Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Scanner detects Trojan:Win32/Sirefef.P


  • This topic is locked This topic is locked
5 replies to this topic

#1 Teriton

Teriton

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 April 2016 - 05:19 PM

A few days ago I tried going online with another computer and was directed to a Time Warner Cable page telling me they had detected behavior from one of the devices attached to my network that resembled a botnet. I've tried running antivirus scans on that particular computer and haven't seen anything.

 

On the computer I'm looking at now, which is also part of the network, I ran many times of antivirus scanners. Only MSRT (Malicious Software Removal Tool) and MSS (Microsoft Security Scanner) showed a virus, and both of them showed "Trojan:Win32/Sirefef.P". For both of them it was stated as "partially removed". Restarting and running the scanner again gave me the same message with the same virus.

 

I see no performance issues with the computer that would indicate a virus.

 

The FRST.txt log file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Max (administrator) on MAX-PC (21-04-2016 18:00:26)
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) F:\Apps\Sandbox\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\ScpService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Sandboxie Holdings, LLC) F:\Apps\Sandbox\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GOG.com) F:\Apps\GalaxyClient\GalaxyClient.exe
(GOG.com) F:\Apps\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Apps\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Apps\GalaxyClient\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Malwarebytes) F:\Apps\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-20] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrojanScanner] => F:\Apps\Trojan Remover\Trjscan.exe [3753016 2016-04-20] (Simply Super Software)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-21] (SUPERAntiSpyware)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-21] (Valve Corporation)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [SandboxieControl] => F:\Apps\Sandbox\SbieCtrl.exe [787592 2015-05-27] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\Run: [GalaxyClient] => F:\Apps\GalaxyClient\GalaxyClient.exe [3931192 2016-03-25] (GOG.com)
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\...\MountPoints2: {d65d41c1-7af4-11e4-9c69-382c4a7028fc} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{BEED6F57-96DC-470B-A9C4-CE50DD0C51E7}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://msn.com
hxxp://store.microsoft.com/home.aspx
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-3480605450-3759855278-1955436539-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3480605450-3759855278-1955436539-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3480605450-3759855278-1955436539-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3480605450-3759855278-1955436539-1000 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> F:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Greasemonkey - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-21]
FF Extension: LastPass - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\extensions\support@lastpass.com [2016-03-10]
FF Extension: NoScript - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Ghostery - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\Extensions\firefox@ghostery.com.xpi [2016-03-25]
FF Extension: uBlock Origin - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\Extensions\uBlock0@raymondhill.net.xpi [2016-04-06]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\flozw1sc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Sad Panda) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2014-12-04]
CHR Extension: (Adblock Plus) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (uBlock Origin) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-04-09]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (Avast Online Security) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (ScriptBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-08-29]
CHR Extension: (Ghostery) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-20] (AVAST Software)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
S3 GalaxyClientService; F:\Apps\GalaxyClient\GalaxyClientService.exe [227896 2016-03-25] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6133816 2016-04-12] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 SbieSvc; F:\Apps\Sandbox\SbieSvc.exe [176264 2015-05-27] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-20] (AVAST Software)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-21] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; F:\Apps\Sandbox\SbieDrv.sys [188552 2015-05-27] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 cpuz138; \??\C:\Users\Max\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 18:00 - 2016-04-21 18:00 - 00020268 _____ C:\Users\Max\Desktop\FRST.txt
2016-04-21 17:59 - 2016-04-21 18:00 - 00000000 ____D C:\FRST
2016-04-21 17:59 - 2016-04-21 17:59 - 02375680 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2016-04-20 18:14 - 2016-04-20 18:14 - 00000000 ____D C:\ProgramData\TEMP
2016-04-20 18:06 - 2016-04-20 18:06 - 00000000 ____D C:\Users\Max\Documents\Simply Super Software
2016-04-20 18:06 - 2016-04-20 18:06 - 00000000 ____D C:\Users\Max\AppData\Roaming\Simply Super Software
2016-04-20 18:06 - 2016-04-20 18:06 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-04-20 18:06 - 2016-04-20 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-04-20 17:55 - 2016-04-20 17:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-04-20 17:52 - 2016-04-20 17:55 - 00759916 _____ C:\TDSSKiller.3.1.0.9_20.04.2016_17.52.20_log.txt
2016-04-20 17:50 - 2016-04-20 17:51 - 00217366 _____ C:\TDSSKiller.3.1.0.9_20.04.2016_17.50.23_log.txt
2016-04-20 09:05 - 2016-04-20 09:05 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461157542
2016-04-20 09:05 - 2016-04-20 09:05 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-20 09:05 - 2016-04-20 09:05 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-20 01:22 - 2016-04-20 01:22 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-20 01:22 - 2016-04-20 01:22 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-20 01:22 - 2016-04-20 01:22 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-19 21:54 - 2016-04-19 21:55 - 00002248 _____ C:\TDSSKiller.3.1.0.9_19.04.2016_21.54.58_log.txt
2016-04-19 21:53 - 2016-04-19 21:54 - 00215368 _____ C:\TDSSKiller.3.1.0.9_19.04.2016_21.53.40_log.txt
2016-04-19 21:53 - 2016-04-19 21:53 - 00002248 _____ C:\TDSSKiller.3.1.0.9_19.04.2016_21.53.06_log.txt
2016-04-19 21:42 - 2016-04-19 21:42 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-04-19 21:39 - 2016-04-19 21:43 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-19 21:34 - 2016-04-19 21:34 - 00000000 ____D C:\Program Files\McAfee
2016-04-19 21:33 - 2016-04-19 21:39 - 00000000 ____D C:\Program Files\stinger
2016-04-12 17:58 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 17:58 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 17:58 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 17:58 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 17:58 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 17:58 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 17:58 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 17:58 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 17:58 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 17:58 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 17:58 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 17:58 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 17:58 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 17:58 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 17:58 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 17:58 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 17:58 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 17:58 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 17:58 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 17:58 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 17:58 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 17:58 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 17:58 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 17:58 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 17:58 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 17:58 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 17:58 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 17:58 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 17:58 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 17:58 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 17:58 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 17:58 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 17:58 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 17:58 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 17:58 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 17:58 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 17:58 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 17:58 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 17:58 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 17:58 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 17:58 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 17:58 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 17:58 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 17:58 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 17:58 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 17:58 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 17:58 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 17:58 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 17:58 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 17:58 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 17:58 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 17:58 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 17:58 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 17:58 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 17:58 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 17:58 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 17:58 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 17:58 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 17:58 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 17:58 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 17:58 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 17:58 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 17:58 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 17:58 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 17:58 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 17:58 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 17:58 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 17:58 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 17:58 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 17:58 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 17:58 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 17:58 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 17:58 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 17:58 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 17:58 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 17:58 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 17:58 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 17:58 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 17:58 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 17:58 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 17:58 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 17:58 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 17:58 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 17:58 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 17:58 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 17:58 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 17:58 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-11 18:40 - 2016-04-11 18:42 - 00000000 ____D C:\Users\Max\AppData\Roaming\DarkSoulsIII
2016-04-11 18:09 - 2016-04-13 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 17:53 - 2014-12-03 03:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\foobar2000
2016-04-21 17:50 - 2009-07-14 00:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-21 17:50 - 2009-07-14 00:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-21 17:46 - 2009-07-14 01:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-21 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-21 17:45 - 2014-12-03 19:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 17:43 - 2014-12-03 19:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-21 17:43 - 2014-12-03 10:03 - 00000000 ____D C:\Users\Max\AppData\LocalLow\LastPass
2016-04-21 17:43 - 2014-12-03 02:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 17:43 - 2014-12-03 02:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-21 17:42 - 2014-12-06 18:00 - 00000000 ____D C:\Program Files\Scarlet.Crush Productions
2016-04-21 17:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-21 01:35 - 2014-12-09 16:25 - 00000000 ____D C:\Program Files\PeerBlock
2016-04-21 01:35 - 2014-12-04 19:30 - 00000000 ____D C:\Users\Max\AppData\Roaming\qBittorrent
2016-04-21 01:32 - 2015-07-17 22:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-21 00:59 - 2015-01-30 01:53 - 00865792 ___SH C:\Users\Max\Desktop\Thumbs.db
2016-04-21 00:41 - 2014-12-03 02:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 17:27 - 2014-12-02 03:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-20 01:22 - 2014-12-02 03:12 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-20 01:22 - 2014-12-02 03:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-20 01:22 - 2014-12-02 03:12 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-19 16:29 - 2014-12-02 03:07 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-19 16:11 - 2014-12-09 14:34 - 00000000 ____D C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puzzle Agent 2
2016-04-15 23:54 - 2015-05-11 22:32 - 00002560 _____ C:\Windows\Sandboxie.ini
2016-04-13 19:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 17:38 - 2009-07-14 00:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 17:37 - 2014-12-09 23:52 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 17:37 - 2014-12-02 03:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 02:27 - 2014-12-02 03:07 - 00000000 ____D C:\Windows\system32\MRT
2016-04-08 19:48 - 2014-12-03 02:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 19:48 - 2014-12-03 02:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-07 19:32 - 2015-07-17 22:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 19:32 - 2015-07-17 22:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 19:32 - 2015-07-17 22:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 10:18 - 2014-12-02 03:07 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-24 18:06 - 2014-12-03 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 17:42 - 2014-12-02 02:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-24 01:42 - 2015-10-02 00:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 01:42 - 2015-10-02 00:52 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2014-12-02 02:52 - 2014-12-02 02:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-19 12:33

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 22 April 2016 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing malicious was found in your logs.
The issue may be a false positive.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-20]
S3 cpuz138; \??\C:\Users\Max\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

If the issue persistr run this scan from Eset.

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

Please let me know what problem persists with this computer.

#3 Teriton

Teriton
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 23 April 2016 - 05:58 PM

Hi,
 
I tried following the steps and I think it's been fixed. When I run the MSS again I no longer see the virus warning. Here are the logs as well.
 

Fixlist log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Max (2016-04-22 18:00:27) Run:1
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-20]
S3 cpuz138; \??\C:\Users\Max\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
cpuz138 => service removed successfully
GPUZ => service removed successfully
EmptyTemp: => 839.2 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-22 18:02:04)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 18:02:04 ====

 

Adcleaner:

 

# AdwCleaner v5.112 - Logfile created 22/04/2016 at 18:09:58
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Max - MAX-PC
# Running from : C:\Users\Max\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Clara
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [979 bytes] - [22/04/2016 18:09:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [1177 bytes] - [22/04/2016 18:07:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1124 bytes] ##########
 

ESET:
 
F:\Downloads\ccsetup505.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted
F:\Downloads\spsetup126.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted
F:\Downloads\spsetup127.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted
F:\More games\walking dead 2\The Walking Dead Season2\The Walking Dead 2\steam_api.dll    a variant of Win32/HackTool.Crack.DW potentially unsafe application    cleaned by deleting
F:\More games\The Elder Scrolls V Skyrim\binkw32.dll    a variant of MSIL/Injector.IHH trojan    deleted
F:\Old desktop\games\400\steam_api.dll    a variant of Win32/HackTool.Crack.DW potentially unsafe application    cleaned by deleting
F:\Old desktop\games\400\Update.rar    a variant of Win32/HackTool.Crack.DW potentially unsafe application    deleted



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 24 April 2016 - 07:20 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 Teriton

Teriton
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 24 April 2016 - 11:57 AM

Alright, thank you!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 25 April 2016 - 06:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users