Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit VBS:Malware-gen -- avast says I have


  • This topic is locked This topic is locked
2 replies to this topic

#1 beachbirdie

beachbirdie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:06:13 PM

Posted 22 February 2017 - 06:56 PM

Hello,

 

I just got a popup from Avast telling me I had a rootkit, VBS:Malware-gen.  I have no idea where it could have come from, and do not know if it has actually done anything to me.

 

I let avast run a boot-time scan, and no new popups have appeared about it, but I don't know how to tell if I still have malware in my system and I'm afraid to pay bills and other personal things without knowing I'm secure.  Here is my FRST log, and I am attaching the ADDITION log as requested in instructions. 

 

This is an ASUS laptop running Windows 7 Home Premium, 64-bit.

 

Thank you for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01
Ran by lmbeattie (administrator) on LMBEATTIE-PC (22-02-2017 12:07:12)
Running from C:\Users\lmbeattie\Desktop
Loaded Profiles: lmbeattie (Available Profiles: lmbeattie & Les.B games & Farmville)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\lmbeattie\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Akamai Technologies, Inc.) C:\Users\lmbeattie\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe.148779261291601
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-11-26] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\Run: [Akamai NetSession Interface] => C:\Users\lmbeattie\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {467c8f10-e1af-11e1-ae22-ac72891e8f88} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {5fd8f38a-fc51-11e2-8c3e-ac72891e8f88} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {632ee415-9e4b-11e3-8885-14dae9d003f3} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {b95bb0c5-2094-11e4-91f0-ac72891e8f88} - F:\DT4000_Launcher.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {ffa6fd95-14a7-11e2-94e3-ac72891e8f88} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-07-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (No File)
Startup: C:\Users\Les.B games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-09-02]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\lmbeattie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-02-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C294C80-1B3A-452B-B4C0-A0BA118EF561}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1B97464E-CE55-4939-9128-63C1FAE421C6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-21] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2012-11-26] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 [2017-02-22]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 -> Google
FF Homepage: Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 -> is enabled.
FF Extension: (Adblock Plus) - C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2012-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1111453194-4016939751-1576079428-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\LMBEAT~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate09052013
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Profile: C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Docs) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Google Drive) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avast Online Security) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-27]
CHR Extension: (Xfinity) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-09-09]
CHR Extension: (Skype) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Gmail) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-21] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-14] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-11-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-21] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-21] (AVAST Software)
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 12:07 - 2017-02-22 12:07 - 00030569 _____ C:\Users\lmbeattie\Desktop\FRST.txt
2017-02-22 12:06 - 2017-02-22 12:07 - 00000000 ____D C:\FRST
2017-02-22 12:06 - 2017-02-22 12:06 - 00000000 ____D C:\Users\lmbeattie\Desktop\FRST-OlderVersion
2017-02-22 11:37 - 2017-02-22 11:37 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-22 01:00 - 2017-02-22 12:06 - 02423296 _____ (Farbar) C:\Users\lmbeattie\Desktop\FRST64.exe
2017-02-21 23:07 - 2017-02-21 23:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-21 23:07 - 2017-02-21 23:04 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-21 23:07 - 2017-02-21 23:04 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-21 23:07 - 2017-02-21 23:04 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-21 23:06 - 2017-02-21 23:06 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-21 23:06 - 2017-02-21 23:04 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-05 19:47 - 2017-02-05 19:48 - 00000000 ____D C:\Users\lmbeattie\Documents\temp schedule for delete
2017-02-05 19:35 - 2017-02-05 19:35 - 00002146 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-05 19:35 - 2017-02-05 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-04 20:59 - 2017-02-04 20:59 - 00020253 _____ C:\Users\lmbeattie\Documents\APA Template.dotx
2017-02-04 18:01 - 2017-02-04 18:01 - 00000000 ____D C:\Users\Les.B games\AppData\Local\CEF
2017-02-04 17:55 - 2017-02-04 17:55 - 00000000 ____D C:\Users\Les.B games\AppData\Roaming\Sun
2017-02-04 17:55 - 2017-02-04 17:55 - 00000000 ____D C:\Users\Les.B games\.oracle_jre_usage
2017-01-28 21:42 - 2017-01-28 21:44 - 00063078 _____ C:\Users\lmbeattie\Documents\Demographic table.pdf
2017-01-28 21:42 - 2017-01-28 21:42 - 00011236 _____ C:\Users\lmbeattie\Documents\Demographic table.xlsx
2017-01-28 20:40 - 2017-02-11 19:49 - 07881580 _____ C:\Users\lmbeattie\Documents\Media Project Presentation.pptx
2017-01-27 22:44 - 2017-01-27 22:44 - 03637645 _____ C:\Users\lmbeattie\Documents\KEFIR Water Kefir Info.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 11:51 - 2016-07-12 14:02 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468360927
2017-02-22 11:46 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 11:46 - 2009-07-13 20:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 11:36 - 2011-09-02 19:44 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2017-02-22 11:35 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 01:29 - 2012-11-27 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-22 00:03 - 2011-09-02 19:46 - 00001823 _____ C:\Windows\system32\ServiceFilter.ini
2017-02-21 23:07 - 2014-08-05 09:12 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148774724035604
2017-02-21 23:06 - 2014-08-05 09:12 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-21 23:06 - 2014-08-05 09:12 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-21 23:05 - 2016-07-11 11:59 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-21 23:05 - 2014-08-05 09:12 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-21 22:15 - 2015-12-30 21:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 22:15 - 2014-12-29 23:51 - 00000000 ____D C:\Users\lmbeattie\AppData\Local\Akamai
2017-02-21 17:23 - 2014-06-18 08:45 - 00000000 ____D C:\ProgramData\Promote Installer
2017-02-20 23:41 - 2013-03-09 21:30 - 00000000 ____D C:\Users\lmbeattie\Documents\Outlook Files
2017-02-20 23:13 - 2016-07-06 19:32 - 00000705 _____ C:\Windows\BRRBCOM.INI
2017-02-14 18:29 - 2012-11-27 17:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 18:29 - 2012-09-03 20:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 18:29 - 2012-09-03 20:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 18:29 - 2012-09-03 20:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 18:29 - 2011-04-01 20:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-08 02:17 - 2012-08-30 16:13 - 00000000 ____D C:\Users\lmbeattie\AppData\Roaming\Skype
2017-02-08 00:52 - 2012-08-05 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-06 18:00 - 2011-04-01 20:36 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 19:35 - 2011-04-01 20:36 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-05 13:27 - 2009-07-13 21:13 - 00801978 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 13:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-04 21:35 - 2014-10-28 00:11 - 00000000 ____D C:\Users\lmbeattie\Documents\Bill Confirm
2017-02-04 18:01 - 2012-07-02 15:43 - 00000000 ____D C:\Users\Les.B games\AppData\Local\Google
2017-02-04 17:55 - 2012-07-02 15:41 - 00000000 ____D C:\Users\Les.B games
2017-02-03 10:33 - 2012-08-30 16:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-03 10:33 - 2012-08-30 16:13 - 00000000 ____D C:\ProgramData\Skype
2017-01-26 22:58 - 2012-10-13 13:30 - 00000000 ____D C:\Users\lmbeattie\Documents\Marilyn School
2017-01-25 16:48 - 2015-01-29 18:48 - 00000000 ____D C:\Taxes 2014

==================== Files in the root of some directories =======

2013-05-18 16:04 - 2015-03-27 15:06 - 0893239 _____ () C:\Users\lmbeattie\AppData\Local\a.zip
2013-05-18 16:04 - 2015-03-27 15:06 - 2162416 _____ (Catalina Marketing Corp) C:\Users\lmbeattie\AppData\Local\BcsKtYcHW.dll
2014-12-05 00:56 - 2014-12-05 00:56 - 0004096 ____H () C:\Users\lmbeattie\AppData\Local\keyfile3.drm
2014-04-26 09:48 - 2015-11-01 12:29 - 0007601 _____ () C:\Users\lmbeattie\AppData\Local\Resmon.ResmonCfg
2012-08-05 21:08 - 2012-08-05 21:08 - 0017408 _____ () C:\Users\lmbeattie\AppData\Local\WebpageIcons.db
2014-10-08 17:56 - 2014-10-09 12:51 - 0010243 _____ () C:\ProgramData\hpzinstall.log
2013-02-16 16:06 - 2016-02-03 13:18 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-09-02 19:50 - 2011-09-02 19:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-09-02 19:49 - 2011-09-02 19:50 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
2015-08-09 10:52 - 2015-09-08 08:35 - 0298872 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dbfhide.exe
2015-08-09 10:52 - 2015-09-08 08:35 - 0861048 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dblgen11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0776568 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dblib11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 1250168 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dbtool11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0008704 _____ () C:\Users\Farmville\AppData\Local\Temp\FsdRegistration.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0149008 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\GDSBLMgr.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0394240 _____ (Intuit, Inc.) C:\Users\Farmville\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0572928 _____ (Microsoft Corporation) C:\Users\Farmville\AppData\Local\Temp\msvcp90.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0655872 _____ (Microsoft Corporation) C:\Users\Farmville\AppData\Local\Temp\msvcr90.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0029072 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\QBFirwal.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0629136 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\qbinstal.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0030608 _____ () C:\Users\Farmville\AppData\Local\Temp\QBNGEN.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0015224 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\SMUnInstaller.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0643072 _____ (STLport Consulting, Inc.) C:\Users\Farmville\AppData\Local\Temp\stlport_r50.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0479120 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\StopQBServer.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 0313744 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\UtilDBSetup.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0298872 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dbfhide.exe
2015-09-12 06:44 - 2015-09-15 18:50 - 0861048 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dblgen11.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0776568 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dblib11.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 1250168 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dbtool11.dll
2012-07-02 16:26 - 2012-08-02 19:59 - 0212992 _____ (Sony DADC Austria AG) C:\Users\Les.B games\AppData\Local\Temp\drm_dyndata_7330014.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0008704 _____ () C:\Users\Les.B games\AppData\Local\Temp\FsdRegistration.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0149008 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\GDSBLMgr.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0394240 _____ (Intuit, Inc.) C:\Users\Les.B games\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0572928 _____ (Microsoft Corporation) C:\Users\Les.B games\AppData\Local\Temp\msvcp90.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0655872 _____ (Microsoft Corporation) C:\Users\Les.B games\AppData\Local\Temp\msvcr90.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0029072 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\QBFirwal.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0629136 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\qbinstal.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0030608 _____ () C:\Users\Les.B games\AppData\Local\Temp\QBNGEN.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0015224 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\SMUnInstaller.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0643072 _____ (STLport Consulting, Inc.) C:\Users\Les.B games\AppData\Local\Temp\stlport_r50.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0479120 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\StopQBServer.dll
2015-09-12 06:44 - 2015-09-15 18:50 - 0313744 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\UtilDBSetup.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0298872 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dbfhide.exe
2015-05-05 17:42 - 2017-02-18 22:05 - 0861048 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dblgen11.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0776568 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dblib11.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 1250168 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dbtool11.dll
2015-02-01 20:35 - 2015-02-01 20:35 - 0043008 _____ () C:\Users\lmbeattie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsk237x.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0008704 _____ () C:\Users\lmbeattie\AppData\Local\Temp\FsdRegistration.dll
2015-05-05 17:42 - 2017-02-18 22:05 - 0149008 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\GDSBLMgr.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0394240 _____ (Intuit, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2015-07-14 12:57 - 2015-07-14 12:57 - 0563808 _____ (Oracle Corporation) C:\Users\lmbeattie\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-05-05 17:42 - 2017-02-18 22:05 - 0572928 _____ (Microsoft Corporation) C:\Users\lmbeattie\AppData\Local\Temp\msvcp90.dll
2015-05-05 17:42 - 2017-02-18 22:05 - 0655872 _____ (Microsoft Corporation) C:\Users\lmbeattie\AppData\Local\Temp\msvcr90.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0029072 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\QBFirwal.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0629136 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\qbinstal.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0030608 _____ () C:\Users\lmbeattie\AppData\Local\Temp\QBNGEN.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0015224 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\SMUnInstaller.dll
2015-05-05 17:42 - 2017-02-18 22:05 - 0643072 _____ (STLport Consulting, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\stlport_r50.dll
2015-05-05 17:42 - 2017-02-18 22:05 - 0479120 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\StopQBServer.dll
2015-05-05 17:42 - 2017-02-18 22:06 - 0313744 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\UtilDBSetup.dll
2006-05-24 09:10 - 2006-05-24 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is80AF.exe
2012-08-16 01:34 - 2012-08-16 01:34 - 0455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is90E.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isAB5.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isB4CE.exe
2016-01-17 15:09 - 2012-08-16 01:34 - 0455600 _____ (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 00:34

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 24 February 2017 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (No File)
BHO: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.
Please include the Addition.txt file to you next reply.
In not able to attach it post the content.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 02 March 2017 - 08:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users