Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Malware-gen Removal Help


  • This topic is locked This topic is locked
9 replies to this topic

#1 silent_orchestra91

silent_orchestra91

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 18 September 2015 - 07:48 AM

Hi,

 

Recently, my AVAST (Free Edition) antivirus detected a file as Win32:Malware-Gen. I am not sure if Avast has successfully cleaned it from the system along any other associated PUPs. Also, computer performance has been sluggish lately.

 

Would like to seek help on completely cleaning Win32:Malware-Gen from the system. How should I go about removing the threats from my system?

 

Thank you.

 

Update: I have attached the FRST logs (Forgot to do so earlier).

 

________________________________________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Admin (administrator) on ACER (18-09-2015 21:36:07)
Running from C:\Users\Admin\Desktop
Loaded Profiles: UpdatusUser & Admin &  (Available Profiles: UpdatusUser & Admin & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-18] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{505CB1AF-6D7D-4C37-A781-CCF0DA347177}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8A630385-DC83-418A-A657-69B04B0CCC73}: [DhcpNameServer] 137.132.0.254 137.132.0.252
 
Internet Explorer:
==================
HKU\S-1-5-21-3862015544-1800369456-3920519450-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3862015544-1800369456-3920519450-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002 -> DefaultScope {97A48263-D8B6-4C65-8702-82F2C4E0B8CD} URL = 
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002 -> {97A48263-D8B6-4C65-8702-82F2C4E0B8CD} URL = 
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {97A48263-D8B6-4C65-8702-82F2C4E0B8CD} URL = 
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {97A48263-D8B6-4C65-8702-82F2C4E0B8CD} URL = 
SearchScopes: HKU\S-1-5-21-3862015544-1800369456-3920519450-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-01] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-01] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-07]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-12]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-25]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-01]
 
Chrome: 
=======
CHR DefaultSearchURL: Profile 3 -> hxxps://www.dotabuff.com/players/83894570
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-14]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-14]
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-14]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Session Buddy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-05-14]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-01]
CHR Extension: (Dropbox) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14]
CHR Extension: (Google Maps) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-18] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-18] (Avast Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-09-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-18] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454528 2015-09-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-18] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-18] (AVAST Software)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-18] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-18 21:36 - 2015-09-18 21:36 - 00027155 _____ C:\Users\Admin\Desktop\FRST.txt
2015-09-18 21:34 - 2015-09-18 21:36 - 00000000 ____D C:\FRST
2015-09-18 21:34 - 2015-09-18 21:34 - 02191360 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-09-18 20:13 - 2015-09-18 20:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-18 20:12 - 2015-09-18 20:12 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-18 20:12 - 2015-09-18 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-18 20:11 - 2015-09-18 20:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-18 20:11 - 2015-09-18 20:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-18 20:11 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-18 20:11 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-18 20:11 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-18 20:08 - 2015-09-18 20:08 - 01798976 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2015-09-18 20:07 - 2015-09-18 20:07 - 01662976 _____ C:\Users\Admin\Desktop\adwcleaner_5.008.exe
2015-09-18 19:55 - 2015-09-18 19:59 - 00128634 ____H C:\Users\Admin\Desktop\~WRL0252.tmp
2015-09-18 18:01 - 2015-09-18 18:01 - 00001942 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-09-18 18:01 - 2015-09-18 17:59 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-09-18 18:00 - 2015-09-18 18:00 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-18 18:00 - 2015-09-18 18:00 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-18 17:59 - 2015-09-18 17:59 - 00454528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-09-12 16:27 - 2015-09-12 18:44 - 00000497 _____ C:\Users\Admin\Desktop\autoexec.txt
2015-09-09 19:17 - 2015-08-26 22:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 19:16 - 2015-08-27 10:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 19:16 - 2015-08-27 02:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 19:16 - 2015-08-27 02:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 19:16 - 2015-08-27 02:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 19:16 - 2015-08-27 02:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 19:16 - 2015-08-26 22:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 19:16 - 2015-08-26 22:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 19:16 - 2015-08-26 22:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 19:16 - 2015-08-26 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 19:16 - 2015-08-26 22:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 19:16 - 2015-08-26 22:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 19:13 - 2015-09-03 10:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 19:13 - 2015-09-03 10:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 19:13 - 2015-09-03 02:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 19:13 - 2015-09-03 01:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 19:13 - 2015-07-31 01:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 19:13 - 2015-07-31 00:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 19:13 - 2015-07-22 22:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 19:13 - 2015-07-22 21:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 19:13 - 2015-07-17 22:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 19:13 - 2015-07-17 22:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 19:13 - 2015-06-27 19:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 19:12 - 2015-06-20 01:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-09 19:11 - 2015-08-01 11:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 19:11 - 2015-08-01 11:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 19:11 - 2015-08-01 11:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 19:11 - 2015-08-01 11:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 19:11 - 2015-08-01 11:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 19:11 - 2015-07-22 22:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 19:11 - 2015-07-22 22:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 19:11 - 2015-07-19 02:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 19:11 - 2015-07-14 03:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-09 19:10 - 2015-08-23 02:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 19:10 - 2015-08-23 01:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 19:10 - 2015-08-23 01:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 19:10 - 2015-08-23 01:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 19:10 - 2015-08-23 01:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 19:10 - 2015-08-23 01:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 19:10 - 2015-08-23 00:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 19:10 - 2015-08-23 00:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 19:10 - 2015-08-23 00:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 19:10 - 2015-08-23 00:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 19:10 - 2015-08-23 00:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 19:10 - 2015-08-23 00:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 19:10 - 2015-08-23 00:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 19:10 - 2015-08-23 00:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 19:10 - 2015-08-23 00:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 19:10 - 2015-08-23 00:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 19:10 - 2015-08-23 00:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 19:10 - 2015-08-23 00:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 19:10 - 2015-08-04 05:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 19:10 - 2015-08-04 05:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 19:10 - 2015-08-01 22:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 19:10 - 2015-07-22 22:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 19:10 - 2015-07-22 22:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 19:10 - 2015-07-19 02:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 19:10 - 2015-07-19 02:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 19:10 - 2015-07-19 02:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 19:10 - 2015-07-10 00:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-09 19:10 - 2015-07-04 05:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-09 19:10 - 2015-07-03 22:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-09 19:09 - 2015-08-23 00:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 19:09 - 2015-08-23 00:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 19:09 - 2015-08-23 00:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 19:09 - 2015-08-23 00:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 19:09 - 2015-08-23 00:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 19:09 - 2015-08-23 00:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 19:09 - 2015-08-23 00:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 19:09 - 2015-08-23 00:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 19:09 - 2015-08-23 00:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 19:09 - 2015-08-22 23:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 19:09 - 2015-08-22 23:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 19:03 - 2015-09-02 10:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 19:03 - 2015-09-02 10:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 19:03 - 2015-09-02 10:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 19:03 - 2015-09-02 10:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 19:03 - 2015-09-02 10:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 19:02 - 2015-07-14 11:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-09 19:02 - 2015-07-11 03:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-04 19:02 - 2015-09-04 19:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-01 18:26 - 2015-09-01 18:26 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-01 18:26 - 2015-09-01 18:26 - 00000000 ____D C:\Windows\system32\vbox
2015-09-01 14:36 - 2015-09-01 14:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2015-09-01 14:34 - 2015-09-18 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-01 14:33 - 2015-09-18 18:01 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-01 14:33 - 2015-09-18 18:00 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-01 14:33 - 2015-09-18 18:00 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-01 14:33 - 2015-09-18 17:59 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-01 14:33 - 2015-09-18 17:59 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-01 14:32 - 2015-09-01 14:32 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-30 18:45 - 2015-08-30 18:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sun
2015-08-30 18:45 - 2015-08-30 18:45 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2015-08-29 22:16 - 2015-09-01 21:59 - 00000470 _____ C:\Users\Admin\Desktop\Korean Indie Playlist.txt
2015-08-21 14:02 - 2015-05-08 01:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-21 14:02 - 2015-05-08 01:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-21 14:02 - 2015-05-08 00:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-21 14:02 - 2015-05-08 00:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-21 13:57 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-21 13:57 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-21 13:57 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-21 13:57 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-21 13:57 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-21 13:50 - 2015-07-29 07:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-21 13:50 - 2015-07-28 22:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-21 13:50 - 2015-07-28 22:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-21 13:50 - 2015-07-28 22:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-21 13:50 - 2015-07-28 22:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-21 13:50 - 2015-07-28 22:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-21 13:50 - 2015-07-28 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-21 13:50 - 2015-06-27 07:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-21 13:46 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-21 13:46 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-21 13:41 - 2015-07-11 02:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-21 13:41 - 2015-07-11 01:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-21 13:41 - 2015-07-11 01:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-21 13:41 - 2015-07-11 00:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-21 13:36 - 2015-07-29 22:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-21 13:36 - 2015-07-29 22:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-21 13:36 - 2015-07-29 22:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-21 13:36 - 2015-05-08 00:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-20 16:28 - 2015-06-12 04:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-20 16:28 - 2015-06-12 04:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-18 21:38 - 2014-01-10 05:55 - 01640109 _____ C:\Windows\WindowsUpdate.log
2015-09-18 21:32 - 2014-06-25 19:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-18 21:30 - 2014-01-25 16:05 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 21:07 - 2015-06-28 21:56 - 00000928 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862015544-1800369456-3920519450-1002UA.job
2015-09-18 21:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-18 20:54 - 2015-06-02 19:00 - 00000000 ____D C:\Users\Admin\Desktop\Honours Thesis
2015-09-18 20:17 - 2014-01-26 06:46 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3862015544-1800369456-3920519450-1002
2015-09-18 20:12 - 2015-03-20 10:08 - 00000000 ____D C:\Users\Admin\Desktop\JK Docs
2015-09-18 19:50 - 2014-01-25 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2015-09-18 19:07 - 2014-05-15 17:08 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-18 18:29 - 2014-02-01 18:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-09-18 18:21 - 2013-11-05 18:52 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-18 18:08 - 2015-01-25 22:24 - 00000000 ___RD C:\Users\Admin\Dropbox
2015-09-18 18:08 - 2015-01-25 22:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2015-09-18 18:06 - 2014-01-25 16:05 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 18:03 - 2013-11-05 18:50 - 00105900 _____ C:\Windows\PFRO.log
2015-09-18 18:03 - 2013-08-22 22:46 - 00044427 _____ C:\Windows\setupact.log
2015-09-18 18:03 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-18 18:02 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-18 17:53 - 2013-08-22 22:44 - 00381064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-18 16:58 - 2014-01-26 06:53 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6E7FB792-1E68-4513-8F1C-3180A3512494}
2015-09-18 11:07 - 2015-06-28 21:56 - 00000876 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862015544-1800369456-3920519450-1002Core.job
2015-09-18 01:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-18 01:25 - 2014-01-25 16:05 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 01:25 - 2014-01-25 16:05 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 14:48 - 2014-01-25 16:05 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-16 17:35 - 2014-01-25 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2015-09-15 21:57 - 2015-05-14 09:42 - 00000000 ___RD C:\Users\Admin\OneDrive
2015-09-15 21:57 - 2015-04-19 18:55 - 00003088 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3862015544-1800369456-3920519450-1002
2015-09-12 18:44 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-09-12 18:02 - 2015-05-07 14:12 - 00000000 ____D C:\ProgramData\TEMP
2015-09-11 09:49 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-11 09:49 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 00:29 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-09 23:51 - 2014-01-25 20:44 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 00:47 - 2014-01-26 06:39 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2015-09-01 14:42 - 2014-05-08 23:21 - 00000000 ____D C:\Users\Admin\Desktop\Xuan School
2015-09-01 14:38 - 2014-04-05 20:29 - 00000000 ____D C:\ProgramData\MFAData
2015-09-01 14:31 - 2015-06-21 10:38 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-01 14:29 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-01 01:08 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-30 18:46 - 2014-08-07 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-30 18:46 - 2014-01-25 16:53 - 00000000 ____D C:\ProgramData\Oracle
2015-08-30 18:46 - 2014-01-25 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-30 18:45 - 2014-08-07 17:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 18:45 - 2014-01-26 06:39 - 00000000 ____D C:\Users\Admin
2015-08-26 18:37 - 2014-01-25 20:43 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 23:31 - 2013-11-05 18:49 - 00000000 ____D C:\Windows\Panther
2015-08-25 23:25 - 2015-07-10 21:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-25 22:07 - 2015-04-25 23:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-25 22:07 - 2015-04-25 23:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-25 22:07 - 2014-12-20 22:44 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-25 22:07 - 2014-07-12 22:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-25 22:07 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-25 08:04 - 2014-01-25 16:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2014-01-10 06:30 - 2014-01-10 06:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxbs1v.dll
C:\Users\Admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Admin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Admin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\SetupHomeStudentRetail.x86.en-US_HomeStudentRetail_QHFCH-NKVV8-99VM7-M29VF-TVGKR_act_1_.exe
C:\Users\Admin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-12 02:47
 
==================== End of FRST.txt ============================

Attached Files


Edited by silent_orchestra91, 18 September 2015 - 08:43 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 PM

Posted 18 September 2015 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-07]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-01]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 silent_orchestra91

silent_orchestra91
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 18 September 2015 - 08:28 PM

Hi Nasdaq,

 

Thanks for replying.  I have attached the new FRST log as well as the AdwCleaner log.

 

Are all the items in the AdwCleaner safe to delete? I am not sure if there are any false positives.

 

Computer seems to be smoother but not sure if Win32:Malware-Gen is still in the system.

 

What should I do from here?

 

 

_________________________________________________________________________________________________

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Admin (2015-09-19 09:11:49) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: UpdatusUser & Admin (Available Profiles: UpdatusUser & Admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-07]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-01]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
Firefox SelectedSearchEngine removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\ProgramData\TEMP => ":6DDED7D9" ADS removed successfully.
EmptyTemp: => 3.7 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-19 09:19:23)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 09:19:23 ====
 
_________________________________________________________________________________________________________________________
 
# AdwCleaner v5.008 - Logfile created 19/09/2015 at 09:23:31
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Admin - ACER
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.008.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_0814av
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKU\S-1-5-21-3862015544-1800369456-3920519450-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
 
***** [ Web browsers ] *****
 
[C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default\prefs.js] [Preference] Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3361 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 PM

Posted 19 September 2015 - 09:09 AM

You can clean everything found by the AdwCleaner tool.

Any issues with the computer?

#5 silent_orchestra91

silent_orchestra91
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 19 September 2015 - 11:41 PM

Hi Nasdaq,

 

I have just cleaned the items as you suggested. Here is the log.

 

As of now not much issues but the startup seems a little slow after the restart by AdwCleaner. Not sure if that was because AdwCleaner was trying to generate the log file which might have slowed the startup. Would probably monitor the computer performance over the next 3 days to see if there are any issues.

 

What is the next step from here?

 

Thanks.

 

______________________________________________________________

 

# AdwCleaner v5.008 - Logfile created 20/09/2015 at 12:30:58
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Admin - ACER
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814av
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[!] Key Not Deleted : HKU\S-1-5-21-3862015544-1800369456-3920519450-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a8tj5hrl.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3631 bytes] ##########


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 PM

Posted 20 September 2015 - 07:25 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 silent_orchestra91

silent_orchestra91
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 September 2015 - 07:19 AM

Hi Nasdaq,

 

Yupp, seems like all is well. 

 

Is it safe to assume that the system is from from the specified infection?

 

Thank you.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 PM

Posted 21 September 2015 - 12:09 PM

Potentially Unwanted Programs was the cause. Nothing to worry about.

#9 silent_orchestra91

silent_orchestra91
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 September 2015 - 01:26 PM

Alright,

 

Thanks for the help!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:15 PM

Posted 22 September 2015 - 06:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users