Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quarantined Win32 Malware Gen/fake alerts/possible new infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 Violette

Violette

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 26 December 2014 - 06:32 PM

Laptop been acting unusually slow, woke up this morning to find a Avast scan warning "threat detected" - when I clicked to the get the scan results nothing happened. Did this several times to no avail. Eventually shut down and ran a boot time scan which picked up nothing. There is oddly no record of the most recent Avast scan which detected the threat. Ran Malwarebytes and Superantispyware also, both came up clean. Had some fake alerts popping up recently, one being a fake adobe alert from professionaln.com. The Win32 viruses in quarantine pre-date these latest issues, there was no option to delete so I just left them there, unsure now whether that was the right thing to do...

 

DDS.txt log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17148
Run by ANI at 23:01:21 on 2014-12-26
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.3982.879 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ASUS\P4G\InsOnSrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files\ASUS\P4G\InsOnWMI.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{984C116D-F70D-4509-A8DC-13FE5F9B44C7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B453A466-1362-43C8-83D9-8F104D78B04A} : NameServer = 212.159.13.49,212.159.13.50
TCP: Interfaces\{B453A466-1362-43C8-83D9-8F104D78B04A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B453A466-1362-43C8-83D9-8F104D78B04A}\35B4956393632393 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ANI\AppData\Roaming\Mozilla\Firefox\Profiles\mvzqibx2.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-8-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-8-17 267632]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2014-1-26 677360]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-8-17 1050432]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2014-8-17 436624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-7-2 19768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files\ASUS\P4G\InsOnSrv.exe [2013-8-29 277120]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-8-17 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-8-17 83280]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-8-17 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-15 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-17 2449592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-3-19 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-3-19 166720]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-11-25 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-3-19 365376]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-15 271752]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-12-12 70928]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-15 4012248]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2014-1-26 20280]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-3-19 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2014-1-26 342528]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2014-3-19 308808]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-29 838872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\LibreOffice 4\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-21 10:48:44 -------- d-----w- C:\Users\ANI\AppData\Local\Skype
2014-12-21 10:48:25 -------- d-----r- C:\Program Files (x86)\Skype
2014-12-15 17:51:03 -------- d-----w- C:\Windows\SysWow64\vbox
2014-12-15 17:51:03 -------- d-----w- C:\Windows\System32\vbox
2014-12-15 11:26:29 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-30 22:54:39 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
2014-12-26 15:33:00 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-26 13:23:59 74 ----a-w- C:\Users\ANI\AppData\Roaming\sp_data.sys
2014-12-15 11:26:59 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-15 11:26:31 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-15 11:26:31 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-15 11:26:31 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-15 11:26:31 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-15 11:26:31 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-12-15 11:26:30 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-30 22:23:33 581016 ----a-w- C:\Windows\System32\AutoUpdate.exe
2014-11-30 22:23:33 462760 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-11-25 20:13:15 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-11-25 20:13:14 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-11-21 06:14:26 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 06:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 06:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-20 20:56:55 713672 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-20 20:56:55 106440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-08 11:22:11 238080 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-08 11:21:32 827904 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-08 06:57:15 187904 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-08 06:56:40 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-26 01:56:17 2237952 ----a-w- C:\Windows\System32\wininet.dll
2014-10-26 01:56:06 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-10-26 01:56:06 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-10-26 01:54:43 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-26 01:54:36 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-10-26 01:54:36 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-10-26 01:53:54 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-26 00:36:01 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-26 00:35:53 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-10-26 00:34:48 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-26 00:34:43 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-10-26 00:34:43 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-10-26 00:34:16 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-26 00:19:11 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-26 00:13:06 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-25 21:48:29 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-10-23 12:47:53 79872 ----a-w- C:\Windows\System32\packager.dll
2014-10-23 11:04:41 68096 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-22 01:08:16 568832 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-10-22 01:08:16 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-22 01:01:22 695808 ----a-w- C:\Windows\System32\WSShared.dll
2014-10-22 01:01:22 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-10-22 01:01:22 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-22 01:00:53 125952 ----a-w- C:\Windows\System32\WinSetupUI.dll
2014-10-18 08:44:05 778240 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 07:05:16 567808 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-11 08:35:58 171840 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-11 07:45:07 10115072 ----a-w- C:\Windows\System32\twinui.dll
2014-10-11 07:44:56 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-10-11 07:44:47 3248640 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-11 07:44:07 393216 ----a-w- C:\Windows\System32\msihnd.dll
2014-10-11 07:44:07 2885632 ----a-w- C:\Windows\System32\msi.dll
2014-10-11 07:43:51 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-11 07:43:08 2307072 ----a-w- C:\Windows\System32\authui.dll
2014-10-11 05:58:05 8858624 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-10-11 05:57:57 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-10-11 05:57:21 295424 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-10-11 05:57:21 2416640 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-11 05:56:37 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-10-11 05:41:57 146944 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-11 05:41:43 713728 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-11 05:05:20 146944 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-11 05:04:59 713728 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:21:18 522728 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-02 22:29:25 267264 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-02 22:29:16 783872 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 22:29:16 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2014-10-01 23:05:12 4068864 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:01:59.93 ===============
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 29 December 2014 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 29 December 2014 - 10:49 AM

Hi Nasdaq, 

 

I was unsure whether or not to attach the attach.txt from the DDS log - should I? 

 

Here are the Farbar logs...

 

Thanks,

 

Attached File  Addition.txt   26.45KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by ANI (administrator) on A on 29-12-2014 15:18:46
Running from C:\Users\ANI\Desktop
Loaded Profile: ANI (Available profiles: ANI)
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
(Maple Studio) C:\Users\ANI\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-15] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-11-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-110369167-2311385444-3870467504-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-110369167-2311385444-3870467504-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-110369167-2311385444-3870467504-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-110369167-2311385444-3870467504-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-110369167-2311385444-3870467504-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B453A466-1362-43C8-83D9-8F104D78B04A}: [NameServer] 212.159.13.49,212.159.13.50
 
FireFox:
========
FF ProfilePath: C:\Users\ANI\AppData\Roaming\Mozilla\Firefox\Profiles\mvzqibx2.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-25]
 
Chrome: 
=======
CHR Profile: C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Google Drive) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
CHR Extension: (YouTube) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
CHR Extension: (Adblock Plus) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-17]
CHR Extension: (Google Search) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
CHR Extension: (Hola Better Internet) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-24]
CHR Extension: (Avast Online Security) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-18]
CHR Extension: (Skype Click to Call) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
CHR Extension: (ScriptSafe) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-17]
CHR Extension: (Gmail) - C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-15] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-15] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-15] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-15] (Avast Software)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 15:18 - 2014-12-29 15:19 - 00020060 _____ () C:\Users\ANI\Desktop\FRST.txt
2014-12-29 15:17 - 2014-12-29 15:18 - 02123264 _____ (Farbar) C:\Users\ANI\Desktop\FRST64.exe
2014-12-28 19:04 - 2014-12-28 19:04 - 00000197 _____ () C:\Windows\system32\2014-12-28-19-04-15.037-AvastVBoxSVC.exe-3624.log
2014-12-28 19:01 - 2014-12-28 19:01 - 00376136 _____ () C:\Windows\Minidump\122814-75171-01.dmp
2014-12-26 23:31 - 2014-12-26 23:31 - 00002019 _____ () C:\Users\ANI\Desktop\attach.zip
2014-12-26 22:57 - 2014-12-26 23:09 - 00003851 _____ () C:\Users\ANI\Desktop\attach.txt
2014-12-26 22:57 - 2014-12-26 23:07 - 00025121 _____ () C:\Users\ANI\Desktop\dds.txt
2014-12-26 22:50 - 2014-12-26 22:50 - 00688992 ____R (Swearware) C:\Users\ANI\Desktop\dds (2).com
2014-12-26 22:48 - 2014-12-26 22:48 - 00688992 _____ (Swearware) C:\Users\ANI\Downloads\dds (1).com
2014-12-26 22:47 - 2014-12-26 22:47 - 00688992 _____ (Swearware) C:\Users\ANI\Downloads\dds.com
2014-12-26 13:24 - 2014-12-26 13:24 - 00000197 _____ () C:\Windows\system32\2014-12-26-13-24-25.010-AvastVBoxSVC.exe-4144.log
2014-12-26 12:12 - 2014-12-26 12:12 - 00000077 ____H () C:\Users\ANI\Documents\.~lock.Untitled 2.odt#
2014-12-21 10:48 - 2014-12-29 14:54 - 00000000 ____D () C:\Users\ANI\AppData\Roaming\Skype
2014-12-21 10:48 - 2014-12-21 10:48 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-21 10:48 - 2014-12-21 10:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 10:48 - 2014-12-21 10:48 - 00000000 ____D () C:\Users\ANI\AppData\Local\Skype
2014-12-21 10:48 - 2014-12-21 10:48 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 10:48 - 2014-12-21 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-21 10:45 - 2014-12-21 10:46 - 44841568 _____ (Skype Technologies S.A.) C:\Users\ANI\Downloads\SkypeSetupFull.exe
2014-12-21 02:17 - 2014-12-21 02:17 - 00000197 _____ () C:\Windows\system32\2014-12-21-02-17-34.050-AvastVBoxSVC.exe-3584.log
2014-12-21 02:14 - 2014-12-21 02:14 - 00373720 _____ () C:\Windows\Minidump\122114-27187-01.dmp
2014-12-20 20:08 - 2014-12-20 20:09 - 00000000 ____D () C:\Users\ANI\Downloads\Paxilprogress closing - paxilprogress_files
2014-12-20 20:08 - 2014-12-20 20:08 - 00108027 _____ () C:\Users\ANI\Downloads\Paxilprogress closing - paxilprogress.htm
2014-12-18 15:24 - 2014-12-18 15:24 - 00000197 _____ () C:\Windows\system32\2014-12-18-15-24-26.012-AvastVBoxSVC.exe-3288.log
2014-12-18 15:21 - 2014-12-18 15:22 - 00376976 _____ () C:\Windows\Minidump\121814-91453-01.dmp
2014-12-17 20:08 - 2014-12-17 20:08 - 00000197 _____ () C:\Windows\system32\2014-12-17-20-08-21.029-AvastVBoxSVC.exe-3080.log
2014-12-17 20:04 - 2014-12-17 20:05 - 00403552 _____ () C:\Windows\Minidump\121714-3488046-01.dmp
2014-12-17 02:15 - 2014-12-17 02:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:08 - 2014-12-15 18:09 - 00000247 _____ () C:\Windows\system32\2014-12-15-18-08-59.025-aswFe.exe-2652.log
2014-12-15 17:58 - 2014-12-15 18:08 - 00000247 _____ () C:\Windows\system32\2014-12-15-17-58-53.013-aswFe.exe-4280.log
2014-12-15 17:58 - 2014-12-15 17:58 - 00000197 _____ () C:\Windows\system32\2014-12-15-17-58-48.091-AvastVBoxSVC.exe-4116.log
2014-12-15 17:51 - 2014-12-15 17:51 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-15 17:51 - 2014-12-15 17:51 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-15 11:27 - 2014-12-15 11:27 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-15 11:26 - 2014-12-15 11:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-15 11:26 - 2014-12-15 11:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-15 10:29 - 2014-12-15 10:29 - 00376400 _____ () C:\Windows\Minidump\121514-27671-01.dmp
2014-12-15 02:36 - 2014-12-15 02:37 - 00374312 _____ () C:\Windows\Minidump\121514-44375-01.dmp
2014-12-14 12:31 - 2014-12-14 12:32 - 01236748 _____ () C:\Users\ANI\Downloads\facebook-aurorankem (1).zip
2014-12-12 19:51 - 2014-12-12 19:51 - 00081074 _____ () C:\Users\ANI\Documents\SA response.odt
2014-12-01 00:07 - 2014-12-01 00:07 - 00371232 _____ () C:\Windows\Minidump\120114-24671-01.dmp
2014-11-30 22:54 - 2014-11-30 22:54 - 00000000 __SHD () C:\Recovery
2014-11-30 22:42 - 2014-11-30 22:42 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-11-29 12:44 - 2014-11-29 12:45 - 00376624 _____ () C:\Windows\Minidump\112914-42375-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 15:18 - 2014-08-18 05:29 - 00000000 ____D () C:\FRST
2014-12-29 15:00 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 14:28 - 2014-08-17 20:12 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 12:33 - 2014-08-17 19:51 - 01738212 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 19:44 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-28 19:03 - 2014-08-17 19:52 - 00000074 _____ () C:\Users\ANI\AppData\Roaming\sp_data.sys
2014-12-28 19:01 - 2014-11-18 02:14 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 19:01 - 2014-08-17 20:11 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 19:01 - 2012-07-26 07:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 19:00 - 2014-11-18 02:14 - 472015663 _____ () C:\Windows\MEMORY.DMP
2014-12-28 19:00 - 2014-09-06 01:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-28 17:02 - 2014-09-15 15:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-26 15:33 - 2014-08-17 20:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 13:53 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\rescache
2014-12-26 13:19 - 2012-08-02 13:24 - 00058730 _____ () C:\Windows\PFRO.log
2014-12-26 12:19 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-23 08:54 - 2014-08-17 20:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-19 23:22 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-18 23:03 - 2014-08-19 08:39 - 00276994 _____ () C:\Users\ANI\Documents\I feel.odt
2014-12-18 17:26 - 2014-08-19 03:11 - 00794432 _____ () C:\Windows\system32\perfh010.dat
2014-12-18 17:26 - 2014-08-19 03:11 - 00156832 _____ () C:\Windows\system32\perfc010.dat
2014-12-18 17:26 - 2012-07-26 07:28 - 01781840 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 18:07 - 2014-08-17 20:24 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-110369167-2311385444-3870467504-1001
2014-12-15 11:26 - 2014-08-17 20:21 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-15 11:26 - 2014-08-17 20:19 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-15 11:26 - 2014-08-17 20:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-15 02:36 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\IME
2014-12-13 19:38 - 2013-04-25 23:15 - 06712094 _____ () C:\Windows\AsDebug.log
2014-12-12 15:31 - 2014-08-17 20:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 23:54 - 2014-08-17 20:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 23:54 - 2014-08-17 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 23:54 - 2014-08-17 20:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 23:23 - 2014-09-24 20:41 - 00000000 ___HD () C:\$Windows.~BT
2014-11-30 23:12 - 2014-08-17 19:51 - 00000000 ____D () C:\Users\ANI
2014-11-30 22:28 - 2014-09-10 23:11 - 00077826 _____ () C:\Users\ANI\Desktop\knows.odt
2014-11-30 22:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-30 22:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-11-30 22:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-11-30 22:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-30 22:26 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-30 22:23 - 2014-10-29 11:15 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-30 22:23 - 2014-10-29 11:15 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-30 21:19 - 2014-08-20 21:19 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-11-30 21:19 - 2013-04-26 07:19 - 00058088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-11-30 21:19 - 2013-04-26 07:13 - 02367528 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-11-30 21:19 - 2013-04-26 07:13 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-11-30 21:19 - 2013-04-26 07:13 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2014-11-30 21:19 - 2013-04-26 07:13 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-11-30 21:19 - 2013-04-26 07:13 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2014-11-30 21:19 - 2013-04-26 07:13 - 00083968 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-11-30 21:19 - 2012-07-26 02:13 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-11-30 21:19 - 2012-07-26 02:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-11-30 21:19 - 2012-07-26 02:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-11-30 21:19 - 2012-07-26 02:06 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-11-30 21:19 - 2012-07-26 01:35 - 04881408 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-11-30 21:19 - 2012-07-26 01:27 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-11-30 18:18 - 2014-11-04 16:35 - 00068583 _____ () C:\Windows\diagwrn.xml
2014-11-30 18:18 - 2014-11-04 16:35 - 00068583 _____ () C:\Windows\diagerr.xml
2014-11-30 18:18 - 2012-07-26 07:21 - 01183220 _____ () C:\Windows\setupact.log
2014-11-30 18:18 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-30 18:16 - 2012-07-26 08:13 - 00005979 _____ () C:\Windows\DtcInstall.log
2014-11-30 18:07 - 2014-11-04 17:30 - 00004668 _____ () C:\Windows\comsetup.log
2014-11-30 18:06 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\Registration
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-22 12:02
 
==================== End Of Log ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 30 December 2014 - 09:05 AM

Nothing suspicious was found on your FRST log.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Pease let me know what problem persists.

#5 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 30 December 2014 - 09:21 AM

Thanks will run both - idk if this is significant but in the attach.txt and addition.txt there was a whole load of errors, including one described as a fatal alert...

 

Adwcleaner report (I haven't cleaned anything because idk what they are):

 

# AdwCleaner v4.106 - Report created 30/12/2014 at 14:24:38
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8 (64 bits)
# Username : ANI - A
# Running from : C:\Users\ANI\Downloads\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Found : C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v34.0.5 (x86 en-GB)


-\\ Google Chrome v39.0.2171.95

[C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1507 octets] - [30/12/2014 14:24:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1567 octets] ##########


Edited by Violette, 30 December 2014 - 09:37 AM.


#6 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 30 December 2014 - 10:22 AM

Damn, that junkyard removal tool just deleted my browser without asking and like a million unsaved bookmarks along with it...

 

Can I system restore to undo this or something?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by ANI on 30/12/2014 at 14:57:58.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\ASKINSTALLER.EXE-7BF9D02A.pf



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\ANI\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/12/2014 at 15:12:12.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 30 December 2014 - 11:21 AM

If you are talking about Hola Better Internet I suggest your reinstall it.

https://chrome.google.com/webstore/detail/hola-better-internet/gkojfkhlekighikafcpjkiklfbnlmeio?hl=en

We have just found out that the older version had some adware/popups and carrying adds.
The new version is clean.

#8 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 30 December 2014 - 12:30 PM

No it was my CoolNovo browser, but it's ok I found another way to access it...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 30 December 2014 - 02:34 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 01 January 2015 - 09:39 AM

What are the remaining issues with this computer?

#11 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 01 January 2015 - 10:30 AM

Well I'm not really sure what's wrong with it. I'm concerned something might be hiding on it considering I got the message a threat had been detected on my Avast but then couldn't access the report and on restart there was no note of it.

 

I have the quarantined items in Avast which I would ideally like deleted, in fact I was just gonna do a total reinstall until I found out that isn't foolproof. Is it safe for them to stay in quarantine?

 

Also, I'm sorry but I don't know what any of this stuff detected in these scans I've done here mean. As I mentioned I didn't select to "clean" for adwcleaner scan because I don't know what I would be cleaning. Did it detect a virus? Similar thing with the junkyard tool, idk what it deleted or why it semi disabled my browser so I now just get a "class not registered" error message when I try to open it. Should I stop using that browser? it's become v. slow lately and it doesn't have Hola on it only my Chrome has that.

 

*Thanks for the guide.


Edited by Violette, 01 January 2015 - 10:31 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 01 January 2015 - 11:06 AM

I have the quarantined items in Avast which I would ideally like deleted, in fact I was just gonna do a total reinstall until I found out that isn't foolproof. Is it safe for them to stay in quarantine?

Yes it's safe. All you have to do is delete them.

Items found by AdwCleaner.

Hola Better Internet chrome extension
---> Chrome: gkojfkhlekighikafcpjkiklfbnlmeio

Skype Toolbar/Extension
---> Chrome: lifbcibllhkdhoafpjfnlhfpfgnpldfl

The same Skype but for Firefox.
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Your call if you want to save them.

===

This one you should clean.
[C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

===

Did it detect a virus? Similar thing with the junkyard tool, idk what it deleted or why it semi disabled my browser so I now just get a "class not registered" error message when I try to open it. Should I stop using that browser?


If you are referring to Firefox reset it.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

How is it now?

#13 Violette

Violette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 01 January 2015 - 11:52 AM

No not Firefox, CoolNovo. I'm only using Firefox now because of the issues with the other browser.

 

What are the error messages in the attach/addition logs about?

 

I had fake download attempts since those quarantined viruses which avast didn't block (all I could do was try to quickly close the page) and none of my other anti-malware picked up on - what I'm really concerned about is that something's there that hasn't come up yet.

 

"This one you should clean.
[C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}"

 

Is that a virus?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 01 January 2015 - 02:29 PM

quote]"This one you should clean.
[C:\Users\ANI\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}"

Is that a virus?[/quote]
No it's a redirect to ASK.COM with supports Adware.

===

No not Firefox, CoolNovo

I do not know about this browser. I suggest you reinstall the application.

Errors in the Additiont.txt log are windows documented errors.

Unless you have issues we do not investigate it.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 04 January 2015 - 04:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users