TechSpot

Occasional redirects

By roger4444
Apr 2, 2016
  1. Hi thanks for any help, getting redirects sometimes, avira and mbam find nothing, logs below

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by rogerpc (administrator) on ROGER (02-04-2016 12:09:56)
    Running from C:\Users\rogerpc\Desktop
    Loaded Profiles: rogerpc & (Available Profiles: rogerpc)
    Platform: Windows 8.1 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\ProgramData\MobileBrServ\mbbService.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    () C:\Windows\SysWOW64\UMonit64.exe
    () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
    () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
    HKLM-x32\...\Run: [CheckNDISPortf0acf7] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe [464640 2013-10-12] ()
    HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe [446720 2013-10-12] ()
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: E - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-25] (Google Inc.)
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {221fe663-b66d-11e5-82bc-001e101fd047} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2a9f-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2b5a-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6f7c2c17-45ae-11e4-8297-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a645bf7-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a6469d2-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a646b3a-ade1-11e4-829d-582c80139263} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {97a7647e-92fc-11e3-8263-001e101f82e3} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfca8e-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfcbf1-90a2-11e3-825c-40f02f3e7359} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bdcfd082-90a2-11e3-825c-001e101f6c84} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e6c3b297-eb43-11e4-82a3-001e101fd9e1} - "E:\AutoRun.exe"
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fabfc2d0-917f-11e3-825e-40f02f3e7359} - "E:\AutoRun.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{2E2EC4D4-2719-4099-B059-94AD70F72BB4}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654}: [DhcpNameServer] 172.16.15.254
    Tcpip\..\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB}: [DhcpNameServer] 40.41.1.201 40.41.1.203

    Internet Explorer:
    ==================
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
    SearchScopes: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A9023C7-F04A-4D4F-9750-E2859B5A71FD} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
    Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
    Toolbar: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
    DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013
    FF Homepage: hxxps://www.google.co.uk/?gws_rd=ssl
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-26] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-09] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Extension: Tabs on Bottom (Australis) - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2016-02-07]
    FF Extension: Adblock Plus - C:\Users\rogerpc\AppData\Roaming\Mozilla\Firefox\Profiles\1jc0vun5.default-1454828238013\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
    CHR Extension: (Google Docs) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
    CHR Extension: (Google Drive) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
    CHR Extension: (YouTube) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
    CHR Extension: (Google Search) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
    CHR Extension: (Google Sheets) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
    CHR Extension: (Google Docs Offline) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
    CHR Extension: (Avast Online Security) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-08]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-08]
    CHR Extension: (Gmail) - C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
    R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
    S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-12-22] (Huawei Technologies Co., Ltd.)
    U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-02] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2010-01-28] () [File not signed]
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 wdf_usbserials; C:\Windows\system32\DRIVERS\usb2serials.sys [82944 2012-12-14] (MBB)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-02 12:09 - 2016-04-02 12:10 - 00023469 _____ C:\Users\rogerpc\Desktop\FRST.txt
    2016-04-02 12:09 - 2016-04-02 12:09 - 02374144 _____ (Farbar) C:\Users\rogerpc\Desktop\FRST64.exe
    2016-04-02 12:09 - 2016-04-02 12:09 - 00000000 ____D C:\FRST
    2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\AviraSpeedup
    2016-03-24 01:54 - 2016-03-24 01:54 - 00000000 ____D C:\Users\rogerpc\AppData\Local\Avira
    2016-03-24 01:23 - 2016-03-24 01:23 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\Avira
    2016-03-24 01:21 - 2016-02-22 17:44 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2016-03-24 01:21 - 2016-02-22 17:44 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2016-03-24 01:21 - 2016-02-22 17:44 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2016-03-24 01:21 - 2016-02-22 17:44 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2016-03-24 01:15 - 2016-03-24 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-03-24 01:15 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files (x86)\Avira
    2016-03-24 01:15 - 2016-03-24 01:15 - 00001193 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-02 12:02 - 2014-10-25 11:14 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-04-02 11:25 - 2014-02-08 10:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-339079225-1289120480-1685784122-1001
    2016-04-02 11:05 - 2016-02-07 08:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-02 11:04 - 2016-02-07 08:23 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-04-02 11:04 - 2016-02-07 08:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-04-02 08:14 - 2014-10-25 11:14 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-29 20:39 - 2014-10-25 10:48 - 00000000 ____D C:\Users\rogerpc\AppData\LocalLow\Adblock Plus for IE
    2016-03-28 21:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
    2016-03-27 08:11 - 2013-09-10 02:34 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-24 02:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-24 02:30 - 2013-08-22 15:44 - 00483336 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-24 02:30 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-03-24 01:21 - 2014-02-16 12:35 - 00000000 ____D C:\ProgramData\Avira
    2016-03-24 01:14 - 2013-12-24 03:16 - 00000000 ____D C:\ProgramData\Package Cache
    2016-03-24 00:56 - 2016-02-12 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-03-24 00:56 - 2014-02-16 13:41 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-24 00:56 - 2014-02-08 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-03-20 10:39 - 2014-02-08 13:31 - 00000000 ____D C:\Users\rogerpc\AppData\Roaming\WildTangent
    2016-03-20 10:39 - 2013-12-24 03:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
    2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-03-20 10:39 - 2013-12-24 03:26 - 00000000 ____D C:\ProgramData\WildTangent
    2016-03-18 08:27 - 2014-02-15 11:07 - 00001214 _____ C:\Users\rogerpc\Documents\bet.txt
    2016-03-17 05:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-03-15 00:03 - 2014-02-08 16:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-03-10 14:09 - 2016-02-07 08:23 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-10 14:08 - 2016-02-07 08:23 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-10 14:08 - 2016-02-07 08:23 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-08 22:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-03-08 22:07 - 2015-06-21 17:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    Some files in TEMP:
    ====================
    C:\Users\rogerpc\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-02 08:38

    ==================== End of FRST.txt ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    I still need Addition.txt log from FRST.
     
  3. roger4444

    roger4444 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by rogerpc (2016-04-02 12:10:25)
    Running from C:\Users\rogerpc\Desktop
    Windows 8.1 (X64) (2014-02-08 09:29:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-339079225-1289120480-1685784122-500 - Administrator - Disabled)
    Guest (S-1-5-21-339079225-1289120480-1685784122-501 - Limited - Disabled)
    rogerpc (S-1-5-21-339079225-1289120480-1685784122-1001 - Administrator - Enabled) => C:\Users\rogerpc

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3Connect (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
    3G Hostless Modem (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
    Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
    Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
    DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
    Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
    TOSHIBA Addendum (HKLM-x32\...\{CE0374A6-B204-4336-8293-63FBB1DADBF4}) (Version: 1.00 - TOSHIBA)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
    TOSHIBA Gesture Controller (HKLM-x32\...\{D2484156-5F50-46CA-994A-3EC35F891950}) (Version: 4.0.110.0 - Toshiba Corporation)
    TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
    Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    ZTE DC GeneralSale Driver 1.0.0.2 (HKLM-x32\...\{D440D7E5-8815-49D9-8403-7915EA1A6FEF}_is1) (Version: - ZTE)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {13CF83C0-E2FA-43A8-A636-0C0C28C3B104} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
    Task: {1DBDD7A3-8371-4E97-8B21-49952A7BB930} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
    Task: {1E9DD254-FB7E-4F25-A62B-882108973E0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {47068F63-572D-4345-82BD-41DA2F978E87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {4A038C54-0009-4794-9A49-EEA041FD5311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {789D0ECD-125C-41FC-A652-2D89E8B239DE} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
    Task: {79591E48-1D1F-4096-98A2-83783936C307} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
    Task: {7B0EE303-91DC-4A44-956A-7DFE2143140C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
    Task: {8F9E1E09-01DB-41D1-AF5F-71FCB8F8CD61} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {96745D0F-C6BE-4A2E-943C-BEC333FDDEBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {9C000915-EBDC-4611-A094-CC9BC0B713C0} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
    Task: {B48794C1-3541-458F-9A0E-ED06D24334CC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
    Task: {DCDB8A30-1ACC-4DA7-8B78-D55C0035CB5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-02-08 10:41 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    2014-03-12 00:37 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    2014-02-11 11:55 - 2012-06-28 07:19 - 00233344 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
    2015-10-29 01:01 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2013-12-24 03:11 - 2013-08-28 16:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
    2016-01-09 03:37 - 2013-10-12 12:14 - 00464640 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CheckNDISPort_df.exe
    2016-01-09 03:37 - 2013-10-12 12:14 - 00446720 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\CancelAutoPlay_df.exe
    2016-01-09 03:37 - 2013-10-15 20:57 - 00512256 _____ () C:\Program Files (x86)\3G Hostless Modem\3G Hostless Modem\ShowTip.exe
    2013-12-24 02:55 - 2013-09-03 15:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\driversupport.com -> hxxp://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001\...\driversupport.com -> hxxps://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
    HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{B3520534-3077-434D-B154-C801D2991ED1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{F133DB4C-353E-450D-AE7C-A90C04D40D52}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{B0909C75-2485-42AD-A065-45B45F5F4061}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{7B2FA539-41FD-4416-B2CA-6E9E97249755}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{2BF79293-134D-4487-8770-285849E61E21}] => (Allow) C:\Users\rogerpc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{83ADAE3D-64EA-4CA7-92DC-73D5D01DF75F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{9393B129-3BC1-43C2-835A-92BB08191F23}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{5AFBD892-E91D-4D0F-8608-3B0B3564367B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{FB572776-1CD3-44C5-B34E-81340AD46183}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E5DDF424-70AC-4404-A5A8-46A6AC403877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{7B7BE190-FDD5-4F38-BE4B-222A39173344}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{C71FCE27-554B-43F8-9F57-2317FE5AC547}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{EB9A02D1-B938-40E2-8AC1-8143C03CB690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{42C76DEA-E0D1-4856-82D9-6AC25582B122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    15-03-2016 11:59:56 Scheduled Checkpoint
    24-03-2016 01:16:48 Avira System Speedup 2.1.13
    24-03-2016 02:00:31 Avira System Speedup Optimization
    01-04-2016 08:54:31 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/02/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (04/01/2016 10:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/31/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/30/2016 01:02:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/29/2016 01:50:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/28/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/28/2016 02:59:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.56.9119, time stamp: 0x56a8ea7a
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e72bb
    Exception code: 0xe0434352
    Fault offset: 0x00015b68
    Faulting process ID: 0xa30
    Faulting application start time: 0xAvira.ServiceHost.exe0
    Faulting application path: Avira.ServiceHost.exe1
    Faulting module path: Avira.ServiceHost.exe2
    Report ID: Avira.ServiceHost.exe3
    Faulting package full name: Avira.ServiceHost.exe4
    Faulting package-relative application ID: Avira.ServiceHost.exe5

    Error: (03/28/2016 02:59:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Avira.ServiceHost.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.OutOfMemoryException
    Stack:
    at System.Threading.TimerQueue.ChangeAppDomainTimer(AppDomainTimerSafeHandle, UInt32)
    at System.Threading.TimerQueue.EnsureAppDomainTimerFiresBy(UInt32)
    at System.Threading.TimerQueue.FireNextTimers()
    at System.Threading.TimerQueue.AppDomainTimerCallback()

    Error: (03/27/2016 10:24:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/26/2016 11:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161


    System errors:
    =============
    Error: (04/02/2016 11:26:30 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (04/02/2016 11:26:00 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (04/02/2016 10:41:24 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (04/02/2016 10:40:50 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (04/02/2016 08:53:06 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (04/02/2016 08:52:34 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (04/02/2016 08:39:42 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (04/02/2016 08:39:12 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (04/01/2016 10:03:51 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (04/01/2016 10:03:21 AM) (Source: DCOM) (EventID: 10010) (User: roger)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8083.27 MB
    Available physical RAM: 5851.72 MB
    Total Virtual: 10099.27 MB
    Available Virtual: 6868.21 MB

    ==================== Drives ================================

    Drive c: (TI31202100A) (Fixed) (Total:920.65 GB) (Free:876.37 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. roger4444

    roger4444 TS Rookie Topic Starter

    Malwarebytes found nothing

    RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : rogerpc [Administrator]
    Started from : C:\Users\rogerpc\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 04/04/2016 15:34:03

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 8 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654} | DhcpNameServer : 172.16.15.254 ([X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB} | DhcpNameServer : 40.41.1.201 40.41.1.203 ([-][X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8324DF83-F34B-41F2-BA42-E032C960C654} | DhcpNameServer : 172.16.15.254 ([X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CAED3B9B-681E-4A00-85C0-914A85AC53FB} | DhcpNameServer : 40.41.1.201 40.41.1.203 ([-][X]) -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
    --- User ---
    [MBR] a84dd93b5b19931ceaddbccc47850486
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
    1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
    2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2566144 | Size: 942741 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1933299712 | Size: 9875 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ZTE MMC Storage USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )






    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.4 (03.14.2016)
    Operating System: Windows 8.1 x64
    Ran by rogerpc (Administrator) on 04/04/2016 at 16:34:49.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 7

    Successfully deleted: C:\Users\rogerpc\AppData\Local\drivertoolkit (Folder)
    Successfully deleted: C:\Windows\prefetch\DRIVERSHQ.DRIVERDETECTIVE.CLI-9C0EE8EC.pf (File)
    Successfully deleted: C:\Windows\prefetch\DRIVERTOOLKITINSTALLER.TMP-4E66D68C.pf (File)
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-D855646C.pf (File)
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-32661EF9.pf (File)
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File)
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf (File)



    Registry: 3

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A9023C7-F04A-4D4F-9750-E2859B5A71FD} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 04/04/2016 at 16:36:30.41
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    # AdwCleaner v5.108 - Logfile created 04/04/2016 at 16:31:56
    # Updated 30/03/2016 by Xplode
    # Database : 2016-04-03.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : rogerpc - ROGER
    # Running from : C:\Users\rogerpc\Desktop\adwcleaner_5.108.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\Users\rogerpc\AppData\Local\DriverToolkit

    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found : HKCU\Software\DriverToolkit
    Key Found : HKU\S-1-5-21-339079225-1289120480-1685784122-1001\Software\DriverToolkit
    Key Found : HKU\S-1-5-21-339079225-1289120480-1685784122-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DriverToolkit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zvsuhljiha-a.akamaihd.net

    ***** [ Web browsers ] *****

    [C:\Users\rogerpc\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com

    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [1463 bytes] - [04/04/2016 16:31:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1536 bytes] ##########
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need MBAM log.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Still with me?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...