Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SppExtComObjHook.dll, AVG cannot remove it


  • This topic is locked This topic is locked
2 replies to this topic

#1 Globe988

Globe988

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 July 2016 - 03:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by Fico (administrator) on FILIP (14-07-2016 10:37:47)
Running from C:\Users\Fico\Desktop
Loaded Profiles: Fico (Available Profiles: Fico)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Valve Corporation) F:\Games\Steam\Steam.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541464 2014-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3616320722-2679046359-1046369880-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
HKU\S-1-5-21-3616320722-2679046359-1046369880-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_Plugin.exe [1203392 2016-06-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3616320722-2679046359-1046369880-1001\...\MountPoints2: {222b06e5-9388-11e5-8261-382c4abb24e8} - "D:\setup.exe"
HKU\S-1-5-21-3616320722-2679046359-1046369880-1001\...\MountPoints2: {9a26819f-6b9d-11e5-8255-382c4abb24e8} - "D:\setup.exe"
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3616320722-2679046359-1046369880-1001] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{35B2367D-7134-4E53-A4D2-96642AE6FD43}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-14] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-14] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fico\AppData\Roaming\Mozilla\Firefox\Profiles\qbb3jjku.default-1458511098875
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Fico\AppData\Roaming\Mozilla\Firefox\Profiles\qbb3jjku.default-1458511098875\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
S3 Origin Client Service; F:\Games\Origin\OriginClientService.exe [2122248 2016-06-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-04-21] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-11-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-14 10:37 - 2016-07-14 10:37 - 02390528 _____ (Farbar) C:\Users\Fico\Desktop\FRST64.exe
2016-07-14 10:37 - 2016-07-14 10:37 - 00011402 _____ C:\Users\Fico\Desktop\FRST.txt
2016-07-14 10:37 - 2016-07-14 10:37 - 00000000 ____D C:\FRST
2016-07-14 00:33 - 2016-07-14 00:37 - 00000000 ____D C:\Program Files (x86)\Advanced Fix
2016-07-13 11:22 - 2016-06-15 14:25 - 01819136 _____ (3DMGAME) C:\Users\Fico\Desktop\The Witcher 3 Wild Hunt v1.02-v1.22 Plus 22 Trainer.exe
2016-07-13 11:04 - 2016-07-13 11:04 - 00001467 _____ C:\Users\Fico\Desktop\The Witcher 3.lnk
2016-07-13 10:56 - 2016-07-13 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 Wild Hunt Blood and Wine
2016-07-09 08:44 - 2016-07-09 08:44 - 00000771 _____ C:\Users\Public\Desktop\Torchlight 2.lnk
2016-07-09 08:44 - 2016-07-09 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight 2 [GOG.com]
2016-06-24 15:58 - 2016-06-24 15:58 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2016-06-21 09:20 - 2016-06-21 09:20 - 00000000 ____D C:\Users\Fico\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-14 10:25 - 2015-10-06 05:53 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3616320722-2679046359-1046369880-1001
2016-07-14 10:01 - 2016-03-08 01:14 - 00000000 ____D C:\Users\Fico\Documents\My Games
2016-07-14 09:59 - 2016-06-12 17:26 - 00000000 ____D C:\ProgramData\Skype
2016-07-14 09:58 - 2016-03-19 17:56 - 00000000 ____D C:\Users\Fico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-14 09:58 - 2016-03-19 17:55 - 00000000 ____D C:\Users\Fico\AppData\Local\Discord
2016-07-14 09:58 - 2015-10-05 21:33 - 00000000 ____D C:\Users\Fico\AppData\Roaming\uTorrent
2016-07-14 09:57 - 2015-10-06 06:42 - 00000000 ____D C:\Windows\Panther
2016-07-14 09:57 - 2015-10-05 22:17 - 00000000 ____D C:\Users\Fico\AppData\Roaming\DAEMON Tools Lite
2016-07-14 09:57 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-14 09:55 - 2016-05-29 10:22 - 00000000 ____D C:\Users\Fico\AppData\Local\Google
2016-07-14 09:55 - 2016-05-29 10:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-14 09:52 - 2015-10-06 05:56 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61B243DA-D366-472E-8AFC-2E594ECFCCDF}
2016-07-14 09:52 - 2015-10-05 21:46 - 00000000 ____D C:\ProgramData\MFAData
2016-07-14 00:53 - 2014-11-21 09:38 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-14 00:48 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-14 00:48 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-14 00:36 - 2016-06-09 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-14 00:36 - 2015-12-11 21:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-13 21:13 - 2016-01-05 03:59 - 00000000 ____D C:\Users\Fico\Documents\The Witcher 3
2016-07-13 10:27 - 2015-10-05 22:43 - 00000000 ____D C:\Users\Fico\AppData\Roaming\vlc
2016-07-08 21:01 - 2015-10-06 00:32 - 00000000 ____D C:\ProgramData\Origin
2016-07-08 20:58 - 2016-03-14 11:51 - 00000000 ____D C:\Users\Fico\Graphisoft
2016-07-08 12:35 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-05 23:31 - 2015-12-04 17:50 - 00000000 ____D C:\Users\Fico\AppData\LocalLow\Fireproof Games
2016-07-04 17:44 - 2015-12-22 18:11 - 00000000 ____D C:\Users\Fico\AppData\Local\ElevatedDiagnostics
2016-07-02 16:43 - 2016-03-28 17:12 - 00000000 ____D C:\Users\Fico\AppData\Local\UnrealEngine
2016-07-02 16:43 - 2015-10-06 00:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-28 13:07 - 2015-11-17 12:43 - 00000000 ____D C:\Users\Fico\Desktop\Potrebno
2016-06-27 16:15 - 2015-10-18 15:50 - 00000000 ____D C:\Games
2016-06-24 16:37 - 2016-04-28 01:35 - 00000990 _____ C:\Users\Public\Desktop\STAR WARS Battlefront.lnk
2016-06-20 17:40 - 2015-10-06 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-16 12:40 - 2016-06-12 17:26 - 00000000 ____D C:\Users\Fico\AppData\Roaming\Skype
2016-06-15 18:43 - 2015-10-05 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2015-10-06 06:11 - 2015-10-06 06:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 12:14

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 AM

Posted 14 July 2016 - 10:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
Task: {C5432001-6CEC-40F2-9A1D-EADAB8E52723} - System32\Tasks\1215aviUpdateInfo => C:\ProgramData\Avg_Update_1215avi\1215avi_AVG-Secure-Search-Update.exe
Task: {DC64BA16-1793-4E53-9D2F-AC003C99E1C4} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2015-10-06] ()
Task: C:\Windows\Tasks\1215aviUpdateInfo.job => C:\ProgramData\Avg_Update_1215avi\1215avi_AVG-Secure-Search-Update.exe
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please post the logs and let me know if the problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 AM

Posted 20 July 2016 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users