Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast continuously detecting threats but scans always come up clean


  • This topic is locked This topic is locked
7 replies to this topic

#1 biblops

biblops

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 25 January 2016 - 07:47 AM

Merged the two threads. xXToffeeXx~

Attached Files


Edited by xXToffeeXx, 25 January 2016 - 07:53 AM.


BC AdBot (Login to Remove)

 


#2 biblops

biblops
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 25 January 2016 - 07:48 AM

I keep getting "Threat Detected" alerts through the day from Avast, but neither Avast nor MalwareBytes can ever find anything, and a couple of pieces of software aren't performing properly since this started. At the end of my rope with this, been trying to fix it for 2 days, hope you guys can help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Adam (administrator) on BIG-RIG (25-01-2016 12:43:44)
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam & Alice)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\Adam\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Spotify Ltd) C:\Users\Adam\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11324368 2015-10-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-16] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [f.lux] => C:\Users\Adam\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [837632 2015-11-18] (RemoteMouse.net)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [Spotify Web Helper] => C:\Users\Adam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-11] (Spotify Ltd)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [{66FBF518-7101-4D56-B3FC-4AC4FFAFA8E2}] => regsvr32.exe "C:\Users\Adam\AppData\Roaming\Wibiwx\Qudulw.dll"
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\MountPoints2: {60c07ecb-8c18-11e5-a0ca-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\MountPoints2: {ece8264b-8b80-11e5-9622-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0E5EE961-0275-481F-BB70-101681E5FCC6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D811140D-4940-4093-B014-7E7DE7AFD255}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-16] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2405505126-2376937642-970218039-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-21] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-22] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-16]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
CHR DefaultSearchKeyword: Default -> google.co.uk_
CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-11]
CHR Extension: (Adblock Plus) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (OneTab) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-01-25]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-01-23]
CHR Extension: (WebCast) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmenldaghgogpiajaipajaphcjbankna [2015-11-16]
CHR Extension: (Downloads) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-11-15]
CHR Extension: (Dark Horizon) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2015-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-16] (AVAST Software)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R2 ddmgr; C:\Windows\system32\ddmgr.exe [1658528 2015-11-02] (OSBASE)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [178176 2012-05-21] (Mediafour Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1779664 2015-10-07] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-16] (AVAST Software)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
U5 ddkmd; C:\Windows\System32\Drivers\ddkmd.sys [251896 2015-11-02] (OSBASE)
U5 ddkmdldr; C:\Windows\System32\Drivers\ddkmdldr.sys [16888 2015-11-02] (OSBASE)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-03] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [317136 2012-06-06] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-06-11] (Mediafour Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 12:43 - 2016-01-25 12:43 - 00024962 _____ C:\Users\Adam\Desktop\FRST.txt
2016-01-25 12:41 - 2016-01-25 12:41 - 01505280 _____ C:\Users\Adam\Downloads\AdwCleaner.exe
2016-01-25 12:27 - 2016-01-25 12:27 - 00004694 _____ C:\Users\Adam\Desktop\Rkill.txt
2016-01-25 12:26 - 2016-01-25 12:32 - 00442456 _____ C:\Windows\ntbtlog.txt
2016-01-25 12:24 - 2016-01-25 12:24 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Adam\Downloads\rkill.com
2016-01-25 12:14 - 2016-01-25 12:14 - 01250844 _____ C:\Users\Adam\Downloads\processexplorer.zip
2016-01-25 12:14 - 2016-01-02 20:14 - 02660496 ____N (Sysinternals - www.sysinternals.com) C:\Users\Adam\Desktop\procexp.exe
2016-01-25 12:04 - 2016-01-25 12:43 - 00000000 ____D C:\FRST
2016-01-25 12:03 - 2016-01-25 12:04 - 02370560 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2016-01-25 11:48 - 2016-01-25 11:48 - 00000755 _____ C:\Users\Adam\Desktop\My Documents (E) - Shortcut.lnk
2016-01-24 23:55 - 2016-01-25 12:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 23:55 - 2016-01-24 23:55 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 23:55 - 2016-01-24 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 23:55 - 2016-01-24 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-24 23:55 - 2016-01-24 23:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 23:55 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-24 23:55 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-24 23:55 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-24 23:53 - 2016-01-24 23:53 - 22908888 _____ (Malwarebytes ) C:\Users\Adam\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-24 23:41 - 2016-01-24 23:41 - 00038214 _____ C:\Users\Adam\Documents\Registry Backup.reg
2016-01-24 14:06 - 2016-01-24 14:06 - 00000443 _____ C:\Users\Alice\AppData\Roaming\CSharpAnalytics-MeasurementSession
2016-01-24 14:06 - 2016-01-24 14:06 - 00000000 ____D C:\Users\Alice\AppData\Roaming\duet
2016-01-24 14:06 - 2016-01-24 14:06 - 00000000 ____D C:\Users\Alice\AppData\Local\DuetDisplay
2016-01-24 09:26 - 2016-01-24 09:26 - 00000000 ____D C:\ProgramData\Kairos
2016-01-23 20:34 - 2016-01-25 00:37 - 00000441 _____ C:\Users\Adam\AppData\Roaming\CSharpAnalytics-MeasurementSession
2016-01-23 20:34 - 2016-01-23 20:51 - 00000000 ____D C:\Users\Adam\AppData\Local\DuetDisplay
2016-01-23 20:34 - 2016-01-23 20:34 - 00000000 ____D C:\Users\Adam\AppData\Roaming\duet
2016-01-23 20:32 - 2016-01-23 20:32 - 00000000 ____D C:\ProgramData\Caphyon
2016-01-23 20:31 - 2016-01-25 11:35 - 00000000 ____D C:\Program Files\Kairos
2016-01-23 20:31 - 2016-01-23 20:32 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Kairos
2016-01-23 20:31 - 2016-01-23 20:31 - 15095976 _____ (Kairos) C:\Users\Adam\Downloads\DuetSetup.exe
2016-01-23 19:36 - 2016-01-23 20:25 - 00000000 ____D C:\Users\Adam\Downloads\Star Wars Episode VI Return of the Jedi (1983) [1080p]
2016-01-22 14:27 - 2016-01-22 14:27 - 00000000 ____D C:\Users\Adam\AppData\LocalLow\Mediatonic
2016-01-22 12:55 - 2016-01-22 12:55 - 04026368 _____ C:\Users\Adam\Downloads\mynpower_bill_02-12-2015.pdf
2016-01-22 12:55 - 2016-01-22 12:55 - 04026368 _____ C:\Users\Adam\Downloads\mynpower_bill_02-12-2015 (1).pdf
2016-01-22 12:38 - 2016-01-22 12:38 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-22 12:38 - 2016-01-22 12:38 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-22 12:36 - 2016-01-25 12:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 12:36 - 2016-01-25 12:41 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 12:36 - 2016-01-22 12:36 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-22 12:36 - 2016-01-22 12:36 - 00000000 ____D C:\Users\Adam\AppData\Local\Deployment
2016-01-22 12:36 - 2016-01-22 12:36 - 00000000 ____D C:\Users\Adam\AppData\Local\Apps\2.0
2016-01-21 17:58 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-21 17:58 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-21 17:57 - 2016-01-21 17:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-20 22:23 - 2016-01-20 22:23 - 00000000 ____D C:\Users\Adam\Documents\OneNote Notebooks
2016-01-20 22:21 - 2016-01-22 12:31 - 00000000 ____D C:\Users\Adam\AppData\Local\MSfree Inc
2016-01-20 22:21 - 2016-01-20 22:21 - 00002115 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-20 22:21 - 2016-01-20 22:21 - 00002100 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-20 22:21 - 2016-01-20 22:21 - 00002100 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-20 22:21 - 2016-01-20 22:21 - 00000000 ___RD C:\Users\Adam\OneDrive
2016-01-20 22:21 - 2016-01-20 22:21 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-20 22:21 - 2016-01-20 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-01-20 22:18 - 2016-01-21 17:58 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 22:18 - 2016-01-20 22:18 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-20 21:26 - 2016-01-20 21:26 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-20 21:26 - 2016-01-20 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-01-20 21:24 - 2016-01-21 17:57 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-20 21:24 - 2016-01-20 21:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-20 19:57 - 2016-01-20 21:23 - 00000000 ____D C:\Users\Adam\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2016-01-20 19:57 - 2016-01-20 20:17 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Wibiwx
2016-01-19 18:30 - 2016-01-19 18:30 - 00000000 ____D C:\Users\Adam\Downloads\Girl With The Dragon Tattoo (2009) [1080p]
2016-01-19 13:10 - 2016-01-19 13:31 - 00000132 _____ C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-19 12:52 - 2016-01-19 12:52 - 17223680 _____ C:\Users\Adam\Downloads\MicrosoftCameraCodecPack-x64.msi
2016-01-19 12:42 - 2016-01-19 12:42 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-01-19 11:16 - 2015-12-18 06:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-19 11:16 - 2015-12-18 06:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-19 11:16 - 2015-12-18 06:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-18 19:32 - 2016-01-18 20:10 - 1372780692 _____ C:\Users\Adam\Downloads\Kiki's Delivery Service.avi
2016-01-12 14:40 - 2016-01-12 15:19 - 00000000 ____D C:\Users\Adam\Downloads\Star Wars Episode V The Empire Strikes Back (1980) [1080p]
2016-01-12 14:17 - 2016-01-12 14:17 - 00000000 ____D C:\Users\Adam\Downloads\bs
2016-01-12 12:50 - 2016-01-12 12:52 - 00000000 ____D C:\Users\Adam\Downloads\2010 - Tame Impala - Innerspeaker
2016-01-12 12:49 - 2016-01-18 22:30 - 00000000 ____D C:\Users\Adam\Downloads\Lonerism
2016-01-12 12:49 - 2016-01-12 12:51 - 00000000 ____D C:\Users\Adam\Downloads\Tame Impala  Currents [2015] 320
2016-01-12 12:47 - 2016-01-12 13:29 - 93327315 _____ C:\Users\Adam\Downloads\bs.zip
2016-01-12 12:46 - 2016-01-12 14:24 - 00000000 ____D C:\Users\Adam\Downloads\DBDISC
2016-01-11 23:32 - 2016-01-11 23:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 23:32 - 2016-01-11 23:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 23:32 - 2016-01-11 23:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-01-11 11:00 - 2016-01-11 11:00 - 00000000 ____H C:\Users\Adam\Documents\Default.rdp
2016-01-10 16:57 - 2016-01-10 17:42 - 00000000 ____D C:\Users\Adam\Downloads\Star Wars Episode IV A New Hope (1977) [1080p]
2016-01-07 18:45 - 2016-01-07 19:08 - 00000000 ____D C:\Users\Adam\Downloads\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
2016-01-07 18:21 - 2016-01-07 18:30 - 00000000 ____D C:\Users\Adam\Downloads\Adobe After Effects CS6 11.0.0.378 LS7 Multilanguage [ChingLiu]
2016-01-06 18:36 - 2016-01-06 18:38 - 63141941 _____ C:\Users\Adam\Downloads\Apple TV 4 Aerial Screensaver -  New York City (Day)   Download (1).mp4
2016-01-05 11:49 - 2016-01-06 18:37 - 00000000 ____D C:\Users\Adam\Documents\BTDT Footage
2016-01-05 10:29 - 2016-01-05 10:38 - 135121258 _____ C:\Users\Adam\Downloads\Finn Balor by Brave.rar
2016-01-05 10:28 - 2016-01-05 10:29 - 23938607 _____ C:\Users\Adam\Downloads\Samoa Joe Ver. 2 by Brave.rar
2016-01-04 23:49 - 2016-01-04 23:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVAST Software
2016-01-04 23:49 - 2016-01-04 23:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVAST Software
2016-01-04 21:59 - 2016-01-10 17:38 - 00000000 ____D C:\Users\Adam\Documents\WWE2K15
2016-01-04 21:59 - 2016-01-04 21:59 - 00000222 _____ C:\Users\Adam\Desktop\WWE 2K15.url
2016-01-04 20:44 - 2016-01-04 20:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-01-04 17:01 - 2016-01-04 17:04 - 00000021 _____ C:\Windows\SurCode.INI
2016-01-04 17:01 - 2016-01-04 17:01 - 00000000 ____D C:\Users\Adam\AppData\Roaming\PACE Anti-Piracy
2016-01-04 17:01 - 2016-01-04 17:01 - 00000000 ____D C:\Users\Adam\AppData\Local\PACE Anti-Piracy
2016-01-04 17:01 - 2016-01-04 17:01 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-01-04 17:01 - 2016-01-04 17:01 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2016-01-04 16:19 - 2016-01-04 16:19 - 00000000 ____D C:\Program Files (x86)\My Company Name
2016-01-04 16:19 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2016-01-04 16:19 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2016-01-04 16:19 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2016-01-04 16:17 - 2016-01-04 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-01-04 16:17 - 2016-01-04 16:17 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-01-04 16:17 - 2016-01-04 16:17 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-01-04 16:17 - 2016-01-04 16:17 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-01-04 16:16 - 2016-01-19 12:41 - 00000000 ____D C:\Program Files\Adobe
2016-01-04 16:16 - 2016-01-04 16:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-01-04 14:35 - 2016-01-25 12:42 - 00000000 ____D C:\AdwCleaner
2016-01-04 14:35 - 2016-01-04 14:36 - 01599336 _____ (Malwarebytes) C:\Users\Adam\Downloads\JRT.exe
2016-01-04 14:32 - 2016-01-04 14:32 - 00003166 _____ C:\Windows\System32\Tasks\{9BD718A8-AA79-4E11-BD79-1E4610C05D92}
2016-01-04 14:28 - 2016-01-04 14:29 - 00000000 ____D C:\Program Files\CCleaner
2016-01-04 14:28 - 2016-01-04 14:28 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-04 14:28 - 2016-01-04 14:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-04 14:28 - 2016-01-04 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-04 14:27 - 2016-01-04 14:27 - 06805328 _____ (Piriform Ltd) C:\Users\Adam\Downloads\ccsetup513.exe
2016-01-04 14:24 - 2016-01-04 15:25 - 00000000 ____D C:\Users\Adam\Downloads\Adobe Premiere Pro CS6 6.0.2 LS7 Multilanguage [ChingLiu]
2016-01-04 14:15 - 2016-01-04 14:15 - 01745920 _____ C:\Users\Adam\Downloads\adwcleaner_5.027.exe
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_MDRAID_01009.Wdf
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive 9 Pro
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____D C:\ProgramData\Mediafour
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____D C:\Program Files\Mediafour
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____D C:\Program Files\Common Files\Mediafour
2016-01-04 14:03 - 2016-01-04 14:03 - 00000000 ____D C:\Program Files (x86)\Mediafour
2016-01-04 14:03 - 2012-06-05 16:27 - 00032464 _____ (Mediafour Corporation) C:\Windows\system32\Drivers\MDPMGRNT.SYS
2016-01-04 14:03 - 2011-05-06 09:19 - 00070344 _____ (EldoS Corporation) C:\Windows\system32\Drivers\CBDisk.sys
2016-01-04 13:53 - 2016-01-04 13:54 - 17269783 _____ C:\Users\Adam\Downloads\MacDrive 9 Pro + Crack Serial Number @ www.CracX.com.rar
2016-01-04 13:47 - 2016-01-04 13:47 - 02988002 _____ C:\Users\Adam\Downloads\MacDrive+Standard+10+Crac.zip
2016-01-03 23:08 - 2016-01-03 23:14 - 00000000 ____D C:\Users\Adam\Downloads\Adobe Premiere Pro CC 2015 v9.0 + Crack
2016-01-02 18:40 - 2016-01-02 18:40 - 00000000 ____D C:\Users\Alice\AppData\LocalLow\Temp
2015-12-27 17:32 - 2015-12-27 17:33 - 04700481 _____ C:\Users\Adam\Downloads\The famous ref takes the biggest bump of the night move.mp4
2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\Adam\AppData\Roaming\PDAppFlex
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 12:41 - 2009-07-14 04:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-25 12:41 - 2009-07-14 04:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-25 12:39 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-25 12:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-01-25 12:33 - 2015-12-04 12:17 - 00000000 ___RD C:\Users\Adam\iCloudDrive
2016-01-25 12:33 - 2015-11-15 22:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-25 12:33 - 2015-11-15 22:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-25 12:33 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-25 12:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-25 12:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2016-01-25 01:46 - 2015-11-26 19:25 - 00000000 ____D C:\Users\Adam\AppData\Roaming\uTorrent
2016-01-25 01:46 - 2015-11-18 22:06 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashDumps
2016-01-25 01:36 - 2015-11-16 12:28 - 00000080 _____ C:\Users\Adam\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-01-24 14:02 - 2015-11-16 16:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-22 12:37 - 2015-11-15 22:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-22 12:36 - 2015-11-15 22:28 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-21 17:57 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-21 17:29 - 2015-11-24 16:51 - 00113856 _____ C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-21 17:29 - 2009-07-14 05:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-20 22:21 - 2015-11-15 09:55 - 00000000 ____D C:\Users\Adam
2016-01-20 22:16 - 2015-11-15 09:59 - 00113856 _____ C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-20 22:06 - 2009-07-14 04:45 - 05122208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-19 13:43 - 2015-11-15 22:58 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spotify
2016-01-19 13:43 - 2015-11-15 22:58 - 00000000 ____D C:\Users\Adam\AppData\Local\Spotify
2016-01-19 13:04 - 2015-11-16 12:01 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Adobe
2016-01-19 12:55 - 2015-11-16 11:46 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe
2016-01-19 12:45 - 2015-11-16 11:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-19 12:42 - 2015-11-16 13:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-19 12:41 - 2015-11-16 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-19 12:40 - 2015-11-16 11:59 - 00000000 ____D C:\ProgramData\Adobe
2016-01-19 11:17 - 2015-11-15 22:30 - 00000000 ____D C:\Users\Adam\AppData\Local\NVIDIA
2016-01-18 22:16 - 2015-11-17 15:42 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc
2016-01-15 13:10 - 2015-11-24 16:51 - 00000000 ____D C:\Users\Alice\AppData\Local\Google
2016-01-13 12:29 - 2015-11-24 16:51 - 00000000 ____D C:\Users\Alice\AppData\Roaming\Adobe
2016-01-12 04:41 - 2015-11-15 22:26 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-12 04:41 - 2015-11-15 22:26 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-12 04:40 - 2015-11-26 20:26 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-12 04:40 - 2015-11-15 22:26 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-12 04:40 - 2015-11-15 22:26 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-04 21:59 - 2015-11-15 22:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-04 17:01 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-04 14:39 - 2015-11-15 09:56 - 00000987 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-04 14:31 - 2015-12-02 02:01 - 00000000 ____D C:\Windows\Minidump
2016-01-04 14:31 - 2015-11-16 12:13 - 00000000 ____D C:\Windows\Panther
2016-01-04 14:13 - 2015-11-16 12:06 - 00000000 ___RD C:\Users\Adam\Creative Cloud Files
2016-01-04 14:13 - 2015-11-16 12:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-04 13:59 - 2015-11-15 10:07 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-31 19:48 - 2015-12-02 19:36 - 00000000 ____D C:\Users\Adam\Documents\Nexus Mod Manager
2015-12-30 23:48 - 2015-11-18 22:06 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
==================== Files in the root of some directories =======
 
2016-01-19 13:10 - 2016-01-19 13:31 - 0000132 _____ () C:\Users\Adam\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-23 20:34 - 2016-01-25 00:37 - 0000441 _____ () C:\Users\Adam\AppData\Roaming\CSharpAnalytics-MeasurementSession
2015-11-15 10:13 - 2015-11-15 10:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Adam\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 16:34
 
==================== End of FRST.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 26 January 2016 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [{66FBF518-7101-4D56-B3FC-4AC4FFAFA8E2}] => regsvr32.exe "C:\Users\Adam\AppData\Roaming\Wibiwx\Qudulw.dll"
Toolbar: HKU\S-1-5-21-2405505126-2376937642-970218039-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-16]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
AlternateDataStreams: C:\Users\Adam\AppData\Local\Temporary Internet Files:e0ZOfYCCF5k6IFfJ0EmVYE
AlternateDataStreams: C:\ProgramData\Microsoft:532d06AgOwyos8rJ4CXkCZyp5
AlternateDataStreams: C:\ProgramData\Microsoft:sN0jMN0lUcJ2mwatMxB0Lunh4k
C:\Users\Adam\AppData\Roaming\Wibiwx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Please post the fixlog.txt and let me know if the problem persists.

#4 biblops

biblops
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 26 January 2016 - 06:46 PM

Hi! Thanks for your help. The problem has not yet stopped, still getting the Avast popups in Google. Here is the fixlog!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Adam (2016-01-26 23:42:07) Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam & Alice)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\...\Run: [{66FBF518-7101-4D56-B3FC-4AC4FFAFA8E2}] => regsvr32.exe "C:\Users\Adam\AppData\Roaming\Wibiwx\Qudulw.dll"
Toolbar: HKU\S-1-5-21-2405505126-2376937642-970218039-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-16]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
AlternateDataStreams: C:\Users\Adam\AppData\Local\Temporary Internet Files:e0ZOfYCCF5k6IFfJ0EmVYE
AlternateDataStreams: C:\ProgramData\Microsoft:532d06AgOwyos8rJ4CXkCZyp5
AlternateDataStreams: C:\ProgramData\Microsoft:sN0jMN0lUcJ2mwatMxB0Lunh4k
C:\Users\Adam\AppData\Roaming\Wibiwx
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{66FBF518-7101-4D56-B3FC-4AC4FFAFA8E2} => value removed successfully
HKU\S-1-5-21-2405505126-2376937642-970218039-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
MSICDSetup => service removed successfully
NTIOLib_1_0_C => service removed successfully
"C:\Users\Adam\AppData\Local\Temporary Internet Files" => ":e0ZOfYCCF5k6IFfJ0EmVYE" ADS not found.
C:\ProgramData\Microsoft => ":532d06AgOwyos8rJ4CXkCZyp5" ADS removed successfully.
C:\ProgramData\Microsoft => ":sN0jMN0lUcJ2mwatMxB0Lunh4k" ADS removed successfully.
C:\Users\Adam\AppData\Roaming\Wibiwx => moved successfully
EmptyTemp: => 623.5 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-26 23:43:50)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 23:43:50 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 27 January 2016 - 09:04 AM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

Keep me posted.

#6 biblops

biblops
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 27 January 2016 - 02:32 PM

That appears to have done the trick! Thanks so much for your help!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 27 January 2016 - 03:40 PM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 02 February 2016 - 10:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users