Windows Update
RP147: 2/14/2015 3:51:22 PM - ComboFix created restore point
RP148: 2/14/2015 3:59:38 PM - avast! antivirus system restore point
RP149: 2/15/2015 3:00:58 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 16 NPAPI
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Assassin's Creed® III
Avast Free Antivirus
AVG 2015
AVG Web TuneUp
Batman: Arkham City GOTY
BOSS
Counter-Strike: Global Offensive
DayZ
Dropbox
Far Cry
Far Cry 2
Far Cry 4
Far Cry® 3
Far Cry® 3 Blood Dragon
FTL: Faster Than Light
G DATA ANTIVIRUS
GameRanger
Goat Simulator
Google Chrome
Google Update Helper
Guns of Icarus Online
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life: Blue Shift
Half-Life: Opposing Force
Half-Life: Source
Heroes & Generals
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) Smart Connect Technology
Intel® Trusted Connect Service Client
Java 7 Update 67
Java 8 Update 31
Java Auto Updater
Just Cause
Just Cause 2
Just Cause 2: Multiplayer Mod
Kerbal Space Program
L.A. Noire
Left 4 Dead 2 Beta
Lucius
Max Payne 3
Microsoft .NET Framework 4.5.2
Microsoft ASP.NET MVC 4 Runtime
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 365 ProPlus - en-us
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
Nexus Mod Manager
NVIDIA 3D Vision Controller Driver 347.09
NVIDIA 3D Vision Driver 347.52
NVIDIA Control Panel 347.52
NVIDIA GeForce Experience 2.2.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 347.52
NVIDIA HD Audio Driver 1.3.33.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 17.12.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 17.12.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 17.12.8
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.27
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
POSTAL 2
Prison Architect
RAGE
Rockstar Games Social Club
Scribblenauts Unlimited
Secunia PSI (3.0.0.10004)
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype Click to Call
Skype™ 7.0
South Park™: The Stick of Truth™
Star Wars - Battlefront II
Super-Charger
SUPERAntiSpyware
Team Fortress Classic
Tomb Raider
Unturned
Uplay
VGA Boost
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
2/9/2015 9:19:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8800411ddcc, 0xfffff880031c37f8, 0xfffff880031c3050). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020915-71198-01.
2/9/2015 10:31:23 PM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
2/16/2015 5:02:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/15/2015 8:32:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
2/15/2015 8:32:03 PM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/15/2015 8:32:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
2/15/2015 8:29:47 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
2/15/2015 3:20:30 AM, Error: Service Control Manager [7043] - The AVG WatchDog service did not shut down properly after receiving a preshutdown control.
2/14/2015 5:08:56 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/14/2015 5:08:56 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/14/2015 4:52:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/14/2015 4:17:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/14/2015 4:17:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/14/2015 4:17:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/14/2015 4:17:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/14/2015 4:17:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/14/2015 4:17:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/14/2015 4:16:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswVmm Avgdiska AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:16:46 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The media is write protected.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Server SMB 1.xxx Driver service failed to start due to the following error: The media is write protected.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The system cannot find the path specified.
2/14/2015 4:15:14 PM, Error: DCOM [10005] -
2/14/2015 4:14:53 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
2/14/2015 4:14:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the YouTube Downloader Services (A2) service to connect.
2/14/2015 4:14:52 PM, Error: Service Control Manager [7000] - The YouTube Downloader Services (A2) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/14/2015 4:14:52 PM, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: A system shutdown is in progress.
2/14/2015 4:14:48 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
2/14/2015 4:11:15 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753635.
2/14/2015 4:11:00 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: A system shutdown is in progress.
2/12/2015 3:23:02 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/10/2015 9:32:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MSI_Trigger_Service service to connect.
2/10/2015 9:32:15 PM, Error: Service Control Manager [7000] - The MSI_Trigger_Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/10/2015 6:51:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800670fb50, 0xfffff800041363d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021015-55130-01.
.
==== End Of File ===========================
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm
Advertisement
Register to Remove

Re: Fake Update Message Virus

Unread postby Gary R » February 17th, 2015, 4:34 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby Gary R » February 17th, 2015, 4:47 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi 15burgja

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your logs indicate that you have several Anti-Virus programs installed on your computer ...

Avast Free Antivirus
AVG 2015
G DATA ANTIVIRUS


You must only have one AV program installed, otherwise you will get conflicts, and your defenses will be weaker not stronger.

I recommend you keep Avast and uninstall the other two.

I also recommend you uninstall ...

AVG Web TuneUp


... which serves no real useful purpose, and will inevitably slow down your browser.

There's no obvious signs of infection in the DDS logs that you've supplied, so I'm going to need you to run some additional scans for me to see if we can find out what it is that is causing your problems.

First ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Addition.txt
  • ADWCleaner log
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 17th, 2015, 11:34 pm

Hi Gary R, thanks for the help and the quick reply.

Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Jack (administrator) on JACK-PC on 17-02-2015 20:28:50
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available profiles: Jack)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoftware) C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(MicroTools) C:\Program Files (x86)\AspInfo\aspcheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2015-01-23] ()
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-909053488-847819577-1169221515-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-909053488-847819577-1169221515-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-909053488-847819577-1169221515-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 71.10.216.1 71.10.216.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-14]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=odc179
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
CHR Extension: (Adblock Plus) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-20]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
CHR Extension: (Avast Online Security) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-14] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2015-01-23] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A2; C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe [2971224 2015-02-06] (Microsoftware)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-14] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-23] (AVG Technologies)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2015-01-23] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-12-19] (Realtek Semiconductor Corporation )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-14] (Avast Software)
S3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:28 - 2015-02-17 20:29 - 00022207 _____ () C:\Users\Jack\Downloads\FRST.txt
2015-02-17 20:28 - 2015-02-17 20:28 - 02085888 _____ (Farbar) C:\Users\Jack\Downloads\FRST64.exe
2015-02-17 20:28 - 2015-02-17 20:28 - 00000000 ____D () C:\FRST
2015-02-17 20:26 - 2015-02-17 20:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JACK-PC-Windows-7-Professional-(64-bit).dat
2015-02-17 20:24 - 2015-02-17 20:24 - 00000000 ____D () C:\RegBackup
2015-02-17 17:55 - 2015-02-17 17:55 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-17 17:55 - 2015-02-17 17:55 - 00000197 _____ () C:\Windows\system32\2015-02-17-23-55-01.081-AvastVBoxSVC.exe-3396.log
2015-02-17 17:55 - 2015-02-17 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-17 17:55 - 2015-02-17 17:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-17 17:53 - 2015-02-17 17:53 - 04804736 _____ () C:\Users\Jack\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-17 17:49 - 2015-02-17 17:49 - 00088674 _____ () C:\Windows\PFRO.log
2015-02-17 17:45 - 2015-02-17 17:46 - 00003000 _____ () C:\Windows\System32\Tasks\Open Chrome
2015-02-17 17:45 - 2015-02-17 17:46 - 00000684 _____ () C:\Windows\Tasks\Open Chrome.job
2015-02-16 17:09 - 2015-02-16 17:09 - 00031246 _____ () C:\Users\Jack\Desktop\dds.txt
2015-02-16 17:09 - 2015-02-16 17:09 - 00016777 _____ () C:\Users\Jack\Desktop\attach.txt
2015-02-16 17:06 - 2015-02-16 17:06 - 00688992 ____R (Swearware) C:\Users\Jack\Downloads\dds (1).scr
2015-02-15 20:34 - 2015-02-15 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-16-02-34-09.021-AvastVBoxSVC.exe-7152.log
2015-02-15 20:25 - 2015-02-15 20:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2015-02-15 20:24 - 2015-02-16 09:27 - 00004018 _____ () C:\Windows\DPINST.LOG
2015-02-15 20:24 - 2015-02-15 20:25 - 00000779 _____ () C:\Users\Jack\AppData\Roaming\gdscan.log
2015-02-15 20:22 - 2015-02-17 17:40 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-02-15 20:20 - 2015-02-17 17:40 - 00000000 ____D () C:\ProgramData\G Data
2015-02-15 18:31 - 2015-02-15 20:20 - 411313416 _____ (G Data Software AG) C:\Users\Jack\Downloads\USA_R_FUL_2015_AV.exe
2015-02-15 11:33 - 2015-02-15 11:33 - 21037696 _____ (SUPERAntiSpyware) C:\Users\Jack\Downloads\SUPERAntiSpyware (1).exe
2015-02-15 11:31 - 2015-02-15 11:31 - 00000197 _____ () C:\Windows\system32\2015-02-15-17-31-25.061-AvastVBoxSVC.exe-2056.log
2015-02-15 10:55 - 2015-02-15 10:55 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Jack\Downloads\SpyHunter-Installer.exe
2015-02-15 03:24 - 2015-02-15 03:25 - 00000197 _____ () C:\Windows\system32\2015-02-15-09-24-50.052-AvastVBoxSVC.exe-3716.log
2015-02-14 23:08 - 2015-02-14 23:38 - 00000000 ____D () C:\Users\Jack\Desktop\Ubisoft Game Launcher
2015-02-14 18:57 - 2015-02-14 18:58 - 00000247 _____ () C:\Windows\system32\2015-02-15-00-57-24.088-aswFe.exe-7200.log
2015-02-14 18:40 - 2015-02-14 18:57 - 00000247 _____ () C:\Windows\system32\2015-02-15-00-40-32.090-aswFe.exe-5768.log
2015-02-14 18:40 - 2015-02-14 18:40 - 00000197 _____ () C:\Windows\system32\2015-02-15-00-40-00.043-AvastVBoxSVC.exe-5044.log
2015-02-14 17:10 - 2015-02-17 20:22 - 00235374 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 17:05 - 2015-02-17 20:21 - 00004901 _____ () C:\Windows\setupact.log
2015-02-14 17:05 - 2015-02-14 17:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 16:03 - 2015-02-14 17:02 - 00002166 _____ () C:\Users\Jack\Desktop\Avast Free Antivirus.lnk
2015-02-14 16:03 - 2015-02-14 16:03 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\AVAST Software
2015-02-14 16:03 - 2015-02-14 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-14 16:02 - 2015-02-17 17:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 16:02 - 2015-02-14 16:03 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-14 16:02 - 2015-02-14 16:03 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-14 16:02 - 2015-02-14 16:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-14 16:01 - 2015-02-14 16:01 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-14 16:01 - 2015-02-14 16:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-14 15:59 - 2015-02-14 15:59 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-14 15:51 - 2015-02-14 15:51 - 00000000 ___SD () C:\ComboFix
2015-02-14 15:51 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-14 15:51 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-14 15:51 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-14 15:51 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-14 15:51 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-14 15:51 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-14 15:51 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-14 15:51 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-14 15:49 - 2015-02-14 15:51 - 00000000 ___SD () C:\32788R22FWJFW
2015-02-14 15:49 - 2015-02-14 15:51 - 00000000 ____D () C:\Qoobox
2015-02-14 15:49 - 2015-02-14 15:49 - 00000000 ____D () C:\Windows\erdnt
2015-02-14 14:49 - 2015-01-22 22:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 14:49 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 14:49 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 14:49 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 02:50 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 02:50 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 02:50 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 02:50 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 02:50 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 02:50 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 02:50 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 02:50 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 02:50 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 02:50 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 02:50 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 02:50 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 02:50 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 02:50 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 02:50 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 02:50 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 02:50 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 02:50 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 02:50 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 02:50 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 02:50 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 02:49 - 2015-01-13 23:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 02:49 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 02:49 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 02:49 - 2015-01-11 21:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 02:49 - 2015-01-11 21:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 02:49 - 2015-01-11 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 02:49 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 02:49 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 02:49 - 2015-01-11 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 02:49 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 02:49 - 2015-01-11 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 02:49 - 2015-01-11 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 02:49 - 2015-01-11 20:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 02:49 - 2015-01-11 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 02:49 - 2015-01-11 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 02:49 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 02:49 - 2015-01-11 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 02:49 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 02:49 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 02:49 - 2015-01-11 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 02:49 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 02:49 - 2015-01-11 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 02:49 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 02:49 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 02:49 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 02:49 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 02:49 - 2015-01-11 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 02:49 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 02:49 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 02:49 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 02:49 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 02:49 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 02:49 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 02:49 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 02:49 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 02:49 - 2015-01-11 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 02:49 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 02:49 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 02:49 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 02:49 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 02:49 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 02:49 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 02:49 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 02:49 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 02:49 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 02:49 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 02:49 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 02:49 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 02:49 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 02:49 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 02:49 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 02:49 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 02:49 - 2015-01-10 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 02:49 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 02:47 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 02:47 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 02:47 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 02:47 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 02:47 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 02:47 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 02:47 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 02:47 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 02:47 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 02:47 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 02:46 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 02:46 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 02:46 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 02:46 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 02:46 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 02:46 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 02:46 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 02:46 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 02:46 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 02:44 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:28 - 2015-02-10 21:28 - 00007605 _____ () C:\Users\Jack\AppData\Local\Resmon.ResmonCfg
2015-02-10 21:24 - 2015-02-05 11:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-10 21:18 - 2015-02-05 15:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-10 21:18 - 2015-02-05 15:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-10 21:18 - 2015-02-05 15:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-10 06:52 - 2015-02-10 06:52 - 00002464 _____ () C:\Windows\System32\Tasks\1214tbUpdateInfo
2015-02-10 06:52 - 2015-02-10 06:52 - 00000348 _____ () C:\Windows\Tasks\1214tbUpdateInfo.job
2015-02-10 06:51 - 2015-02-10 06:51 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2015-02-10 06:50 - 2015-02-14 16:53 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 20:50 - 2015-02-10 08:48 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-02-07 00:17 - 2015-02-07 00:17 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ParetoLogic
2015-02-07 00:16 - 2015-02-07 00:29 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-02-06 22:32 - 2015-02-06 22:32 - 00000000 _____ () C:\autoexec.bat
2015-02-06 21:28 - 2015-02-06 21:28 - 00000000 ____D () C:\Users\Jack\Documents\Lucius
2015-02-06 19:21 - 2015-02-06 19:21 - 00000000 ____D () C:\Users\Jack\AppData\Local\Introversion
2015-02-06 02:00 - 2015-02-06 02:00 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-03 17:09 - 2015-02-17 20:21 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jack-PC-Jack Jack-PC
2015-02-03 16:39 - 2015-02-03 16:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com
2015-02-03 16:38 - 2015-02-03 16:38 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-03 16:36 - 2015-02-03 16:36 - 21172816 _____ (SUPERAntiSpyware) C:\Users\Jack\Downloads\SUPERAntiSpyware.exe
2015-01-30 03:02 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-29 20:47 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-29 20:47 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-29 20:47 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-29 20:47 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-28 23:16 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-28 23:16 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-28 23:16 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-28 23:16 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-28 23:16 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-28 23:16 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-28 23:16 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-28 23:16 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-28 23:16 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-28 23:16 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-28 23:16 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-28 23:16 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-28 23:16 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-28 23:16 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-28 23:16 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-28 22:53 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-28 22:53 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-28 22:53 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-28 22:53 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-28 22:53 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-28 22:52 - 2015-01-28 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-28 22:51 - 2015-01-28 22:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-28 22:51 - 2015-01-28 22:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 22:50 - 2015-01-28 22:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2015-01-25 00:33 - 2015-01-25 00:33 - 00000000 ____D () C:\Users\Jack\AppData\Local\Intel_Corporation
2015-01-24 23:54 - 2015-01-24 23:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-01-23 20:29 - 2015-02-06 18:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 20:29 - 2015-01-23 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 20:20 - 2015-02-17 20:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 20:20 - 2015-02-17 17:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 20:20 - 2015-02-06 23:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-23 20:20 - 2015-02-06 23:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-23 19:03 - 2015-01-23 19:03 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-23 19:01 - 2015-01-23 19:01 - 00000000 ____D () C:\Users\Jack\Desktop\scanners
2015-01-23 18:56 - 2015-02-05 15:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 18:56 - 2015-02-05 15:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-23 18:56 - 2015-01-12 22:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 18:56 - 2015-01-12 22:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 18:56 - 2015-01-10 02:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 18:56 - 2015-01-10 02:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 18:25 - 2015-02-17 20:21 - 00011719 _____ () C:\Windows\SysWOW64\Gms.log
2015-01-23 18:22 - 2015-01-23 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2015-01-23 18:22 - 2014-02-03 11:46 - 00023936 _____ () C:\Windows\system32\Drivers\INETMON.sys
2015-01-23 18:18 - 2015-01-23 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-23 18:18 - 2015-01-23 18:18 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-23 18:16 - 2015-01-23 18:22 - 00000000 ____D () C:\ProgramData\Intel
2015-01-23 18:16 - 2015-01-23 18:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-23 18:16 - 2015-01-23 18:16 - 00000000 ____D () C:\Users\Jack\Intel
2015-01-23 18:16 - 2015-01-23 18:16 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-23 18:16 - 2015-01-23 18:16 - 00000000 ____D () C:\Intel
2015-01-23 18:12 - 2015-01-23 18:17 - 00000000 ____D () C:\Program Files\Intel
2015-01-23 18:12 - 2015-01-23 18:12 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2015-01-23 17:59 - 2015-02-10 08:48 - 00000000 ___HD () C:\SuperChargerProfile
2015-01-23 17:59 - 2015-01-23 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-01-23 17:59 - 2015-01-23 17:59 - 00000000 ____D () C:\Program Files (x86)\MSI
2015-01-23 17:56 - 2015-01-23 17:56 - 00000000 ____D () C:\MSI
2015-01-23 17:48 - 2013-08-16 01:37 - 00424192 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2015-01-23 17:21 - 2015-01-23 17:21 - 05671064 _____ () C:\Users\Jack\Downloads\intel_usb30 (1).zip
2015-01-23 17:15 - 2015-01-23 17:15 - 00283762 _____ () C:\Users\Jack\Downloads\Killer_network_inf.zip
2015-01-23 16:53 - 2015-01-24 06:03 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-01-23 16:53 - 2015-01-23 22:23 - 00000000 ____D () C:\Users\Jack\AppData\Local\AVG Web TuneUp
2015-01-23 16:53 - 2015-01-23 16:53 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-01-23 16:53 - 2015-01-23 16:52 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-01-23 16:52 - 2015-01-23 16:52 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-23 16:47 - 2015-01-23 16:47 - 00000000 ____D () C:\Windows\pss
2015-01-23 16:41 - 2015-01-23 16:41 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\TuneUp Software
2015-01-23 16:38 - 2015-01-23 16:38 - 00000197 _____ () C:\Windows\system32\2015-01-23-22-38-03.077-AvastVBoxSVC.exe-2552.log
2015-01-23 16:36 - 2015-02-17 17:49 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 16:36 - 2015-01-23 16:36 - 04637504 _____ (AVG Technologies) C:\Users\Jack\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-23 16:36 - 2015-01-23 16:36 - 00000000 ____D () C:\Users\Jack\AppData\Local\MFAData
2015-01-20 19:33 - 2015-01-20 19:33 - 00000000 ____D () C:\ProgramData\2DBoy
2015-01-20 19:33 - 2015-01-20 19:33 - 00000000 ____D () C:\Program Files (x86)\WorldOfGoo
2015-01-20 18:59 - 2015-01-20 18:59 - 00140408 _____ () C:\General-Chaos-(UEJ)-[!].gs0
2015-01-20 18:18 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-20 18:18 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-20 15:27 - 2015-01-20 15:27 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:25 - 2014-07-05 13:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Skype
2015-02-17 20:21 - 2015-01-13 20:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 18:01 - 2009-07-13 22:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 18:01 - 2009-07-13 22:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 17:50 - 2014-06-27 03:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 17:50 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 17:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-02-17 17:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-02-17 17:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-02-17 17:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-02-16 20:16 - 2014-06-27 10:21 - 00000000 ____D () C:\Users\Jack\Desktop\Steam
2015-02-16 18:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 23:14 - 2014-06-27 23:49 - 00000000 ____D () C:\Users\Jack\Documents\My Games
2015-02-14 23:09 - 2014-06-27 10:52 - 00000676 _____ () C:\Users\Jack\Desktop\Uplay.lnk
2015-02-14 16:53 - 2014-06-27 10:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft Game Launcher
2015-02-14 16:53 - 2014-06-27 06:17 - 00000000 ____D () C:\Windows\Panther
2015-02-14 15:59 - 2014-06-27 10:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-14 14:39 - 2009-07-13 22:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 04:28 - 2014-12-14 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 04:28 - 2014-06-27 09:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 04:28 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 04:12 - 2014-07-08 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 04:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 03:57 - 2014-06-27 03:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:08 - 2014-06-27 03:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 21:24 - 2014-06-27 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-10 08:48 - 2014-11-03 15:22 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-10 08:48 - 2010-11-21 01:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-10 08:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-02-10 06:51 - 2014-06-27 02:26 - 00000000 ____D () C:\Users\Jack
2015-02-09 20:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-06 21:16 - 2014-11-03 15:22 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-02-06 02:00 - 2015-01-13 20:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 02:00 - 2015-01-13 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 02:00 - 2015-01-13 20:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 15:01 - 2014-08-21 11:03 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 15:01 - 2014-06-27 22:54 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 15:01 - 2014-06-27 03:25 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 15:01 - 2014-06-27 03:25 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 15:01 - 2014-03-20 22:02 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 15:01 - 2014-03-20 22:02 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 13:07 - 2014-06-27 03:25 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 13:07 - 2014-06-27 03:25 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 13:07 - 2014-06-27 03:25 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 13:07 - 2014-06-27 03:25 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 13:07 - 2014-06-27 03:25 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 13:06 - 2014-06-27 03:25 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 06:50 - 2014-06-27 03:25 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-29 09:03 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 23:11 - 2014-06-27 03:20 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-28 23:11 - 2009-07-13 23:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 16:41 - 2014-06-27 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 16:41 - 2014-06-27 21:45 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 16:40 - 2014-11-02 16:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 00:13 - 2014-07-30 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 20:29 - 2014-06-27 10:03 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 20:20 - 2014-06-27 10:02 - 00000000 ____D () C:\Users\Jack\AppData\Local\Deployment
2015-01-23 19:48 - 2014-09-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response
2015-01-23 17:22 - 2014-06-27 11:30 - 00795120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2015-01-23 17:16 - 2014-03-27 09:29 - 00129200 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\e22w7x64.sys
2015-01-21 17:33 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-21 13:06 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-20 20:51 - 2014-06-27 02:26 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore
2015-01-20 17:28 - 2014-06-27 23:13 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\.minecraft
2015-01-19 14:44 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2015-02-15 20:24 - 2015-02-15 20:25 - 0000779 _____ () C:\Users\Jack\AppData\Roaming\gdscan.log
2015-02-07 00:17 - 2015-02-07 00:28 - 0000115 _____ () C:\Users\Jack\AppData\Roaming\LogFile.txt
2015-02-10 21:28 - 2015-02-10 21:28 - 0007605 _____ () C:\Users\Jack\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jack\AppData\Local\Temp\WdfCoInstaller01007.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-16 18:29

==================== End Of Log ============================
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 17th, 2015, 11:35 pm

Here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Jack at 2015-02-17 20:29:29
Running from C:\Users\Jack\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dropbox (HKU\S-1-5-21-909053488-847819577-1169221515-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Far Cry (HKLM-x32\...\Steam App 13520) (Version: - Crytek Studios)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal)
Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
GameRanger (HKU\S-1-5-21-909053488-847819577-1169221515-1000\...\GameRanger) (Version: - GameRanger Technologies)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{6EB4AC9E-01E9-4B8C-96C8-281ECAF3A687}) (Version: 5.0.10.2793 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Just Cause (HKLM-x32\...\Steam App 6880) (Version: - Avalanche Studios)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
Lucius (HKLM-x32\...\Steam App 218640) (Version: - Shiver Games)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-909053488-847819577-1169221515-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909053488-847819577-1169221515-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909053488-847819577-1169221515-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909053488-847819577-1169221515-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-909053488-847819577-1169221515-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-01-2015 16:45:30 avast! antivirus system restore point
21-01-2015 17:33:48 avast! antivirus system restore point
23-01-2015 16:32:17 avast! antivirus system restore point
23-01-2015 16:37:44 avast! antivirus system restore point
23-01-2015 16:38:44 Windows Update
23-01-2015 16:40:19 Installed AVG 2015
23-01-2015 16:40:51 Installed AVG 2015
25-01-2015 00:08:15 Installed Microsoft Visual C++ 2005 Redistributable (x64)
25-01-2015 00:10:26 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
25-01-2015 00:10:51 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
28-01-2015 22:47:35 Windows Update
30-01-2015 03:00:35 Windows Update
31-01-2015 03:00:38 Windows Update
09-02-2015 20:49:48 Installed DirectX
10-02-2015 20:55:03 Installed DirectX
12-02-2015 03:01:13 Windows Update
14-02-2015 15:51:22 ComboFix created restore point
14-02-2015 15:59:38 avast! antivirus system restore point
15-02-2015 03:00:58 Windows Update
17-02-2015 17:41:52 Removed AVG 2015
17-02-2015 17:45:05 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30F8B853-E6DE-49D0-9167-5C3543356837} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {43567A6A-2D7D-436F-9766-531394820157} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jack-PC-Jack Jack-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {6D1082EC-15BA-48FB-B8BB-2AC0BFCC0830} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {796268C9-79E3-4D78-AB5F-628C4941DCA3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-14] (AVAST Software)
Task: {82ACC03E-39F5-495D-B7D8-38424C6987F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {BA4D8798-6895-48F4-92C6-5FB7E21D5F11} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {C688DCF7-0333-4974-80D0-28EF7E69F7B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-26] (Microsoft Corporation)
Task: {DEC6D353-0F41-4C43-B743-31A77DF4B490} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DF5A3F1C-7317-4031-8F76-C08E5C8FD388} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={C84E111C-E36B-4D40-8211-74D73D23F24F}&amp;mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&amp;lang=en&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=&amp;pr=fr&amp;d=&amp;v=4.0.5.7&amp;pid=wtu&amp;sg=
Task: {F1FCB1BE-937A-4D3A-8188-ACE7DA8FDDAE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {F8D2B7FC-87C0-4948-B03B-3550FA7BC9DB} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7CA7B729-F22D-485B-86D4-561E2399C190}.exe [2015-02-10] ()
Task: {FF9B9B6E-D109-4D7C-9495-FD0AD29976D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7CA7B729-F22D-485B-86D4-561E2399C190}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-26 16:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 09:47 - 2014-02-21 09:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-11-26 16:32 - 2014-11-26 16:32 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-23 16:52 - 2015-01-23 16:52 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-01-23 16:53 - 2015-01-23 16:52 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2015-02-14 16:01 - 2015-02-14 16:01 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-14 16:01 - 2015-02-14 16:01 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-17 06:00 - 2015-02-17 06:00 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021701\algo.dll
2015-02-14 16:01 - 2015-02-14 16:01 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-17 17:51 - 2015-02-17 17:51 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021702\algo.dll
2015-01-23 16:53 - 2015-01-23 16:52 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2015-02-14 16:01 - 2015-02-14 16:01 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-26 16:21 - 2014-11-26 16:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-11-26 16:23 - 2014-11-26 16:33 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-06 18:22 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 18:22 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 18:22 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-909053488-847819577-1169221515-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 71.10.216.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== Accounts: =============================

Administrator (S-1-5-21-909053488-847819577-1169221515-500 - Administrator - Disabled)
Guest (S-1-5-21-909053488-847819577-1169221515-501 - Limited - Disabled)
Jack (S-1-5-21-909053488-847819577-1169221515-1000 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 05:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 05:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI_Trigger_Service.exe, version: 1.0.9.0, time stamp: 0x5243c86d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x77c
Faulting application start time: 0xMSI_Trigger_Service.exe0
Faulting application path: MSI_Trigger_Service.exe1
Faulting module path: MSI_Trigger_Service.exe2
Report Id: MSI_Trigger_Service.exe3

Error: (02/17/2015 05:52:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI_Trigger_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(System.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at MSI_Trigger_Service.Service1.DetectVGAInfo()
at MSI_Trigger_Service.Service1.ServiceThread_Main()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary G Data Rootkit Detector Driver.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary HookCentre.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary GDBehave.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:42:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary G Data Rootkit Detector Driver.

System Error:
The system cannot find the file specified.
.

Error: (02/17/2015 05:42:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (02/17/2015 05:54:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI_Trigger_Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2015 05:50:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/16/2015 05:02:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/16/2015 05:02:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (02/15/2015 08:32:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (02/15/2015 08:32:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastVBox COM Service service failed to start due to the following error:
%%1053

Error: (02/15/2015 08:32:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.

Error: (02/15/2015 08:31:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (02/15/2015 08:29:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/15/2015 06:24:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Microsoft Office Sessions:
=========================
Error: (02/17/2015 05:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 05:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI_Trigger_Service.exe1.0.9.05243c86dKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d77c01d04b0c8e809820C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exeC:\Windows\syswow64\KERNELBASE.dll16ff0ee2-b700-11e4-b080-448a5b9c2b29

Error: (02/17/2015 05:52:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI_Trigger_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(System.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at MSI_Trigger_Service.Service1.DetectVGAInfo()
at MSI_Trigger_Service.Service1.ServiceThread_Main()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary G Data Rootkit Detector Driver.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary HookCentre.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GDBehave.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:45:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:42:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary G Data Rootkit Detector Driver.

System Error:
The system cannot find the file specified.

Error: (02/17/2015 05:42:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8139.98 MB
Available physical RAM: 6074.11 MB
Total Pagefile: 16278.14 MB
Available Pagefile: 13407.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:228.42 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EDC774AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 6E697373)
No partition Table on disk 1.

==================== End Of Log ============================
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 17th, 2015, 11:36 pm

Here is the AdsCleaner log:

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 20:39:13
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Downloads\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

File Found : C:\Users\Jack\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\Jack\AppData\Roaming\ParetoLogic

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.111


-\\ Chromium v

*************************

AdwCleaner[R4].txt - [3403 bytes] - [17/02/2015 20:39:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3462 bytes] ##########
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 17th, 2015, 11:53 pm

I tried following the instructions to temporarily disable avast, but for some reason right clicking the icon did nothing. Instead I went into the settings of avast and I think I found how to do it from there. When I did the ESET scan it said that I still had an avast running, though. I did the scan anyway and this is what it detected:

C:\$RECYCLE.BIN\S-1-5-21-909053488-847819577-1169221515-1000\$RZV4DI1.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 18th, 2015, 3:00 am

Not too much showing in the scans we've run so far, however we'll take care of what has been found, and see where that gets us.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

AVG Web TuneUp
Java 7 Update 67


The first is of dubious use, and besides I need to ensure that all remains of your AVG anti-virus have been removed, and it's difficult to do that when you have another AVG product installed. If you really want to have it, then uninstall it temporarily until we've got your computer clean, you can always re-install it once we've resolved your problems.

Old out of date versions of java can be (and usually are) exploited.

Reboot your computer once both have been uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\$RECYCLE.BIN\S-1-5-21-909053488-847819577-1169221515-1000\$RZV4DI1.exe
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2015-01-23] ()
HKU\S-1-5-21-909053488-847819577-1169221515-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid= {C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-909053488-847819577-1169221515-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2015-01-23] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-23] (AVG Technologies)
S3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [X]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fixlog
  • Fixlog.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 19th, 2015, 3:24 pm

Apologies for the late response, my internet has been out for a day or two.
Here is the ADWCleaner fixlog:

# AdwCleaner v4.110 - Logfile created 18/02/2015 at 17:45:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Jack\AppData\Roaming\ParetoLogic
File Deleted : C:\Users\Jack\AppData\Local\Temp\Uninstall.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.111

[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R4].txt - [3565 bytes] - [17/02/2015 20:39:13]
AdwCleaner[R5].txt - [2128 bytes] - [18/02/2015 17:34:55]
AdwCleaner[S3].txt - [2320 bytes] - [18/02/2015 17:45:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2379 bytes] ##########
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 19th, 2015, 3:25 pm

Here is Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Jack at 2015-02-19 13:16:00 Run:1
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available profiles: Jack)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN\S-1-5-21-909053488-847819577-1169221515-1000\$RZV4DI1.exe
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2015-01-23] ()
HKU\S-1-5-21-909053488-847819577-1169221515-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid= {C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-909053488-847819577-1169221515-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {C84E111C-E36B-4D40-8211-74D73D23F24F}&mid=9d36918a955347cd95ea34822d80c4d3-6a952225c77ef39a63886747b706a7c6a3c35bd4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-23 16:53:09&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2015-01-23] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-23] (AVG Technologies)
S3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [X]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

C:\$RECYCLE.BIN\S-1-5-21-909053488-847819577-1169221515-1000\$RZV4DI1.exe => Moved successfully.
C:\Program Files (x86)\AVG Web TuneUp => Moved successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKU\S-1-5-21-909053488-847819577-1169221515-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-909053488-847819577-1169221515-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found.
vToolbarUpdater18.2.0 => Service not found.
avgtp => Service not found.
GDPkIcpt => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 436.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:16:39 ====
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 19th, 2015, 3:26 pm

I am not sure if the AdwCleaner log submitted correctly so if not here it is again:

# AdwCleaner v4.110 - Logfile created 18/02/2015 at 17:45:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Jack\AppData\Roaming\ParetoLogic
File Deleted : C:\Users\Jack\AppData\Local\Temp\Uninstall.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.111

[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R4].txt - [3565 bytes] - [17/02/2015 20:39:13]
AdwCleaner[R5].txt - [2128 bytes] - [18/02/2015 17:34:55]
AdwCleaner[S3].txt - [2320 bytes] - [18/02/2015 17:45:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2379 bytes] ##########
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby 15burgja » February 19th, 2015, 3:30 pm

Apologies for the late response, my internet has been down for a couple days. The computer seems to be running about the same. I haven't gotten a pop-up message yet but they typically show up at random times. Perhaps my issues are from damage left behind by a virus that has already been deleted?
Thanks again for all of your help, I really appreciate it.
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 19th, 2015, 7:07 pm

OK, if you do get any more pop -up ads, try resetting your router, it's possible that your router rather than your computer is infected.

  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • Sometimes there's a Reset button on the front of the router, in which case just hold it down until the lights on the front of the router blink off and then on again.
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.


In the meantime, there is evidence in your logs that your computer has been blue screening, in which case I'd like you to run a tool for me so I can get an idea of what reports Windows may have made of the incidents.

Please download MiniToolBox to your Desktop.

  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:
    • List last 10 Event Viewer Errors
    • List Minidump Files
  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Update Message Virus

Unread postby 15burgja » February 19th, 2015, 9:30 pm

I purchased a new router today (it was time my last one was 4-5 years old). A new router would get rid of any infections that were on the old one, right?
Here is Result.txt:

MiniToolBox by Farbar Version: 30-11-2014
Ran by Jack (administrator) on 19-02-2015 at 19:27:49
Running from "C:\Users\Jack\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/19/2015 01:19:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 00:40:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:49:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:33:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (02/18/2015 05:29:32 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service YouTube Downloader Services (A2) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/18/2015 04:45:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/17/2015 10:48:40 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4886e9ce-04c3-4ee6-970a-cbb87507b87e}


System errors:
=============
Error: (02/19/2015 07:26:11 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/19/2015 01:31:24 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/19/2015 01:31:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/19/2015 01:18:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:38:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:37:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:35:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:32:22 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/18/2015 05:47:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/18/2015 05:46:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/19/2015 01:19:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 00:40:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:49:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:33:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (02/18/2015 05:33:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (02/18/2015 05:29:32 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service YouTube Downloader Services (A2) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (02/18/2015 04:45:11 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (02/17/2015 10:48:40 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4886e9ce-04c3-4ee6-970a-cbb87507b87e}

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
15burgja
Active Member
 
Posts: 14
Joined: February 16th, 2015, 12:08 pm

Re: Fake Update Message Virus

Unread postby Gary R » February 20th, 2015, 2:15 am

Yes, using a new router should ensure that your problems are not caused by a router infection.

Well I don't see any minidump files, so it doesn't look like you've blue screened recently.

However I see you've been having problems connecting ....

Error: (02/19/2015 01:18:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:38:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:37:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2015 00:35:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126



If you're still having connection problems, then try the following troubleshooting steps .... http://windows.microsoft.com/en-us/wind ... =winxptab1


Can you run a search for me please using FRST ....



  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;vxmclient

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware