Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My AVAST antivirus was deleted


  • This topic is locked This topic is locked
2 replies to this topic

#1 photosphere

photosphere

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 10 March 2017 - 09:05 AM

My computer displayed a message apparently from AVAST saying there was a security threat and I should restart my computer.  I did that and AVAST disappeared!  I found an article by Xylitol describing the Trojan.FakeAV.LVT which might do this. I have run several scans as directed by Broni and posted here are the scan results from the Farbar Recovery Scan Tool.  Any help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Helen (administrator) on AW (10-03-2017 06:29:23)
Running from H:\Security 2
Loaded Profiles: Helen (Available Profiles: Helen & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [73448 2017-02-08] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1993960 2017-02-08] (Prosoftnet)
HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-03-04] (SUPERAntiSpyware)
HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\MountPoints2: {a19dc598-bda4-11e3-8551-10604b003548} - "G:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-02-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-02-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-02-08] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-20] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-03-21]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{4748025e-f93e-4f74-9ff7-bee4da1dd025}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{88f56629-e6f3-4879-8f79-9c9e1b260ca5}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-1217236262-906584131-3090505581-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-18] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-18] (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-18] (Google Inc.)
DPF: HKLM-x32 {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file:///E:/html/nafcom.cab
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\duddkvtx.default [2017-03-10]
FF Homepage: Mozilla\Firefox\Profiles\duddkvtx.default -> hxxp://arabianswest.com/
FF Extension: (Test Pilot) - C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\duddkvtx.default\Extensions\testpilot@labs.mozilla.com.xpi [2016-09-05]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\duddkvtx.default\features\{1aaa2c38-a7ca-4a48-aa75-3282a96b0d10}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-12-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-18]
CHR Extension: (Avast Online Security) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-03-04] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-20] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-28] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [173800 2017-02-08] (Prosoftnet)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-09] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-03-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-03-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-09] (AVAST Software)
R3 hswpan; C:\WINDOWS\System32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)
S3 iscFlash; C:\swsetup\sp66897\iscflashx64.sys [69216 2014-07-05] (Insyde Software)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-09] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 06:28 - 2017-03-10 06:29 - 00000000 ____D C:\FRST
2017-03-09 11:30 - 2017-03-09 11:30 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-09 11:19 - 2017-03-09 11:19 - 00000000 ____D C:\Users\Helen\AppData\Local\CEF
2017-03-09 11:09 - 2017-03-09 11:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-09 11:09 - 2017-03-09 11:09 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-09 11:09 - 2017-03-09 11:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-09 10:52 - 2017-03-09 10:52 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\ClassicShell
2017-03-09 10:52 - 2017-03-09 10:52 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\ClassicShell
2017-03-09 10:47 - 2017-03-09 10:47 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\Hewlett-Packard
2017-03-09 10:45 - 2017-03-09 10:45 - 00002399 _____ C:\Users\Administrator.AW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-09 10:45 - 2017-03-09 10:45 - 00000000 ___RD C:\Users\Administrator.AW\OneDrive
2017-03-09 10:45 - 2017-03-09 10:45 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\Synaptics
2017-03-09 10:45 - 2017-03-09 10:45 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\Hewlett-Packard Company
2017-03-09 10:45 - 2017-03-09 10:45 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\ActiveSync
2017-03-09 10:44 - 2017-03-09 10:44 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\Publishers
2017-03-09 10:43 - 2017-03-09 11:05 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\Packages
2017-03-09 10:43 - 2017-03-09 10:45 - 00000000 ____D C:\Users\Administrator.AW
2017-03-09 10:43 - 2017-03-09 10:43 - 00002332 _____ C:\Users\Administrator.AW\Desktop\Google Chrome.lnk
2017-03-09 10:43 - 2017-03-09 10:43 - 00000020 ___SH C:\Users\Administrator.AW\ntuser.ini
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 _SHDL C:\Users\Administrator.AW\My Documents
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 _SHDL C:\Users\Administrator.AW\Documents\My Videos
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 _SHDL C:\Users\Administrator.AW\Documents\My Pictures
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 _SHDL C:\Users\Administrator.AW\Documents\My Music
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\Adobe
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\TileDataLayer
2017-03-09 10:43 - 2017-03-09 10:43 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\Google
2017-03-09 10:43 - 2015-12-10 10:16 - 00000000 ____D C:\Users\Administrator.AW\AppData\Roaming\Media Center Programs
2017-03-09 10:43 - 2015-12-10 10:16 - 00000000 ____D C:\Users\Administrator.AW\AppData\Local\Microsoft Help
2017-03-09 10:09 - 2017-03-09 09:33 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-09 09:42 - 2017-03-09 10:12 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-03-09 09:42 - 2017-03-09 10:12 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-03-09 09:42 - 2017-03-09 10:12 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-09 09:23 - 2017-03-09 09:23 - 06656568 _____ (AVAST Software) C:\Users\Helen\Desktop\avast_free_antivirus_setup_online_a1c.exe
2017-03-08 13:58 - 2017-03-08 13:58 - 00000000 ____D C:\ProgramData\Samsung
2017-03-08 13:58 - 2017-03-08 13:58 - 00000000 ____D C:\Program Files\SAMSUNG
2017-03-08 13:58 - 2013-05-28 17:24 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-03-08 13:58 - 2013-05-28 17:24 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-03-08 09:16 - 2017-03-08 09:19 - 00000000 ____D C:\Users\Helen\AppData\Roaming\VERIZON
2017-03-08 09:16 - 2017-03-08 09:16 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2017-03-08 09:04 - 2017-03-08 09:04 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2017-03-08 09:03 - 2017-03-08 09:09 - 00000000 ____D C:\Users\TEMP
2017-03-08 07:42 - 2017-03-08 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-08 07:42 - 2017-03-08 07:42 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-08 07:14 - 2017-03-09 11:22 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 07:14 - 2017-03-08 07:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 07:14 - 2017-03-08 07:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 07:14 - 2017-03-08 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 07:14 - 2017-03-08 07:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 07:14 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 07:08 - 2017-03-08 09:22 - 00000000 ____D C:\Users\Helen\Desktop\Security to post
2017-03-08 06:22 - 2017-03-08 06:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-03-04 06:32 - 2017-03-04 06:32 - 00002844 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-04 06:32 - 2017-03-04 06:32 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-04 06:32 - 2017-03-04 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-04 06:32 - 2017-03-04 06:32 - 00000000 ____D C:\Program Files\CCleaner
2017-03-04 00:38 - 2017-03-09 08:38 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f5f1cd84-93c1-46f0-a322-f7921e4f588b.job
2017-03-04 00:38 - 2017-03-07 02:00 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ade2e4f6-6567-40fb-8144-b927cde8bed9.job
2017-03-04 00:38 - 2017-03-04 00:38 - 00003730 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ade2e4f6-6567-40fb-8144-b927cde8bed9
2017-03-04 00:38 - 2017-03-04 00:38 - 00003648 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task f5f1cd84-93c1-46f0-a322-f7921e4f588b
2017-03-04 00:38 - 2017-03-04 00:38 - 00000000 ____D C:\Users\Helen\AppData\Roaming\SUPERAntiSpyware.com
2017-03-04 00:37 - 2017-03-04 00:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-03-04 00:37 - 2017-03-04 00:37 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-03-04 00:37 - 2017-03-04 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-03-03 23:49 - 2017-03-03 23:52 - 00000000 ____D C:\Users\Helen\AppData\Local\fd677537
2017-02-10 09:36 - 2017-02-10 09:36 - 00000000 ____D C:\IDriveLocal
2017-02-10 09:35 - 2017-03-09 10:10 - 00000000 ____D C:\ProgramData\IDrive
2017-02-10 09:35 - 2017-02-10 09:36 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2017-02-10 09:35 - 2017-02-10 09:35 - 00001205 _____ C:\Users\Public\Desktop\IDrive.lnk
2017-02-10 09:35 - 2017-02-10 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2017-02-10 09:35 - 2017-02-08 14:53 - 00533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2017-02-10 09:35 - 2017-02-08 14:53 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 06:29 - 2012-02-13 22:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-10 06:26 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-10 06:24 - 2015-12-10 10:41 - 00000000 ____D C:\Users\Helen\AppData\Local\ClassicShell
2017-03-10 06:23 - 2015-12-10 10:08 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-10 06:23 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-10 06:21 - 2016-11-18 16:06 - 00000000 ____D C:\Users\Helen\AppData\LocalLow\Mozilla
2017-03-10 06:19 - 2015-12-10 10:31 - 00000000 __SHD C:\Users\Helen\IntelGraphicsProfiles
2017-03-09 11:42 - 2015-06-13 09:25 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-03-09 11:21 - 2015-12-10 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 11:21 - 2015-10-29 23:28 - 02359296 ___SH C:\WINDOWS\system32\config\BBI
2017-03-09 11:19 - 2014-03-22 04:54 - 00000000 ____D C:\Users\Helen\AppData\Local\Adobe
2017-03-09 11:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 11:08 - 2012-02-13 22:49 - 00000000 ____D C:\ProgramData\Adobe
2017-03-09 10:43 - 2015-12-10 10:31 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-09 10:43 - 2007-01-01 18:32 - 00000000 ____D C:\Users\Administrator
2017-03-09 09:33 - 2014-05-03 08:23 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-09 09:33 - 2014-03-21 05:41 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-09 09:33 - 2014-03-21 05:35 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-09 09:33 - 2014-03-21 05:35 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-09 09:33 - 2014-03-21 05:25 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-03-09 09:33 - 2014-03-21 05:24 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-09 09:33 - 2014-03-21 05:24 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-09 09:31 - 2014-03-21 05:24 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-09 09:31 - 2014-03-21 05:24 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-09 09:30 - 2017-02-07 04:41 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-09 09:30 - 2017-02-07 04:41 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-09 09:30 - 2017-02-07 04:41 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-09 09:30 - 2017-02-07 04:41 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-03-09 09:20 - 2014-03-31 14:41 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHelen
2017-03-09 09:20 - 2014-03-31 14:41 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHelen.job
2017-03-09 08:40 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 08:09 - 2014-03-20 22:27 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{54219BC3-9DB3-4F80-BD17-FEC8E3ECD785}
2017-03-08 13:52 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2017-03-08 08:51 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-08 07:22 - 2015-12-20 10:26 - 00000000 ____D C:\Users\Helen\AppData\Local\PC_Drivers_Headquarters
2017-03-08 07:21 - 2015-12-20 10:26 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2017-03-08 06:21 - 2014-03-22 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-08 06:21 - 2014-03-22 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-06 00:41 - 2015-12-10 10:57 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-06 00:19 - 2016-11-21 04:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-05 23:35 - 2015-10-30 02:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-03-05 23:33 - 2014-03-22 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-05 23:28 - 2014-03-21 06:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-05 23:17 - 2014-03-21 06:10 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-04 12:22 - 2014-03-22 06:02 - 00000000 ____D C:\Users\Helen\Documents\Outlook Files
2017-03-04 06:55 - 2012-02-13 22:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-03-04 06:55 - 2012-02-13 22:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2017-03-04 06:52 - 2015-12-10 10:31 - 00000000 ____D C:\Users\Helen\AppData\Local\Packages
2017-03-04 06:50 - 2015-12-10 10:36 - 00000000 ___RD C:\Users\Helen\OneDrive
2017-03-04 06:38 - 2014-05-11 08:14 - 00000000 ____D C:\Users\Helen\AppData\Roaming\TeamViewer
2017-03-04 06:37 - 2014-03-22 05:45 - 00000000 ____D C:\Users\Helen\AppData\Local\CrashDumps
2017-03-03 23:36 - 2014-03-21 05:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 23:28 - 2014-03-21 05:45 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-03 23:28 - 2014-03-21 05:45 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-03 23:22 - 2014-03-21 05:45 - 00000000 ____D C:\Users\Helen\AppData\Local\Google
2017-03-03 23:18 - 2016-11-18 14:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-03 23:18 - 2014-05-03 08:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-22 12:42 - 2014-03-22 08:23 - 00000000 ____D C:\Users\Helen\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-03-22 06:35 - 2014-03-22 06:35 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-03-09 23:32 - 2017-03-09 23:32 - 0000000 _____ () C:\Users\Helen\AppData\Local\Temp\eil4lmir.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-02 20:48

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 10 March 2017 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1217236262-906584131-3090505581-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (Avast Online Security) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1217236262-906584131-3090505581-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Helen\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1217236262-906584131-3090505581-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Helen\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1217236262-906584131-3090505581-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Helen\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
Task: {085DC5C0-6CA9-42CA-B1D1-9EC64D6E814E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {160621EA-CBFE-4279-AF34-592393865E9E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {19FAAAC7-9B54-47D9-8E12-5D5873F4C1AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {40CE49A1-B19A-49BE-BFA5-8BC468E13B3D} - \Driver Detective-RTMUpdater -> No File <==== ATTENTION
Task: {46E561AA-8371-42B8-A891-5B785CDBF76D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4D7C02E5-9953-43AB-944E-B7184C784777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {73B75858-C1FE-4CED-8E5A-23293E07D0F2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {77AE3D0A-13F0-4AEE-8B10-C0A77316A204} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B590248-3859-4333-98B5-FB91F340192A} - \Driver Detective-RTMScan -> No File <==== ATTENTION
Task: {A12E6D9C-DD7B-4782-B779-C849B8653003} - \Driver Detective-RTMRules -> No File <==== ATTENTION
Task: {BC825A03-EE34-4337-B232-E2B1269A1E1E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE1217A7-B053-48EC-90EA-AD660C740E9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8FD9FA5-E786-41F4-BCA0-ED91EABC590F} - \Driver Detective -> No File <==== ATTENTION
Task: {EC28BDAC-E08E-4754-96DB-B0A8FE9D01FB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F7096DE3-61B1-4A77-A3EB-B56057012EB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1217236262-906584131-3090505581-1000\...\driversupport.com -> hxxps://apps.driversupport.com

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

---

ADOBE SHOCKWARE

Navigate to this page and follow the instructions and get the latest version.
https://www.adobe.com/shockwave/welcome/
=====

Remove this old version of the program in bold via the Control Panel > Programs > Programs and Features.
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)

Edited by nasdaq, 10 March 2017 - 10:27 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 16 March 2017 - 07:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users