Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection of URL:Mal & Avast "blocked harmful webpage" keeps displaying


  • Please log in to reply
4 replies to this topic

#1 pinstructor

pinstructor

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 01 November 2015 - 11:52 PM

Hello,

 

Today my Avast Antivirus diplayed several pop-ups notifying me that it had blocked several harmful files. My computer also prompted me numerous times to open a command prompt in Windows, but I kept denying/cancelling these prompts. After closing the messages, I began the process of discovering what was wrong, and I kept receiving Avast pop-ups every 30 seconds or so. These messages notify me that "Avast Web Shield has blocked a harmful webpage or file," and they all show the Infection "URL: Mal." The Process is usually located in C:\\Windows\explorer.exe.

 

I have run several Malware and virus removal tools, including my Avast Antivirus scanner, Malwarebytes, adwcleaner, HitmanPro, TFC, and JRT. However, the problem still persists. It does not matter if I have a web browser open (I use Firefox), and the pop-ups only stop once I disconnect from the internet.

 

Below I have pasted my FRST file, and I have attached the Addition file to this post. Your help would be greatly appreciated. Thank you.

--------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by pwarant (administrator) on POO (01-11-2015 23:38:27)
Running from C:\Users\pwarant\Desktop
Loaded Profiles: pwarant (Available Profiles: pwarant)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Users\pwarant\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-11-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [Amazon Music] => C:\Users\pwarant\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [2112293204] => regsvr32.exe "C:\ProgramData\Ligdi\Juygim.dll"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-10-14]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\pwarant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-08-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3C71BD0E-9A03-414B-8762-7DECCEA449EE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> DefaultScope {9A1FC71A-C973-48FB-BD30-54B0DDA813EE} URL =
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> {9A1FC71A-C973-48FB-BD30-54B0DDA813EE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-01] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-01] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\pwarant\AppData\Roaming\Mozilla\Firefox\Profiles\i107eds2.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\pwarant\AppData\Roaming\Mozilla\Firefox\Profiles\i107eds2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-01] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Docs) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (Google Drive) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-11-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-11-01] (Avast Software)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-11-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-11-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-11-01] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-30] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-28] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-11-01] (AVAST Software)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-11-01] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 23:38 - 2015-11-01 23:38 - 00020978 _____ C:\Users\pwarant\Desktop\FRST.txt
2015-11-01 23:38 - 2015-11-01 23:38 - 00000000 ____D C:\FRST
2015-11-01 23:37 - 2015-11-01 23:37 - 02198016 _____ (Farbar) C:\Users\pwarant\Desktop\FRST64.exe
2015-11-01 23:04 - 2015-11-01 23:04 - 00000000 ____D C:\ProgramData\VIPRE
2015-11-01 22:48 - 2015-11-01 23:11 - 00000000 ____D C:\ProgramData\SpeedyPC Software
2015-11-01 22:48 - 2015-11-01 22:48 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\SpeedyPC Software
2015-11-01 22:48 - 2015-11-01 22:48 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2015-11-01 22:13 - 2015-11-01 22:13 - 00000000 _____ C:\autoexec.bat
2015-11-01 21:57 - 2015-11-01 21:57 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-01 21:57 - 2015-11-01 21:57 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-01 21:56 - 2015-11-01 22:02 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-01 21:48 - 2015-11-01 21:48 - 00001341 _____ C:\Users\pwarant\Desktop\JRT.txt
2015-11-01 20:47 - 2015-11-01 20:47 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-01 20:47 - 2015-11-01 20:47 - 00001942 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-01 20:47 - 2015-11-01 20:47 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\AVAST Software
2015-11-01 20:47 - 2015-11-01 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-01 20:45 - 2015-11-01 20:48 - 00000000 ____D C:\Users\pwarant\AppData\Local\Google
2015-11-01 20:45 - 2015-11-01 20:45 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-01 20:45 - 2015-11-01 20:45 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-01 20:45 - 2015-11-01 20:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-01 20:42 - 2015-11-01 20:42 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-01 19:39 - 2015-11-01 21:42 - 00000000 ____D C:\AdwCleaner
2015-11-01 18:28 - 2015-11-01 20:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 18:26 - 2015-11-01 18:26 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 18:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-01 18:26 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-01 18:26 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-01 18:05 - 2015-11-01 18:38 - 00000000 ____D C:\ProgramData\Ligdi
2015-11-01 18:05 - 2015-11-01 18:06 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-11-01 15:18 - 2015-11-01 15:18 - 00008743 _____ C:\Users\pwarant\Desktop\the-assassin_english-1206464.zip
2015-11-01 15:04 - 2015-11-01 15:04 - 00016626 _____ C:\Users\pwarant\Desktop\black-coal-thin-ice_english-990479.zip
2015-11-01 12:38 - 2015-11-01 12:38 - 00034442 _____ C:\Users\pwarant\Desktop\mission-impossible-5_english-1217038.zip
2015-11-01 11:37 - 2015-11-01 11:37 - 00241588 _____ C:\Users\pwarant\Desktop\[DeadFish] Giovanni no Shima - Movie [BD][720p][AAC].mp4.torrent
2015-11-01 11:37 - 2015-11-01 11:37 - 00012576 _____ C:\Users\pwarant\Desktop\[silphur8] Giovanni's Island (Hi10P, 720p) [5A719E5D].mkv.torrent
2015-10-28 17:01 - 2015-10-29 06:55 - 00000000 ____D C:\Users\pwarant\Desktop\ENG101-Y10 Paper 1
2015-10-24 22:49 - 2015-10-24 22:49 - 00238412 _____ C:\Users\pwarant\Desktop\bookmarks-2015-10-24.json
2015-10-23 18:06 - 2015-11-01 23:16 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-23 18:04 - 2015-11-01 20:49 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-23 18:04 - 2015-11-01 20:49 - 00000000 ____D C:\Windows\system32\vbox
2015-10-23 18:02 - 2015-10-23 18:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 17:59 - 2015-10-23 18:00 - 00290384 _____ C:\Windows\Minidump\102315-28140-01.dmp
2015-10-23 16:25 - 2015-10-23 16:39 - 00018462 ____H C:\Users\pwarant\Desktop\~WRL2105.tmp
2015-10-20 14:09 - 2015-10-24 05:37 - 00000000 ____D C:\Users\pwarant\AppData\LocalLow\HuniePot
2015-10-11 14:14 - 2015-10-11 14:14 - 04745038 ____T C:\Users\pwarant\Desktop\The Warsaw ghetto uprising Armed Jews vs Nazis.oxps
2015-10-02 19:32 - 2015-10-02 19:37 - 319507479 _____ C:\Users\pwarant\Downloads\[BakedFish] Arslan Senki (2015) - 05 [720p][AAC].mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 23:34 - 2013-10-14 17:22 - 01783391 _____ C:\Windows\WindowsUpdate.log
2015-11-01 23:18 - 2014-05-10 10:20 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3255076510-885755254-634479317-1001
2015-11-01 23:17 - 2013-10-10 22:00 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-01 23:13 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-11-01 23:13 - 2013-08-22 09:46 - 00040239 _____ C:\Windows\setupact.log
2015-11-01 23:13 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-01 23:12 - 2013-10-10 21:52 - 01332618 _____ C:\Windows\PFRO.log
2015-11-01 23:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-01 22:49 - 2014-12-12 19:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-01 21:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-01 19:42 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-01 19:36 - 2013-08-22 09:44 - 00474816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-01 19:35 - 2014-05-10 10:14 - 00000000 ____D C:\Users\pwarant
2015-11-01 18:49 - 2014-05-30 12:04 - 00000000 ____D C:\Users\pwarant\Desktop\Adventure Games
2015-11-01 18:09 - 2014-05-10 10:44 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\uTorrent
2015-11-01 18:07 - 2014-05-31 13:51 - 00000000 ____D C:\Users\pwarant\AppData\Local\CrashDumps
2015-11-01 15:41 - 2014-05-30 21:01 - 00000000 ____D C:\Users\pwarant\Desktop\Linkage
2015-11-01 15:37 - 2014-08-18 01:36 - 00000000 ____D C:\Users\pwarant\Desktop\Important Stuff
2015-11-01 00:54 - 2014-08-18 01:22 - 00000000 ____D C:\Users\pwarant\Desktop\Comics
2015-10-30 10:32 - 2014-08-19 00:48 - 00000000 ____D C:\Users\pwarant\AppData\Local\Deployment
2015-10-28 00:21 - 2015-06-09 23:58 - 00000000 ____D C:\Users\pwarant\Desktop\torrent movie
2015-10-27 21:08 - 2014-06-10 05:54 - 00000000 ____D C:\Users\pwarant\Desktop\Fic Pros
2015-10-27 06:17 - 2014-05-10 10:14 - 00000000 ____D C:\Users\pwarant\AppData\Local\Packages
2015-10-24 05:37 - 2014-05-27 19:14 - 00000000 ____D C:\GOG Games
2015-10-23 18:03 - 2014-08-19 16:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-23 17:59 - 2014-05-27 15:43 - 1306313155 _____ C:\Windows\MEMORY.DMP
2015-10-23 17:59 - 2014-05-27 15:43 - 00000000 ____D C:\Windows\Minidump
2015-10-19 16:05 - 2014-08-18 01:32 - 00000000 ____D C:\Users\pwarant\Desktop\Papers 2013-2014
2015-10-16 21:49 - 2014-12-12 19:31 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 18:54 - 2014-06-01 01:16 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\Subtitle Edit
2015-10-13 22:20 - 2014-05-27 18:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-06 00:59 - 2014-10-11 00:19 - 00000000 ____D C:\Users\pwarant\Desktop\ACER
2015-10-06 00:59 - 2014-08-18 01:27 - 00000000 ____D C:\Users\pwarant\Desktop\Ebay
2015-10-06 00:41 - 2014-05-10 11:50 - 00000000 ____D C:\Users\pwarant\Desktop\Wallpapers
2015-10-06 00:32 - 2015-08-20 14:11 - 00000000 ____D C:\Users\pwarant\Desktop\Mortgage
2015-10-05 23:40 - 2014-10-27 23:02 - 00000000 ____D C:\Users\pwarant\Desktop\Photos 2014
2015-10-02 23:52 - 2015-05-27 12:06 - 00000000 ____D C:\Users\pwarant\Desktop\torrents

==================== Files in the root of some directories =======

2015-11-01 22:48 - 2015-11-01 23:10 - 0000115 _____ () C:\Users\pwarant\AppData\Roaming\LogFile.txt
2014-08-19 23:37 - 2014-08-19 23:37 - 0000043 _____ () C:\Users\pwarant\AppData\Roaming\WB.CFG
2014-10-22 19:03 - 2014-10-22 19:03 - 0007602 _____ () C:\Users\pwarant\AppData\Local\Resmon.ResmonCfg
2013-10-14 17:59 - 2013-10-14 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-10 10:27 - 2014-05-10 11:07 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\pwarant\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-30 12:06

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:08 PM

Posted 05 November 2015 - 06:23 PM

hi,

 

If you still need help you can do this. Iam usually only on this site once or twice per day so you may not get a response back from me until the following day.

 

Copy paste whats below inside the box into notepad.

Save it as fixlist.txt in the same location you have FRST, your desktop.

Start FRST like you did before except this time click on the Fix button once. Machine may reboot to finish. After its down you will find a new log on the desktop called fixlog.txt.

Please copy/paste fixlog.txt in your reply

HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [2112293204] => regsvr32.exe "C:\ProgramData\Ligdi\Juygim.dll"
C:\ProgramData\Ligdi\Juygim.dll
EmptyTemp:

How Can I Reduce My Risk to Malware?


#3 pinstructor

pinstructor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 07 November 2015 - 09:47 PM

Hello shelf life,

 

Thank you very much for your help. I followed your directions, and I have pasted the fixlog.txt below. I should also preface this by informing you that I ran another rootkit repair program in the intervening days while I waited for a response, and it found and deleted Juygim.dll, so FRST was unable to find it when I ran the fixlist.txt as directed. Therefore, I have also pasted a new FRST file below the fixlog.txt for you to look over. I am no longer receiving Avast URL:Mal messages, so I imagine the problem is fixed barring any deeply embedded malicious files.

 

----------------------------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by pwarant (2015-11-07 21:21:11) Run:1
Running from C:\Users\pwarant\Desktop
Loaded Profiles: pwarant (Available Profiles: pwarant)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [2112293204] => regsvr32.exe "C:\ProgramData\Ligdi\Juygim.dll"
C:\ProgramData\Ligdi\Juygim.dll
EmptyTemp:
*****************

HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Windows\CurrentVersion\Run\\2112293204 => value not found.
"C:\ProgramData\Ligdi\Juygim.dll" => not found.
EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:22:15 ====

 

 

---------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by pwarant (administrator) on POO (07-11-2015 21:45:14)
Running from C:\Users\pwarant\Desktop
Loaded Profiles: pwarant (Available Profiles: pwarant)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Users\pwarant\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3255076510-885755254-634479317-1001\...\Run: [Amazon Music] => C:\Users\pwarant\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-10-14]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\pwarant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-08-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3C71BD0E-9A03-414B-8762-7DECCEA449EE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-3255076510-885755254-634479317-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> DefaultScope {9A1FC71A-C973-48FB-BD30-54B0DDA813EE} URL =
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3255076510-885755254-634479317-1001 -> {9A1FC71A-C973-48FB-BD30-54B0DDA813EE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-01] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-01] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\pwarant\AppData\Roaming\Mozilla\Firefox\Profiles\i107eds2.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\pwarant\AppData\Roaming\Mozilla\Firefox\Profiles\i107eds2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-01] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Docs) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (Google Drive) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\pwarant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-11-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-11-01] (Avast Software)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-11-01] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-30] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-28] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-11-01] (AVAST Software)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-11-01] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\pwarant\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 21:45 - 2015-11-07 21:45 - 00021574 _____ C:\Users\pwarant\Desktop\FRST.txt
2015-11-04 18:18 - 2015-11-04 18:18 - 00000000 ____D C:\NPE
2015-11-04 17:50 - 2015-11-07 21:34 - 00000000 ____D C:\Users\pwarant\Desktop\antivirus
2015-11-04 17:48 - 2015-11-04 18:45 - 00000000 ____D C:\Users\pwarant\AppData\Local\NPE
2015-11-03 01:20 - 2015-11-03 01:21 - 00000000 ____D C:\ProgramData\Sophos
2015-11-02 19:28 - 2015-11-02 19:28 - 00000000 ____D C:\Users\pwarant\AppData\LocalLow\Adblock Plus for IE
2015-11-02 19:28 - 2015-11-02 19:28 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-11-01 23:38 - 2015-11-07 21:45 - 00000000 ____D C:\FRST
2015-11-01 23:37 - 2015-11-07 21:21 - 02198528 _____ (Farbar) C:\Users\pwarant\Desktop\FRST64.exe
2015-11-01 23:04 - 2015-11-01 23:04 - 00000000 ____D C:\ProgramData\VIPRE
2015-11-01 22:48 - 2015-11-01 23:11 - 00000000 ____D C:\ProgramData\SpeedyPC Software
2015-11-01 22:48 - 2015-11-01 22:48 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\SpeedyPC Software
2015-11-01 22:48 - 2015-11-01 22:48 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2015-11-01 22:13 - 2015-11-01 22:13 - 00000000 _____ C:\autoexec.bat
2015-11-01 21:56 - 2015-11-01 22:02 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-01 20:47 - 2015-11-01 20:47 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-01 20:47 - 2015-11-01 20:47 - 00001942 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-01 20:47 - 2015-11-01 20:47 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\AVAST Software
2015-11-01 20:47 - 2015-11-01 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-01 20:45 - 2015-11-07 08:47 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-01 20:45 - 2015-11-07 08:47 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-01 20:45 - 2015-11-01 20:48 - 00000000 ____D C:\Users\pwarant\AppData\Local\Google
2015-11-01 20:45 - 2015-11-01 20:45 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-01 20:45 - 2015-11-01 20:45 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-01 20:45 - 2015-11-01 20:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-01 20:45 - 2015-11-01 20:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-01 20:42 - 2015-11-01 20:42 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-01 19:39 - 2015-11-01 21:42 - 00000000 ____D C:\AdwCleaner
2015-11-01 18:28 - 2015-11-03 03:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 18:26 - 2015-11-01 18:26 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 18:26 - 2015-11-01 18:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 18:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-01 18:26 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-01 18:26 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-01 18:05 - 2015-11-03 04:47 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-10-24 22:49 - 2015-10-24 22:49 - 00238412 _____ C:\Users\pwarant\Desktop\bookmarks-2015-10-24.json
2015-10-23 18:06 - 2015-11-07 21:26 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-23 18:04 - 2015-11-01 20:49 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-23 18:04 - 2015-11-01 20:49 - 00000000 ____D C:\Windows\system32\vbox
2015-10-23 18:02 - 2015-11-04 22:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 17:59 - 2015-10-23 18:00 - 00290384 _____ C:\Windows\Minidump\102315-28140-01.dmp
2015-10-23 16:25 - 2015-10-23 16:39 - 00018462 ____H C:\Users\pwarant\Desktop\~WRL2105.tmp
2015-10-20 14:09 - 2015-10-24 05:37 - 00000000 ____D C:\Users\pwarant\AppData\LocalLow\HuniePot
2015-10-11 14:14 - 2015-10-11 14:14 - 04745038 ____T C:\Users\pwarant\Desktop\The Warsaw ghetto uprising Armed Jews vs Nazis.oxps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 21:44 - 2013-10-14 17:22 - 01185425 _____ C:\Windows\WindowsUpdate.log
2015-11-07 21:28 - 2013-10-10 22:00 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 21:26 - 2014-05-10 10:44 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\uTorrent
2015-11-07 21:24 - 2014-08-19 19:40 - 00000000 ____D C:\Users\pwarant\AppData\LocalLow\Temp
2015-11-07 21:23 - 2013-10-10 21:52 - 01476470 _____ C:\Windows\PFRO.log
2015-11-07 21:23 - 2013-08-22 09:46 - 00041599 _____ C:\Windows\setupact.log
2015-11-07 21:23 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 21:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-07 20:49 - 2014-12-12 19:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 11:45 - 2014-08-18 01:36 - 00000000 ____D C:\Users\pwarant\Desktop\Important Stuff
2015-11-07 11:43 - 2014-06-10 05:54 - 00000000 ____D C:\Users\pwarant\Desktop\Fic Pros
2015-11-05 19:38 - 2014-08-18 01:27 - 00000000 ____D C:\Users\pwarant\Desktop\Fiction Research
2015-11-05 18:03 - 2014-08-19 00:48 - 00000000 ____D C:\Users\pwarant\AppData\Local\Deployment
2015-11-04 21:50 - 2014-08-18 01:27 - 00000000 ____D C:\Users\pwarant\Desktop\Ebay
2015-11-04 19:53 - 2014-08-20 16:07 - 00000000 ____D C:\Users\pwarant\Desktop\TTC Teaching
2015-11-04 18:28 - 2014-05-10 10:20 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3255076510-885755254-634479317-1001
2015-11-04 17:48 - 2013-10-14 18:18 - 00000000 ____D C:\ProgramData\Norton
2015-11-03 15:49 - 2014-05-31 13:51 - 00000000 ____D C:\Users\pwarant\AppData\Local\CrashDumps
2015-11-03 04:46 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-11-03 00:54 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-03 00:53 - 2015-02-19 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 03:21 - 2014-05-30 21:01 - 00000000 ____D C:\Users\pwarant\Desktop\Linkage
2015-11-02 02:20 - 2014-05-10 10:14 - 00000000 ____D C:\Users\pwarant\AppData\Local\Packages
2015-11-02 02:18 - 2015-08-20 14:11 - 00000000 ____D C:\Users\pwarant\Desktop\Mortgage
2015-11-02 02:04 - 2015-08-04 17:15 - 00000000 ____D C:\Users\pwarant\Desktop\Image Project
2015-11-02 02:04 - 2014-10-19 14:55 - 00000000 ____D C:\Users\pwarant\Desktop\PhD Applications
2015-11-02 02:04 - 2014-08-18 01:32 - 00000000 ____D C:\Users\pwarant\Desktop\Papers 2013-2014
2015-11-02 01:54 - 2014-11-10 16:37 - 00000000 ____D C:\Users\pwarant\Desktop\Papers for later publication
2015-11-01 21:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-01 19:42 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-01 19:36 - 2013-08-22 09:44 - 00474816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-01 19:35 - 2014-05-10 10:14 - 00000000 ____D C:\Users\pwarant
2015-11-01 18:49 - 2014-05-30 12:04 - 00000000 ____D C:\Users\pwarant\Desktop\Adventure Games
2015-11-01 00:54 - 2014-08-18 01:22 - 00000000 ____D C:\Users\pwarant\Desktop\Comics
2015-10-28 00:21 - 2015-06-09 23:58 - 00000000 ____D C:\Users\pwarant\Desktop\torrent movie
2015-10-24 05:37 - 2014-05-27 19:14 - 00000000 ____D C:\GOG Games
2015-10-23 18:03 - 2014-08-19 16:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-23 17:59 - 2014-05-27 15:43 - 1306313155 _____ C:\Windows\MEMORY.DMP
2015-10-23 17:59 - 2014-05-27 15:43 - 00000000 ____D C:\Windows\Minidump
2015-10-16 21:49 - 2014-12-12 19:31 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 23:51 - 2013-08-22 10:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-15 23:51 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 18:54 - 2014-06-01 01:16 - 00000000 ____D C:\Users\pwarant\AppData\Roaming\Subtitle Edit
2015-10-13 22:20 - 2014-05-27 18:11 - 00000000 ____D C:\Program Files (x86)\Steam

==================== Files in the root of some directories =======

2015-11-01 22:48 - 2015-11-01 23:10 - 0000115 _____ () C:\Users\pwarant\AppData\Roaming\LogFile.txt
2014-08-19 23:37 - 2014-08-19 23:37 - 0000043 _____ () C:\Users\pwarant\AppData\Roaming\WB.CFG
2014-10-22 19:03 - 2014-10-22 19:03 - 0007602 _____ () C:\Users\pwarant\AppData\Local\Resmon.ResmonCfg
2013-10-14 17:59 - 2013-10-14 17:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-10 10:27 - 2014-05-10 11:07 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-30 12:06

==================== End of FRST.txt ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:08 PM

Posted 08 November 2015 - 09:46 AM

hi pinstructor,

​Ok thanks for the info. All looks good. Happy Safe Surfing. You can delete the FRST icon and its logs as well as the FRST folder it creates located in root drive (C:)


How Can I Reduce My Risk to Malware?


#5 pinstructor

pinstructor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 09 November 2015 - 11:53 PM

Thank you for your time and help! It is much appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users