Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to websites like rvfm2006.com etc; Lucky Bright ads popups


  • This topic is locked This topic is locked
6 replies to this topic

#1 rainsager

rainsager

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 02 December 2015 - 09:03 AM

I get numerous popups from Lucky Bright ads when I use my Chrome browser, and my Malwarebytes says that it has blocked tcf.huntergui.com, cdn.visadd.com, jsl.infostatsvc.com and a lot of other websites. When I get the Malwarebytes popup on my laptop it says that the processes originated from chrome.exe. Also, when I try to open new tabs, I am redirected to ad sites like rvfm2006.com and predictadvertising.com. I have already scanned with my Avast premium, Malwarebytes, and AdwCleaner; cleaned and deleted the files they found and reset my browsers but it's still here. Here are screenshots: https://www.sendspace.com/filegroup/SKlh4Cbm4PKvG%2BZYvbQrr%2BmkXb8GIQhL

I've pasted my FRST log below and attached the addition.txt.Attached File  Addition.txt   40.96KB   2 downloadsAttached File  Addition.txt   40.96KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Mumsie (administrator) on ASUS (02-12-2015 21:43:35)
Running from C:\Users\Mumsie\Downloads
Loaded Profiles: Mumsie (Available Profiles: Mumsie)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-30] (AVAST Software)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\...\Run: [uTorrent] => C:\Users\Mumsie\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-16] (BitTorrent Inc.)
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\...\Run: [Capture Screenshot lite] => C:\Program Files (x86)\CaptureScreenshotLite\CaptureScreenShot.exe [3284480 2013-04-23] ()
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\...\Run: [MP3 Skype recorder] => C:\Users\Mumsie\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1561472 2015-02-11] ()
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5470488 2013-09-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mumsie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2014-06-19]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\Mumsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{ae8f52b0-dabb-4178-a04f-b21d342c5eeb}: [DhcpNameServer] 114.108.193.201 114.108.195.1
Tcpip\..\Interfaces\{d8553f7d-a93d-4d50-92bc-bdc16baabe29}: [DhcpNameServer] 114.108.193.201 114.108.195.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3135383798-404359889-1740033553-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-PH&Src=MSRT&Tid=80033373&OHP=about%3Ablank&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02
SearchScopes: HKU\S-1-5-21-3135383798-404359889-1740033553-1001 -> {2261B11D-6D9B-4AE6-8FDD-44468E3115F6} URL = hxxps://ph.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-11] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-30] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-30] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-30]
FF Extension: New XKit - C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\@new-xkit.xpi [2015-08-12] [not signed]
FF Extension: Lucky Bright - C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi [2015-11-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Avast Online Security) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Momentum) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Yahoo Web) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-02]
CHR Extension: (Gmail) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-30] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2012-11-17] (ASUSTek Computer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R3 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-11] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-30] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-30] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-09-18] (ASUSTek Computer Inc.)
S3 tenCapture; C:\Windows\system32\DRIVERS\tenCapture.sys [23736 2012-07-20] (Hajo Krabbenhöft)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2015-03-01] () [File not signed]
R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 21:43 - 2015-12-02 21:44 - 00022652 _____ C:\Users\Mumsie\Downloads\FRST.txt
2015-12-02 21:43 - 2015-12-02 21:43 - 00000000 ____D C:\FRST
2015-12-02 21:42 - 2015-12-02 21:42 - 02350080 _____ (Farbar) C:\Users\Mumsie\Downloads\FRST64.exe
2015-12-02 21:37 - 2015-12-02 21:37 - 00016148 _____ C:\WINDOWS\system32\ASUS_Mumsie_HistoryPrediction.bin
2015-12-02 18:26 - 2015-12-02 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-12-02 18:26 - 2015-12-02 18:26 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-12-02 18:17 - 2015-12-02 18:25 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Mumsie\Downloads\cbSetup.exe
2015-12-02 01:00 - 2015-12-02 01:00 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-02 00:38 - 2015-12-02 00:38 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\Enigma Software Group
2015-12-02 00:37 - 2015-12-02 00:37 - 11230592 ____N (Enigma Software Group USA, LLC.) C:\Users\Mumsie\Downloads\RegHunter-Installer.exe
2015-11-30 22:43 - 2015-11-30 22:51 - 00000000 ____D C:\d978b9758e711b115d64
2015-11-30 22:11 - 2015-11-30 22:15 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-30 17:25 - 2015-11-30 17:25 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-30 17:04 - 2015-11-30 17:09 - 00164549 _____ C:\Users\Mumsie\Desktop\Cush Resume Draft 1 Edited.pdf
2015-11-30 16:26 - 2015-11-30 16:26 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-30 16:26 - 2015-11-30 16:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-30 16:26 - 2015-11-30 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-30 02:24 - 2015-12-02 21:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 02:24 - 2015-11-30 02:24 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-30 02:24 - 2015-11-30 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 02:24 - 2015-11-30 02:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 02:24 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 02:24 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-30 02:24 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-30 02:17 - 2015-11-30 02:23 - 22908888 ____N (Malwarebytes ) C:\Users\Mumsie\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-30 01:51 - 2015-11-30 01:51 - 00003140 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1448819472
2015-11-30 01:51 - 2015-11-30 01:51 - 00001084 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-11-30 01:51 - 2015-11-30 01:51 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-11-30 01:48 - 2015-11-30 01:48 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2015-11-30 01:45 - 2015-11-30 01:45 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-11-30 01:45 - 2015-11-30 01:45 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-30 01:45 - 2015-11-30 01:45 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-30 01:26 - 2015-11-30 23:31 - 00000000 ____D C:\AdwCleaner
2015-11-30 01:24 - 2015-11-30 01:24 - 01733632 ____N C:\Users\Mumsie\Downloads\AdwCleaner (1).exe
2015-11-30 01:15 - 2015-11-30 01:16 - 00196201 _____ C:\Users\Mumsie\Desktop\Cush Resume Draft 1.pdf
2015-11-30 00:42 - 2015-11-30 00:42 - 00974916 ____N C:\Users\Mumsie\Downloads\playfair-display.zip
2015-11-30 00:17 - 2015-11-30 00:18 - 01733632 ____N C:\Users\Mumsie\Downloads\AdwCleaner.exe
2015-11-29 23:41 - 2015-11-29 23:41 - 00001969 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-11-29 01:41 - 2015-11-30 17:18 - 02232320 _____ C:\Users\Mumsie\Desktop\Cush Resume Draft 1.indd
2015-11-29 01:37 - 2015-11-29 01:37 - 01828120 _____ C:\Users\Mumsie\Desktop\direct.tif
2015-11-29 01:31 - 2015-11-29 01:32 - 02619800 _____ C:\Users\Mumsie\Desktop\pencil.tif
2015-11-29 00:53 - 2015-11-29 00:53 - 01491808 _____ C:\Users\Mumsie\Desktop\clapper.tif
2015-11-28 10:16 - 2015-11-28 10:16 - 05229004 _____ C:\Users\Mumsie\Desktop\employ.tif
2015-11-28 10:15 - 2015-11-28 10:15 - 00199280 _____ C:\Users\Mumsie\Desktop\camera.tif
2015-11-28 09:14 - 2015-11-28 10:10 - 05985612 _____ C:\Users\Mumsie\Desktop\art.tif
2015-11-28 09:05 - 2015-11-28 09:54 - 04609824 _____ C:\Users\Mumsie\Desktop\number 1.tif
2015-11-28 08:32 - 2015-11-28 08:32 - 00194704 _____ C:\Users\Mumsie\Desktop\brush 2.tif
2015-11-28 06:22 - 2015-11-28 06:56 - 721903846 ____N C:\Users\Mumsie\Downloads\Goldish-Gold-Styles-with-Bonus.zip
2015-11-27 21:15 - 2015-11-28 10:24 - 01437696 _____ C:\Users\Mumsie\Desktop\Untitled-1.indd
2015-11-27 20:59 - 2015-11-28 09:55 - 05982628 _____ C:\Users\Mumsie\Desktop\graduation hat.tif
2015-11-27 19:58 - 2015-11-28 09:48 - 00717236 _____ C:\Users\Mumsie\Desktop\brush .tif
2015-11-27 03:18 - 2015-11-27 03:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-25 01:32 - 2015-11-25 01:32 - 00000000 ____D C:\Users\Mumsie\Documents\Any Video Converter
2015-11-25 00:08 - 2015-11-25 00:08 - 00000000 ____D C:\Users\Mumsie\AppData\Local\Movavi
2015-11-25 00:00 - 2015-11-25 00:00 - 00000000 ____D C:\ProgramData\Movavi
2015-11-22 23:52 - 2015-11-23 00:01 - 12025129 ____N C:\Users\Mumsie\Downloads\iOS7Tones.zip
2015-11-22 17:08 - 2015-11-22 17:08 - 01796622 ____N C:\Users\Mumsie\Downloads\Bible Book Analysis.pdf
2015-11-21 22:11 - 2015-11-27 03:05 - 00000000 ____D C:\Users\Mumsie\AppData\Local\Spotify
2015-11-21 21:56 - 2015-11-29 23:30 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\Spotify
2015-11-20 23:15 - 2015-11-20 23:17 - 01357855 ____N C:\Users\Mumsie\Downloads\Magazine.pdf
2015-11-19 11:44 - 2014-05-29 12:54 - 00347472 ____N C:\Users\Mumsie\Downloads\flaticons05.eps
2015-11-17 00:20 - 2015-11-17 00:25 - 35019189 ____N C:\Users\Mumsie\Downloads\Half-fold-mockup-vol-6-PIXEDEN.zip
2015-11-17 00:20 - 2015-11-17 00:20 - 00353404 ____N C:\Users\Mumsie\Downloads\intellecta-design_neoclassicfleuronsfree.zip
2015-11-17 00:18 - 2015-11-17 00:20 - 11130856 ____N C:\Users\Mumsie\Downloads\Business-Card-Mockup-Vol-31-PIXEDEN.zip
2015-11-17 00:15 - 2015-11-17 00:16 - 12213950 ____N C:\Users\Mumsie\Downloads\Business-Card-Mockup-vol-32-PIXEDEN.zip
2015-11-17 00:12 - 2015-11-17 00:13 - 06892627 ____N C:\Users\Mumsie\Downloads\Business-Card-Mockup-Presentation-PIXEDEN.zip
2015-11-17 00:02 - 2015-11-17 00:03 - 01945589 ____N C:\Users\Mumsie\Downloads\Modern-vintage-badges-PSD-PIXEDEN.zip
2015-11-16 23:51 - 2015-11-16 23:56 - 86181201 ____N C:\Users\Mumsie\Downloads\14_Vintage_Film_Textures.zip
2015-11-16 23:50 - 2015-11-16 23:50 - 01641674 ____N C:\Users\Mumsie\Downloads\decadetypefoundry_authentic-labels-demo.zip
2015-11-16 23:48 - 2015-11-16 23:49 - 02203545 ____N C:\Users\Mumsie\Downloads\aurove_retrobadges.zip
2015-11-16 23:48 - 2015-11-16 23:48 - 00304407 ____N C:\Users\Mumsie\Downloads\Governor_Personal_License.zip
2015-11-16 23:47 - 2015-11-16 23:47 - 00826579 ____N C:\Users\Mumsie\Downloads\hand_shop_typography_c30 (1).zip
2015-11-16 23:47 - 2015-11-16 23:47 - 00369946 ____N C:\Users\Mumsie\Downloads\MOLESK font by UPPERTYPE.zip
2015-11-16 23:40 - 2015-11-16 23:40 - 00110526 ____N C:\Users\Mumsie\Downloads\rose_caps.zip
2015-11-16 23:39 - 2015-11-16 23:39 - 00010792 ____N C:\Users\Mumsie\Downloads\paskowy.zip
2015-11-16 23:38 - 2015-11-16 23:38 - 00074458 ____N C:\Users\Mumsie\Downloads\avengeance_mightiest_avenger.zip
2015-11-16 23:37 - 2015-11-16 23:37 - 00305447 ____N C:\Users\Mumsie\Downloads\krinkes.zip
2015-11-16 23:36 - 2015-11-16 23:36 - 00826579 ____N C:\Users\Mumsie\Downloads\hand_shop_typography_c30.zip
2015-11-16 23:36 - 2015-11-16 23:36 - 00076209 ____N C:\Users\Mumsie\Downloads\cash_currency.zip
2015-11-16 23:12 - 2015-11-16 23:16 - 08016378 ____N C:\Users\Mumsie\Downloads\On-promo-Greeney-Proposal.zip
2015-11-16 23:04 - 2015-11-16 23:11 - 14514851 ____N C:\Users\Mumsie\Downloads\Lemonade!.zip
2015-11-16 23:03 - 2015-11-16 23:03 - 04657244 ____N C:\Users\Mumsie\Downloads\Streamline-Responsive-Portfolio.zip
2015-11-13 22:36 - 2015-01-06 13:44 - 00000000 ____D C:\Users\Mumsie\Downloads\__MACOSX
2015-11-13 22:36 - 2015-01-06 13:42 - 20249714 ____N C:\Users\Mumsie\Downloads\5x7 Invitation Mockup File.psd
2015-11-13 21:21 - 2015-11-13 21:21 - 00000000 ____D C:\Users\Mumsie\Downloads\Oh-What-Fun-Holiday-Brush-Set
2015-11-13 21:21 - 2015-11-13 21:21 - 00000000 ____D C:\Users\Mumsie\Downloads\Free psd magazine mockup top view
2015-11-13 21:21 - 2015-11-13 21:21 - 00000000 ____D C:\Users\Mumsie\Downloads\Cook-Up-A-Storm
2015-11-13 21:21 - 2015-11-13 21:21 - 00000000 ____D C:\Users\Mumsie\Downloads\248_decorative-floral
2015-11-13 21:18 - 2015-11-04 20:55 - 153588783 ____N C:\Users\Mumsie\Downloads\magazine mockup2.psd
2015-11-13 21:18 - 2015-11-04 20:54 - 118451288 ____N C:\Users\Mumsie\Downloads\magazine mockup.psd
2015-11-13 21:18 - 2014-01-27 22:04 - 01476154 ____N C:\Users\Mumsie\Downloads\cookupastorm.ai
2015-11-12 22:05 - 2015-11-29 23:32 - 00000000 ____D C:\Users\Mumsie\Downloads\stentiga
2015-11-12 22:05 - 2012-07-20 09:08 - 00044128 ____N C:\Users\Mumsie\Downloads\stentiga.ttf
2015-11-12 09:01 - 2015-11-05 12:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-12 09:00 - 2015-11-05 13:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 09:00 - 2015-11-05 13:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-12 09:00 - 2015-11-05 13:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-12 09:00 - 2015-11-05 13:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 09:00 - 2015-11-05 13:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-12 09:00 - 2015-11-05 12:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-12 09:00 - 2015-11-05 12:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 09:00 - 2015-11-05 12:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-12 09:00 - 2015-11-05 12:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-12 09:00 - 2015-11-05 12:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 09:00 - 2015-11-05 12:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-12 09:00 - 2015-11-05 12:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-12 09:00 - 2015-11-05 12:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-12 09:00 - 2015-11-05 12:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-12 09:00 - 2015-11-05 12:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 09:00 - 2015-11-05 11:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-12 09:00 - 2015-11-05 11:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-12 09:00 - 2015-11-05 11:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-12 09:00 - 2015-11-05 11:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 09:00 - 2015-11-05 11:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-12 09:00 - 2015-11-05 11:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-12 09:00 - 2015-11-05 11:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 09:00 - 2015-11-05 11:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-12 09:00 - 2015-11-05 11:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-12 08:59 - 2015-11-05 13:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 08:59 - 2015-11-05 13:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-12 08:59 - 2015-11-05 13:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-12 08:59 - 2015-11-05 12:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-12 08:59 - 2015-11-05 12:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 08:59 - 2015-11-05 12:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-12 08:59 - 2015-11-05 12:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-12 08:59 - 2015-11-05 12:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-12 08:59 - 2015-11-05 12:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-12 08:59 - 2015-11-05 12:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-12 08:59 - 2015-11-05 12:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 08:59 - 2015-11-05 12:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-12 08:59 - 2015-11-05 12:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 08:59 - 2015-11-05 12:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-12 08:59 - 2015-11-05 12:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 08:59 - 2015-11-05 12:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-12 08:59 - 2015-11-05 12:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-12 08:59 - 2015-11-05 11:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-12 08:59 - 2015-11-05 11:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-12 08:59 - 2015-11-05 11:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-12 08:59 - 2015-11-05 11:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-12 08:59 - 2015-11-05 11:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-12 08:59 - 2015-11-05 11:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-12 08:59 - 2015-11-05 11:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-12 08:59 - 2015-11-05 11:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 08:59 - 2015-11-05 11:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 08:59 - 2015-11-05 11:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 08:59 - 2015-11-05 11:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-09 23:24 - 2015-11-29 23:32 - 00000000 ____D C:\Users\Mumsie\Downloads\Manhattan Darling
2015-11-09 23:24 - 2015-11-29 23:32 - 00000000 ____D C:\Users\Mumsie\Downloads\Brusher-Free-Font
2015-11-09 23:24 - 2015-11-09 23:24 - 00036532 ____N C:\Users\Mumsie\Downloads\RechtmanPlain.ttf
2015-11-09 23:24 - 2013-05-10 18:01 - 00259212 ____N C:\Users\Mumsie\Downloads\MotionPicture_PersonalUseOnly.ttf
2015-11-09 23:24 - 2013-03-20 13:57 - 00042820 ____N C:\Users\Mumsie\Downloads\Playball.ttf
2015-11-09 23:24 - 2013-02-25 19:09 - 00159768 ____N C:\Users\Mumsie\Downloads\Admiration Pains.ttf
2015-11-09 23:24 - 2012-04-17 08:11 - 00106004 ____N C:\Users\Mumsie\Downloads\GreatVibes-Regular.ttf
2015-11-07 13:39 - 2015-11-07 13:37 - 06742016 _____ C:\Users\Mumsie\Desktop\Client Presentation.ppt
2015-11-07 13:36 - 2014-10-14 22:38 - 49453445 _____ C:\Users\Mumsie\Desktop\Dad ppt 2 - EDITED.pdf
2015-11-07 13:36 - 2011-12-31 15:24 - 03831806 _____ C:\Users\Mumsie\Desktop\Client Presentation.key
2015-11-07 11:43 - 2015-11-13 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-07 09:58 - 2015-11-07 10:01 - 00071617 _____ C:\Users\Mumsie\Desktop\manalo law office policy.pptx
2015-11-02 13:28 - 2015-11-29 23:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 21:43 - 2015-07-10 17:05 - 00000000 ____D C:\Windows
2015-12-02 21:42 - 2015-06-25 20:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 21:18 - 2015-08-02 01:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 18:19 - 2012-12-15 21:49 - 00002432 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-02 18:19 - 2012-12-15 21:41 - 00002798 _____ C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-12-02 18:18 - 2012-12-15 21:55 - 00002752 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2015-12-02 18:18 - 2012-12-15 21:50 - 00002516 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-02 18:18 - 2012-12-15 21:49 - 00002562 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update
2015-12-02 18:18 - 2012-12-15 21:39 - 00002714 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for VIA Audio
2015-12-02 18:17 - 2015-07-10 19:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-02 18:14 - 2015-08-02 01:56 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 18:13 - 2015-07-10 20:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 18:12 - 2015-07-10 17:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-02 17:29 - 2015-07-30 04:52 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-02 17:26 - 2014-03-16 15:23 - 00000000 ____D C:\Users\Mumsie\AppData\Local\Adobe
2015-12-02 00:57 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-02 00:20 - 2015-07-10 19:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 22:51 - 2013-10-11 13:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-30 22:43 - 2013-10-11 13:55 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-30 22:17 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-30 16:27 - 2015-05-04 21:08 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\Skype
2015-11-30 16:27 - 2015-05-04 21:07 - 00000000 ____D C:\ProgramData\Skype
2015-11-30 15:05 - 2014-06-19 17:15 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\stickies
2015-11-30 15:03 - 2015-07-30 20:21 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 15:03 - 2014-06-19 07:33 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\uTorrent
2015-11-30 04:45 - 2015-07-10 21:14 - 00000000 ____D C:\WINDOWS\OCR
2015-11-30 04:24 - 2014-04-06 23:33 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2015-11-30 04:24 - 2012-11-23 18:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-30 03:22 - 2015-07-30 04:30 - 00000000 ____D C:\Users\Mumsie
2015-11-30 01:51 - 2014-08-23 18:29 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-30 01:45 - 2015-08-10 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-30 01:45 - 2015-04-12 15:30 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-30 01:45 - 2014-08-23 18:15 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-30 00:08 - 2013-10-11 01:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-29 23:47 - 2013-10-10 11:52 - 00000000 ____D C:\Users\Mumsie\AppData\Local\Packages
2015-11-29 23:38 - 2015-07-30 22:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 23:32 - 2015-10-24 18:51 - 00000000 ____D C:\Users\Mumsie\Downloads\roboto (1)
2015-11-29 23:32 - 2015-10-24 18:50 - 00000000 ____D C:\Users\Mumsie\Downloads\dream_orphans
2015-11-29 23:32 - 2015-10-02 22:24 - 00000000 ____D C:\Users\Mumsie\Downloads\calisto-mt
2015-11-29 23:32 - 2015-09-16 00:24 - 00000000 ____D C:\Users\Mumsie\Downloads\vscofilm-00lr-win
2015-11-29 23:32 - 2015-07-10 19:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-29 23:32 - 2015-05-17 00:36 - 00000000 ____D C:\Users\Mumsie\Downloads\MP3SkypeRecorder
2015-11-29 23:32 - 2014-04-10 00:43 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\vlc
2015-11-29 23:32 - 2014-04-06 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-11-29 23:32 - 2012-12-15 21:50 - 00000000 ____D C:\ProgramData\P4G
2015-11-29 23:19 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\registration
2015-11-29 23:18 - 2015-07-10 20:20 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-29 23:17 - 2014-04-06 23:35 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\AnvSoft
2015-11-29 23:16 - 2014-08-23 18:09 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-29 23:12 - 2014-08-23 18:10 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-29 17:28 - 2014-08-23 18:15 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp(977).sys
2015-11-29 17:28 - 2014-08-23 18:15 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm(978).sys
2015-11-29 17:28 - 2014-08-23 18:15 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt(974).sys
2015-11-29 17:28 - 2014-08-23 18:15 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2(975).sys
2015-11-29 17:28 - 2014-08-23 18:15 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid(972).sys
2015-11-29 17:27 - 2015-04-12 15:30 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd(973).sys
2015-11-29 17:27 - 2014-08-23 18:15 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx(976).sys
2015-11-28 23:05 - 2015-07-29 23:30 - 00000034 _____ C:\Users\Mumsie\AppData\Roaming\AdobeWLCMCache.dat
2015-11-14 22:24 - 2014-03-29 19:36 - 00000000 ____D C:\Users\Mumsie\Desktop\KITTY
2015-11-13 21:12 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 19:32 - 2015-06-25 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-13 19:31 - 2015-07-10 17:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI(2383)
2015-11-13 19:30 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-13 19:25 - 2015-07-10 18:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 21:21 - 2015-08-02 01:59 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 19:23 - 2013-10-10 11:53 - 00000000 ____D C:\Users\Mumsie\AppData\Roaming\Adobe
2015-11-06 23:28 - 2015-06-25 07:12 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-04 02:20 - 2015-10-24 13:29 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-04 02:20 - 2015-10-24 13:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-07-29 23:30 - 2015-11-28 23:05 - 0000034 _____ () C:\Users\Mumsie\AppData\Roaming\AdobeWLCMCache.dat
2013-10-10 11:54 - 2014-06-05 09:03 - 0000401 _____ () C:\Users\Mumsie\AppData\Roaming\sp_data.sys
2015-07-31 02:19 - 2015-07-31 02:19 - 212809145 _____ () C:\Users\Mumsie\AppData\Local\ACCCx3_2_0_129.zip.aamdownload
2015-07-31 02:19 - 2015-07-31 02:19 - 0002489 _____ () C:\Users\Mumsie\AppData\Local\ACCCx3_2_0_129.zip.aamdownload.aamd
2012-11-23 18:46 - 2012-09-07 19:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 18:46 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 18:46 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-02 18:44
 
==================== End of FRST.txt ============================
 
Thank you to whoever can help me. I'm at my wit's end. 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 02 December 2015 - 04:16 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Extension: Lucky Bright - C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi [2015-11-24] [not signed]
CHR Extension: (Avast Online Security) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {25B1ACCE-142A-465A-BF30-5FDE92D7BD77} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {458ACAA3-A5BD-41AA-B7CC-7B5E658A6221} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {45CFBA9C-33F0-44EF-B7E4-D915753F0E30} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {742610AE-F812-42E4-92FC-417625AA6126} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7B9DD3E1-21F1-4FBA-8675-AA5CAEB613B6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D95FFE6-93BF-4EB6-867A-B435466EB411} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B63510A-7203-4A3B-B93F-FAFE551A08D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9CEFA9C6-5D03-4D0F-9208-8B6BA7469333} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C2D512B9-C717-465B-8810-A2E91A4E68A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E62904FD-01A9-4FA1-9ABE-363C138E9D57} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FBD67860-9936-4F72-969F-43E8C00B7469} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
==

How is the computer running now?

#3 rainsager

rainsager
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 03 December 2015 - 01:44 AM

Hello, thank you. I've followed your instructions but there has been no change. i'll paste the log files below.

 

FRST fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Mumsie (2015-12-03 13:58:47) Run:1
Running from C:\Users\Mumsie\Downloads
Loaded Profiles: Mumsie (Available Profiles: Mumsie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901159} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110611971195} -> No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Extension: Lucky Bright - C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi [2015-11-24] [not signed]
CHR Extension: (Avast Online Security) - C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {25B1ACCE-142A-465A-BF30-5FDE92D7BD77} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {458ACAA3-A5BD-41AA-B7CC-7B5E658A6221} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {45CFBA9C-33F0-44EF-B7E4-D915753F0E30} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {742610AE-F812-42E4-92FC-417625AA6126} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7B9DD3E1-21F1-4FBA-8675-AA5CAEB613B6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D95FFE6-93BF-4EB6-867A-B435466EB411} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B63510A-7203-4A3B-B93F-FAFE551A08D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9CEFA9C6-5D03-4D0F-9208-8B6BA7469333} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C2D512B9-C717-465B-8810-A2E91A4E68A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E62904FD-01A9-4FA1-9ABE-363C138E9D57} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FBD67860-9936-4F72-969F-43E8C00B7469} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}" => key removed successfully
HKCR\CLSID\{11111111-1111-1111-1111-110611901159} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}" => key removed successfully
HKCR\CLSID\{11111111-1111-1111-1111-110611971195} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}" => key removed successfully
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611901159} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611971195}" => key removed successfully
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611971195} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@TrendMicro.com/FFExtension" => key removed successfully
C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi => moved successfully
C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25B1ACCE-142A-465A-BF30-5FDE92D7BD77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25B1ACCE-142A-465A-BF30-5FDE92D7BD77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{458ACAA3-A5BD-41AA-B7CC-7B5E658A6221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{458ACAA3-A5BD-41AA-B7CC-7B5E658A6221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45CFBA9C-33F0-44EF-B7E4-D915753F0E30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CFBA9C-33F0-44EF-B7E4-D915753F0E30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{742610AE-F812-42E4-92FC-417625AA6126}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{742610AE-F812-42E4-92FC-417625AA6126}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B9DD3E1-21F1-4FBA-8675-AA5CAEB613B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B9DD3E1-21F1-4FBA-8675-AA5CAEB613B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D95FFE6-93BF-4EB6-867A-B435466EB411}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D95FFE6-93BF-4EB6-867A-B435466EB411}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B63510A-7203-4A3B-B93F-FAFE551A08D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B63510A-7203-4A3B-B93F-FAFE551A08D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CEFA9C6-5D03-4D0F-9208-8B6BA7469333}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CEFA9C6-5D03-4D0F-9208-8B6BA7469333}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2D512B9-C717-465B-8810-A2E91A4E68A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D512B9-C717-465B-8810-A2E91A4E68A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E62904FD-01A9-4FA1-9ABE-363C138E9D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E62904FD-01A9-4FA1-9ABE-363C138E9D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBD67860-9936-4F72-969F-43E8C00B7469}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD67860-9936-4F72-969F-43E8C00B7469}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"C:\Users\Mumsie\AppData\Roaming\Mozilla\Firefox\Profiles\bcaghu7u.default\Extensions\{ba7210aa-9217-49d6-9523-f3d2f6356716}.xpi" => not found.
EmptyTemp: => 460.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-03 14:05:48)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 14:05:49 ====
 
AdwCleaner log:
 
# AdwCleaner v5.023 - Logfile created 03/12/2015 at 14:31:29
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 10 Home Single Language  (x64)
# Username : Mumsie - ASUS
# Running from : C:\Users\Mumsie\Downloads\adwcleaner_5.023.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Mumsie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npdicihegicnhaangkdmcgbjceoemeoo
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1236 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 03 December 2015 - 08:53 AM

Your version of Chrome may have been compromised.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

#5 rainsager

rainsager
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 03 December 2015 - 11:19 AM

It worked!!!!!!!!! Thank you so much. You (and other people on this site) are unbelievably awesome.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 04 December 2015 - 07:55 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 PM

Posted 10 December 2015 - 09:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users